Solved Need help on a Google redirect virus

Status
Not open for further replies.
Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 31
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````
 
Farbar Service Scanner Version: 24-04-2012
Ran by Random McGill Guy (administrator) on 27-04-2012 at 13:07:29
Running from "C:\Users\Random McGill Guy\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-14 23:10] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
unfortunately i am still getting redirected on ie and chrome, one chrome still has excess cpu usage and there is random ad sounds playing without any pops on desktop :(
 
C:\Users\Random McGill Guy\Downloads\20116301275592311 (1).rar a variant of Win32/FlyStudio application deleted - quarantined
C:\Users\Random McGill Guy\Downloads\20116301275592311 (2).rar a variant of Win32/FlyStudio application deleted - quarantined
C:\Users\Random McGill Guy\Downloads\20116301275592311.rar a variant of Win32/FlyStudio application deleted - quarantined
C:\Users\Random McGill Guy\Downloads\cnet_disk-defrag-setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Random McGill Guy\Downloads\mini-KMS_Activator_v1.2_Office2010_VL_ENG.rar a variant of Win32/HackKMS.A application deleted - quarantined
C:\Users\Random McGill Guy\Downloads\QvodSetup5.0.80.exe probably a variant of Win32/Adware.TencentAd application deleted - quarantined
C:\Users\Random McGill Guy\Downloads\SuperOneClickv1.9.5-ShortFuse.Drivers.rar multiple threats deleted - quarantined
C:\Users\Random McGill Guy\Downloads\SuperOneClickv2.3.3-ShortFuse.zip multiple threats deleted - quarantined

hi broni, jsut finished a eset 32 scan and deleted all the files as well
 
hi broni, sorry for the nuisance, i m prepared to reinstall if its neccessary, it seemed that he redirects stop when i disable javascript.
Here is the new log, thank you!

ComboFix 12-04-27.02 - Random McGill Guy 27/04/2012 17:13:18.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.3764.1804 [GMT -4:00]
执行位置: c:\users\Random McGill Guy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功创造新还原点
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\imgpbaa.tmp
c:\programdata\jmgpbaa.tmp
c:\programdata\ovqqbaa.tmp
c:\programdata\pvqqbaa.tmp
c:\programdata\uunqbaa.tmp
c:\programdata\wxzqbaa.tmp
c:\programdata\xxzqbaa.tmp
.
.
((((((((((((((((((((((((( 2012-03-27 至 2012-04-27 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-04-27 21:21 . 2012-04-27 21:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 19:53 . 2012-04-27 19:53 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72B7FF91-E5C1-4D2B-96CF-892861529D3A}\offreg.dll
2012-04-27 18:12 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72B7FF91-E5C1-4D2B-96CF-892861529D3A}\mpengine.dll
2012-04-27 17:21 . 2012-04-27 17:20 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B500EB32-269F-4B05-B023-D084A2849BD7}\gapaengine.dll
2012-04-27 17:16 . 2012-04-27 17:16 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-27 17:16 . 2012-04-27 17:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-27 16:47 . 2012-04-27 16:47 -------- d-----w- C:\_OTL
2012-04-27 14:06 . 2012-04-27 14:06 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-04-27 13:50 . 2012-04-27 14:06 27936 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-04-27 01:01 . 2012-04-27 01:01 -------- d-----w- c:\program files (x86)\ESET
2012-04-26 21:43 . 2012-04-26 21:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-26 21:43 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-26 20:49 . 2012-04-26 20:49 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\SUPERAntiSpyware.com
2012-04-26 20:49 . 2012-04-26 20:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-26 20:49 . 2012-04-26 20:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-26 06:20 . 2012-04-26 06:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-26 06:05 . 2012-04-26 21:53 -------- d-----w- C:\MGtools
2012-04-26 04:27 . 2012-04-26 04:27 -------- d-----w- c:\program files\HitmanPro
2012-04-26 04:27 . 2012-04-27 14:06 -------- d-----w- c:\programdata\HitmanPro
2012-04-25 18:32 . 2012-04-26 21:05 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-25 18:32 . 2012-04-26 21:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-25 15:05 . 2012-04-26 23:40 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\vlc
2012-04-24 23:19 . 2012-04-24 23:19 -------- d-----w- c:\users\Random McGill Guy\AppData\Local\WindowsApplication1
2012-04-24 17:00 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{281EF0DE-0994-4F1F-B8F9-B6D2A7EAA443}\mpengine.dll
2012-04-22 01:44 . 2012-04-22 01:45 -------- d-----w- c:\programdata\Battle.net
2012-04-20 15:07 . 2012-04-20 15:07 -------- d-----w- c:\programdata\IObit
2012-04-16 06:33 . 2012-04-16 06:33 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\Malwarebytes
2012-04-16 06:33 . 2012-04-16 06:33 -------- d-----w- c:\programdata\Malwarebytes
2012-04-16 05:44 . 2012-04-16 05:44 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\IObit
2012-04-16 05:44 . 2012-04-20 15:07 -------- d-----w- c:\program files (x86)\IObit
2012-04-16 05:35 . 2011-04-05 21:35 60504 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-16 05:35 . 2011-04-05 21:35 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-16 05:35 . 2011-04-05 21:35 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-16 05:35 . 2011-02-08 13:14 84568 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-16 05:31 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-04-15 12:24 . 2012-04-15 12:24 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-14 00:00 . 2012-04-26 20:16 -------- d-----w- c:\program files (x86)\Ludashi
2012-04-13 22:43 . 2012-04-13 23:59 -------- d-----w- c:\programdata\360safe
2012-04-13 22:40 . 2011-08-31 10:18 19800 ----a-w- c:\windows\system32\drivers\efimon.sys
2012-04-13 22:40 . 2012-04-13 22:40 -------- d-----w- c:\program files (x86)\360
2012-04-13 17:45 . 2012-04-13 17:45 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\Caiyun
2012-04-13 17:44 . 2012-04-13 21:18 -------- d-----w- c:\program files (x86)\彩云游戏浏览器
2012-04-12 20:13 . 2012-04-22 06:28 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\KuGou7
2012-04-12 20:13 . 2012-04-12 20:13 -------- d-----w- c:\program files (x86)\KuGou2012
2012-04-12 06:46 . 2012-04-13 17:45 -------- d-----w- C:\TGGAME
2012-04-12 04:18 . 2012-04-12 04:18 -------- d-----w- c:\users\Random McGill Guy\AppData\Local\Mozilla
2012-04-12 04:01 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-12 04:01 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-04-12 04:01 . 2012-02-28 01:58 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-04-12 04:01 . 2012-02-28 07:37 174392 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-12 04:01 . 2012-02-28 06:47 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-04-12 04:01 . 2012-02-28 06:56 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-12 04:01 . 2012-02-28 01:08 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2012-04-12 03:59 . 2012-03-06 06:43 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 03:59 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:59 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:55 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:55 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 03:55 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:55 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 03:55 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 03:55 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 03:55 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 01:06 . 2012-04-09 01:06 61440 ----a-r- c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2012-04-09 01:06 . 2012-04-09 01:06 61440 ----a-r- c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\ARPPRODUCTICON.exe
2012-04-09 01:06 . 2012-04-09 01:06 106496 ----a-r- c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2012-04-09 01:06 . 2012-04-09 01:06 106496 ----a-r- c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2012-04-09 01:06 . 2012-04-09 01:06 106496 ----a-r- c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2012-04-09 01:06 . 2012-04-09 01:06 -------- d-----w- c:\program files (x86)\Common Files\Tencent
2012-04-09 01:06 . 2012-04-09 01:06 -------- d-----w- c:\program files (x86)\Tencent
2012-04-09 01:06 . 2012-04-09 01:07 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\Tencent
2012-04-09 01:06 . 2012-04-09 01:06 18760 ----a-w- c:\windows\SysWow64\QQVistaHelper.dll
2012-04-08 00:21 . 2012-04-08 00:22 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\GRETECH
2012-04-08 00:21 . 2012-04-08 00:27 -------- d-----w- c:\program files (x86)\GRETECH
2012-04-07 13:32 . 2012-04-07 13:32 -------- d-----w- c:\program files (x86)\Common Files\duowan
2012-04-07 13:32 . 2012-04-07 13:32 -------- d-----w- c:\program files (x86)\duowan
2012-04-07 13:32 . 2012-04-07 13:32 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\duowan
2012-03-31 16:54 . 2012-03-31 16:54 -------- d-----w- c:\users\Random McGill Guy\AppData\Local\Unity
2012-03-29 05:04 . 2012-03-29 05:04 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\ATI
2012-03-29 05:04 . 2012-03-29 05:04 -------- d-----w- c:\users\Random McGill Guy\AppData\Local\ATI
2012-03-29 05:04 . 2012-03-29 05:04 -------- d-----w- c:\programdata\ATI
2012-03-29 05:00 . 2012-03-29 05:00 0 ----a-w- c:\windows\ativpsrm.bin
2012-03-29 04:58 . 2012-03-29 04:58 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-29 04:58 . 2012-03-29 04:58 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-29 04:58 . 2012-03-29 04:58 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-03-29 04:58 . 2012-03-29 04:58 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-03-29 04:54 . 2012-03-29 04:54 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-03-29 04:54 . 2012-03-29 04:58 -------- d-----w- c:\program files\ATI Technologies
2012-03-29 04:54 . 2012-03-29 04:54 -------- d-----w- c:\program files\ATI
2012-03-29 04:52 . 2012-02-15 08:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-29 03:06 . 2012-02-15 07:16 58880 ----a-w- c:\windows\system32\coinst.dll
2012-03-29 03:01 . 2012-03-29 03:01 -------- d-----w- c:\users\Random McGill Guy\AppData\Local\Leshcat & Co
2012-03-29 01:26 . 2012-03-29 01:42 -------- d-----w- c:\program files (x86)\ImageJ
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-27 16:59 . 2011-08-21 01:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-26 06:05 . 2012-04-26 06:05 33660 ----a-w- C:\MGlogs.zip
2012-04-15 12:24 . 2011-11-07 22:55 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-29 01:30 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-29 01:30 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-21 00:44 . 2012-03-21 00:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2012-03-21 00:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-23 14:18 . 2010-12-21 09:07 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 06:27 . 2012-03-14 08:44 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 08:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 08:44 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 08:44 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 02:05 . 2012-02-15 02:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-15 02:05 . 2012-02-15 02:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-15 02:05 . 2012-02-15 02:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-15 02:05 . 2012-02-15 02:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-15 02:05 . 2012-02-15 02:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-15 02:04 . 2012-02-15 02:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-15 02:03 . 2012-02-15 02:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-15 02:03 . 2012-02-15 02:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-10 10:08 . 2012-03-20 23:26 279840 ----a-w- c:\windows\system32\ikutm.dll
2012-02-10 06:24 . 2012-03-14 16:55 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:23 . 2012-03-14 16:55 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 06:23 . 2012-03-14 16:55 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 06:23 . 2012-03-14 16:55 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 06:23 . 2012-03-14 16:55 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:35 . 2012-03-14 16:55 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 05:35 . 2012-03-14 16:55 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:35 . 2012-03-14 16:55 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:35 . 2012-03-14 16:55 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-10 05:35 . 2012-03-14 16:55 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-03 04:16 . 2012-03-14 16:55 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 10:02 . 2012-01-31 10:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 10:00 . 2012-01-31 10:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache86\user32.dll
[-] 2009-07-14 . 738ABEE48BAF965B161A7A3E75EB444D . 858112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-04-27_04.32.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-04-25 14:53 . 2012-04-27 04:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2012-04-25 14:53 . 2012-04-27 21:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2012-04-27 21:02 . 2012-04-27 21:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{52DA2D22-90AC-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 19:33 . 2012-04-27 19:39 28672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E2803503-909F-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 20:30 . 2012-04-27 20:31 10240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E17208B9-90A7-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 15:08 . 2012-04-27 15:15 37888 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D49899ED-907A-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 17:25 . 2012-04-27 17:26 14336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0B9D8A7E-908E-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-13 20:43 . 2012-04-27 20:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-04-13 20:43 . 2012-04-26 18:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-05-14 03:49 . 2012-04-27 18:11 67830 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-27 18:11 41848 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-21 08:15 . 2012-04-27 18:11 22786 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-209557282-4168680159-3086812486-1000_UserData.bin
- 2010-12-21 11:08 . 2012-04-27 01:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-21 11:08 . 2012-04-27 18:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-21 11:08 . 2012-04-27 01:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-21 11:08 . 2012-04-27 18:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-27 01:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-27 18:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:46 . 2012-04-27 00:52 84368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-04-27 18:24 84368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-04-27 20:06 . 2012-04-27 21:02 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{73B3C289-90A4-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 16:06 . 2012-04-27 16:12 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FFD02E91-9082-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 14:19 . 2012-04-27 14:19 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FDDBA486-9073-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:16 . 2012-04-27 15:22 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FC2BFAEC-907B-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 18:37 . 2012-04-27 18:41 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FBCE0798-9097-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 14:19 . 2012-04-27 14:19 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FBA9DFC5-9073-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 14:26 . 2012-04-27 14:26 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FB1B8B2D-9074-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 14:33 . 2012-04-27 14:40 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FABCD21A-9075-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 18:58 . 2012-04-27 19:02 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FA58D01C-909A-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 17:39 . 2012-04-27 17:46 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FA1EA6D0-908F-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 16:42 . 2012-04-27 16:49 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F8EE1785-9087-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 19:05 . 2012-04-27 19:05 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F7F58C6F-909B-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 16:13 . 2012-04-27 16:18 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F4E9D018-9083-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 18:15 . 2012-04-27 18:15 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F2AD3FED-9094-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 14:40 . 2012-04-27 14:45 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F105D213-9076-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 17:53 . 2012-04-27 17:53 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EDC0E38B-9091-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 16:34 . 2012-04-27 16:34 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E919010A-9086-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:13 . 2012-04-27 16:19 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E48C3719-9083-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 14:47 . 2012-04-27 14:47 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E2E685CA-9077-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 19:33 . 2012-04-27 19:39 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E2803502-909F-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 20:30 . 2012-04-27 20:31 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E17208B8-90A7-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 14:54 . 2012-04-27 14:54 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DFED4B6A-9078-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 18:21 . 2012-04-27 18:27 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DF8C9470-9095-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 15:01 . 2012-04-27 15:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DD8ECA7C-9079-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 17:46 . 2012-04-27 17:46 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DBC0D689-9090-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 15:08 . 2012-04-27 15:08 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DB30498E-907A-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:58 . 2012-04-27 15:58 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D9423E36-9081-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:48 . 2012-04-27 16:48 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D707AF20-9088-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:08 . 2012-04-27 15:08 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D49899EC-907A-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:05 . 2012-04-27 16:05 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D423AC8A-9082-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:15 . 2012-04-27 15:19 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D3E154D9-907B-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:19 . 2012-04-27 16:23 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D34F1C0F-9084-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 19:25 . 2012-04-27 19:30 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D043304E-909E-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 18:14 . 2012-04-27 18:14 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CE73A39F-9094-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 15:22 . 2012-04-27 15:27 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CE611FBF-907C-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 14:24 . 2012-04-27 14:24 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BF920032-9074-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:57 . 2012-04-27 15:57 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B8F00EFD-9081-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 17:23 . 2012-04-27 17:29 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B3455078-908D-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 17:01 . 2012-04-27 17:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B225FF2C-908A-11E1-AA95-206A8A1429CE}.dat
+ 2012-04-27 14:45 . 2012-04-27 14:45 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B13CF033-9077-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 17:01 . 2012-04-27 17:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AB03F194-908A-11E1-AA95-206A8A1429CE}.dat
+ 2012-04-27 19:03 . 2012-04-27 19:09 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A9EB0F12-909B-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 18:41 . 2012-04-27 18:47 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A31551AE-9098-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 17:08 . 2012-04-27 17:08 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9F37F98B-908B-11E1-AA95-206A8A1429CE}.dat
+ 2012-04-27 19:24 . 2012-04-27 19:29 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9E5E184F-909E-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 19:10 . 2012-04-27 19:10 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9E264D10-909C-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 18:27 . 2012-04-27 18:27 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{99165826-9096-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 14:52 . 2012-04-27 14:52 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{98A55676-9078-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 17:15 . 2012-04-27 17:15 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{986C49D1-908C-11E1-9FC1-206A8A1429CE}.dat
+ 2012-04-27 18:19 . 2012-04-27 18:25 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{97BE10B5-9095-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 17:29 . 2012-04-27 17:29 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{97B08203-908E-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 17:37 . 2012-04-27 17:37 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{975CBA5A-908F-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 17:15 . 2012-04-27 17:15 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{955600F5-908C-11E1-9FC1-206A8A1429CE}.dat
+ 2012-04-27 16:18 . 2012-04-27 16:18 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{93835AD8-9084-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 17:29 . 2012-04-27 17:29 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{922A909F-908E-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 17:22 . 2012-04-27 17:26 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{910B2726-908D-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 17:07 . 2012-04-27 17:08 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{89F48789-908B-11E1-AA95-206A8A1429CE}.dat
+ 2012-04-27 15:27 . 2012-04-27 15:27 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{86117004-907D-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 18:40 . 2012-04-27 18:40 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7DB1D481-9098-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 15:20 . 2012-04-27 15:20 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7A0FE18A-907C-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:27 . 2012-04-27 15:27 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{76DD8623-907D-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 19:16 . 2012-04-27 19:20 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{74C7A62A-909D-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 14:58 . 2012-04-27 14:58 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{74672082-9079-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:34 . 2012-04-27 15:41 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{741648A9-907E-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 17:14 . 2012-04-27 17:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{73627DA5-908C-11E1-9FC1-206A8A1429CE}.dat
+ 2012-04-27 16:52 . 2012-04-27 16:52 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6EFE2978-9089-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 14:15 . 2012-04-27 14:18 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6CB39AB1-9073-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:59 . 2012-04-27 16:59 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{679CFA2A-908A-11E1-AA95-206A8A1429CE}.dat
+ 2012-04-27 16:24 . 2012-04-27 16:28 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{669A888F-9085-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:41 . 2012-04-27 15:41 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{661D1265-907F-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 19:30 . 2012-04-27 19:36 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{64FB856E-909F-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 15:48 . 2012-04-27 15:53 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6304E621-9080-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 18:53 . 2012-04-27 18:53 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{558FCD66-909A-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 14:14 . 2012-04-27 14:14 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4C56BC6F-9073-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 14:28 . 2012-04-27 14:28 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{448239DF-9075-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:58 . 2012-04-27 16:59 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{42CF8355-908A-11E1-AA95-206A8A1429CE}.dat
+ 2012-04-27 16:51 . 2012-04-27 16:51 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{41EA1A47-9089-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 14:35 . 2012-04-27 14:41 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{41AA52C3-9076-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 17:48 . 2012-04-27 17:52 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3E424646-9091-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 16:22 . 2012-04-27 16:22 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3C746842-9085-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 18:17 . 2012-04-27 18:17 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3C43A6EE-9095-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 16:29 . 2012-04-27 16:29 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3957268F-9086-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:37 . 2012-04-27 16:37 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{363A378B-9087-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:32 . 2012-04-27 15:32 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2CD577D6-907E-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 18:02 . 2012-04-27 18:02 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{26E85CA3-9093-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 15:53 . 2012-04-27 15:57 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{264D8A5C-9081-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 18:30 . 2012-04-27 18:35 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{201361AD-9097-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 15:38 . 2012-04-27 15:38 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1A171FA5-907F-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 20:53 . 2012-04-27 20:53 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{18D7DCEE-90AB-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 19:20 . 2012-04-27 19:20 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{17A737CE-909E-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 15:46 . 2012-04-27 15:46 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{170154C2-9080-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 19:13 . 2012-04-27 19:13 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{16FB471A-909D-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 15:53 . 2012-04-27 15:58 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{164CEA25-9081-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 14:41 . 2012-04-27 14:47 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{14A509CC-9077-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 19:56 . 2012-04-27 19:56 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{142BE91D-90A3-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 16:28 . 2012-04-27 16:34 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{13E541E6-9086-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:02 . 2012-04-27 15:03 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1394C575-907A-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:42 . 2012-04-27 16:42 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{09F22DBB-9088-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 20:46 . 2012-04-27 20:49 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{090B24DE-90AA-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 14:12 . 2012-04-27 14:12 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0473E6F7-9073-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 18:44 . 2012-04-27 18:44 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0359CD55-9099-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 17:54 . 2012-04-27 17:59 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{026C768D-9092-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 18:51 . 2012-04-27 18:57 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{00B6E0C0-909A-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 14:19 . 2012-04-27 14:26 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FDDBA487-9073-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 14:19 . 2012-04-27 14:24 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FBA9DFC6-9073-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 14:26 . 2012-04-27 14:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FB1B8B2E-9074-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 19:05 . 2012-04-27 19:08 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F7F58C70-909B-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 18:15 . 2012-04-27 18:19 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F2AD3FEE-9094-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 17:53 . 2012-04-27 18:00 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EDC0E38C-9091-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 16:49 . 2012-04-27 16:49 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EC78D454-9088-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 14:18 . 2012-04-27 14:19 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E96B93E8-9073-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:34 . 2012-04-27 16:41 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E919010B-9086-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 14:40 . 2012-04-27 14:40 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E6E7F8E5-9076-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 18:57 . 2012-04-27 18:58 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E6B31477-909A-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 14:47 . 2012-04-27 14:54 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E2E685CB-9077-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 17:46 . 2012-04-27 17:46 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E228EAA2-9090-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 14:54 . 2012-04-27 15:01 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DFED4B6B-9078-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 14:47 . 2012-04-27 14:47 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DDC6EF90-9077-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:01 . 2012-04-27 15:08 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DD8ECA7D-9079-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 17:46 . 2012-04-27 17:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBC0D68A-9090-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 15:08 . 2012-04-27 15:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DB30498F-907A-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:58 . 2012-04-27 16:05 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D9423E37-9081-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:48 . 2012-04-27 16:52 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D707AF21-9088-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:12 . 2012-04-27 16:13 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D68D6E1E-9083-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:05 . 2012-04-27 16:12 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D423AC8B-9082-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:34 . 2012-04-27 16:34 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D1D7AF79-9086-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 18:14 . 2012-04-27 18:14 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CE73A3A1-9094-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 18:14 . 2012-04-27 18:14 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CE73A3A0-9094-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 15:58 . 2012-04-27 15:58 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CC8520FB-9081-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 17:52 . 2012-04-27 17:52 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C7451AA8-9091-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 18:35 . 2012-04-27 18:35 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C4277BCD-9097-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 16:19 . 2012-04-27 16:19 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C424B7AD-9084-11E1-BE63-206A8A1429CE}.dat
 
+ 2012-04-27 17:59 . 2012-04-27 18:00 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C17C6A07-9092-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 15:22 . 2012-04-27 15:22 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C005D314-907C-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 14:24 . 2012-04-27 14:28 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BF920033-9074-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:57 . 2012-04-27 16:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B8F00EFE-9081-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 18:27 . 2012-04-27 18:28 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B55A9FCF-9096-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 17:01 . 2012-04-27 17:08 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B225FF2D-908A-11E1-AA95-206A8A1429CE}.dat
+ 2012-04-27 14:45 . 2012-04-27 14:52 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B13CF034-9077-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:57 . 2012-04-27 15:57 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AB89F00F-9081-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 17:01 . 2012-04-27 17:07 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AB03F195-908A-11E1-AA95-206A8A1429CE}.dat
+ 2012-04-27 18:20 . 2012-04-27 18:25 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A9196B91-9095-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 14:45 . 2012-04-27 14:45 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A7C5B758-9077-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 17:23 . 2012-04-27 17:23 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A78E0A9B-908D-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 17:08 . 2012-04-27 17:08 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9F37F98C-908B-11E1-AA95-206A8A1429CE}.dat
+ 2012-04-27 19:10 . 2012-04-27 19:15 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9E264D11-909C-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 18:27 . 2012-04-27 18:31 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99165827-9096-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 14:52 . 2012-04-27 14:58 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{98A55677-9078-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 17:15 . 2012-04-27 17:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{986C49D2-908C-11E1-9FC1-206A8A1429CE}.dat
+ 2012-04-27 17:29 . 2012-04-27 17:36 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{97B08204-908E-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 17:37 . 2012-04-27 17:44 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{975CBA5B-908F-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 17:15 . 2012-04-27 17:15 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{955600F6-908C-11E1-9FC1-206A8A1429CE}.dat
+ 2012-04-27 17:29 . 2012-04-27 17:29 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{94FBD18F-908E-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 19:02 . 2012-04-27 19:03 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{94CAD8A1-909B-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 16:18 . 2012-04-27 16:22 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{93835AD9-9084-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 17:29 . 2012-04-27 17:36 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{922A90A0-908E-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 19:09 . 2012-04-27 19:10 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8F40F096-909C-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 16:18 . 2012-04-27 16:18 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8E557C5C-9084-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 17:15 . 2012-04-27 17:15 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8D169C5F-908C-11E1-9FC1-206A8A1429CE}.dat
+ 2012-04-27 18:41 . 2012-04-27 18:41 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8CE0FB9C-9098-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 17:07 . 2012-04-27 17:08 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{89F4878A-908B-11E1-AA95-206A8A1429CE}.dat
+ 2012-04-27 15:27 . 2012-04-27 15:32 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{86117005-907D-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 20:49 . 2012-04-27 20:50 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{844C7B99-90AA-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 17:14 . 2012-04-27 17:15 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{804412C5-908C-11E1-9FC1-206A8A1429CE}.dat
+ 2012-04-27 15:27 . 2012-04-27 15:27 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7F21AD73-907D-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 18:40 . 2012-04-27 18:44 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7DB1D482-9098-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 15:20 . 2012-04-27 15:27 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7A0FE18B-907C-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:27 . 2012-04-27 15:34 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{76DD8624-907D-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 14:58 . 2012-04-27 15:02 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{74672083-9079-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 18:47 . 2012-04-27 18:47 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{709949F6-9099-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 16:52 . 2012-04-27 16:52 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6EFE2979-9089-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:59 . 2012-04-27 17:01 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{679CFA2B-908A-11E1-AA95-206A8A1429CE}.dat
+ 2012-04-27 15:41 . 2012-04-27 15:48 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{661D1266-907F-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:41 . 2012-04-27 15:41 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{63281CCA-907F-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:19 . 2012-04-27 15:20 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6132C1EA-907C-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 19:29 . 2012-04-27 19:30 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{604E3141-909F-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 16:23 . 2012-04-27 16:24 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E012511-9085-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:59 . 2012-04-27 16:59 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5A9D3667-908A-11E1-AA95-206A8A1429CE}.dat
+ 2012-04-27 19:29 . 2012-04-27 19:30 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{596A5596-909F-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 18:53 . 2012-04-27 19:00 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{558FCD67-909A-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 14:14 . 2012-04-27 14:19 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4C56BC70-9073-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 14:28 . 2012-04-27 14:35 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{448239E0-9075-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:58 . 2012-04-27 17:01 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{42CF8356-908A-11E1-AA95-206A8A1429CE}.dat
+ 2012-04-27 16:51 . 2012-04-27 16:51 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{41EA1A48-9089-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:22 . 2012-04-27 16:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3C746843-9085-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 18:17 . 2012-04-27 18:19 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3C43A6EF-9095-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 19:36 . 2012-04-27 19:36 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3AEB320B-90A0-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 16:29 . 2012-04-27 16:36 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{39572690-9086-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:37 . 2012-04-27 16:41 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{363A378C-9087-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 18:02 . 2012-04-27 18:02 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2D02E96C-9093-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 15:32 . 2012-04-27 15:38 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2CD577D7-907E-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:53 . 2012-04-27 15:53 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1B120C0E-9081-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 15:38 . 2012-04-27 15:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1A171FA6-907F-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 20:53 . 2012-04-27 20:53 9216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{18D7DCEF-90AB-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 19:20 . 2012-04-27 19:24 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{17A737CF-909E-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 15:46 . 2012-04-27 15:46 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{170154C3-9080-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 19:13 . 2012-04-27 19:20 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{16FB471B-909D-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 19:20 . 2012-04-27 19:21 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1532CC82-909E-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 19:56 . 2012-04-27 20:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{142BE91E-90A3-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 15:02 . 2012-04-27 15:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1394C576-907A-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 17:26 . 2012-04-27 17:29 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1326127A-908E-11E1-B0FB-206A8A1429CE}.dat
+ 2012-04-27 14:12 . 2012-04-27 14:13 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{11FB5922-9073-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:42 . 2012-04-27 16:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{09F22DBC-9088-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 16:28 . 2012-04-27 16:28 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{09447D0A-9086-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 14:12 . 2012-04-27 14:12 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0473E6F8-9073-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 18:44 . 2012-04-27 18:44 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0359CD56-9099-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 14:41 . 2012-04-27 14:41 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{026DE210-9077-11E1-BE63-206A8A1429CE}.dat
+ 2012-04-27 13:35 . 2012-04-27 13:35 9560 c:\windows\system32\NetworkList\Icons\{E95FE50B-07DF-4EF8-A985-7DE9E866F853}_48.bin
+ 2012-04-27 13:35 . 2012-04-27 13:35 4280 c:\windows\system32\NetworkList\Icons\{E95FE50B-07DF-4EF8-A985-7DE9E866F853}_32.bin
+ 2012-04-27 13:35 . 2012-04-27 13:35 2456 c:\windows\system32\NetworkList\Icons\{E95FE50B-07DF-4EF8-A985-7DE9E866F853}_24.bin
- 2012-04-27 02:54 . 2012-04-27 04:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-27 18:09 . 2012-04-27 18:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-27 02:54 . 2012-04-27 04:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-27 18:09 . 2012-04-27 18:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-08 18:50 . 2012-04-27 16:59 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-02-08 18:50 . 2012-04-27 16:59 149280 c:\windows\SysWOW64\javaw.exe
+ 2011-02-08 18:50 . 2012-04-27 16:59 149280 c:\windows\SysWOW64\java.exe
+ 2012-04-25 14:52 . 2012-04-27 21:02 573440 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2012-04-13 20:43 . 2012-04-27 21:02 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-04-13 20:43 . 2012-04-27 04:20 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-04-27 04:20 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-27 21:02 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-27 04:00 . 2012-04-27 21:02 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012042720120428\index.dat
+ 2012-04-27 17:22 . 2012-04-27 17:29 840704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{910B2727-908D-11E1-B0FB-206A8A1429CE}.dat
+ 2010-12-23 19:35 . 2012-04-27 12:51 736758 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-04-27 17:16 621274 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-27 17:16 108494 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-27 18:08 470276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-27 02:52 470276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-27 17:01 . 2012-04-27 17:01 207360 c:\windows\Installer\50e50.msi
+ 2012-04-27 17:16 . 2012-04-27 17:16 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-04-27 17:16 . 2012-04-27 17:16 123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
+ 2012-04-27 17:16 . 2012-04-27 17:16 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-04-27 17:16 . 2012-04-27 17:16 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-04-27 17:16 . 2012-04-27 17:16 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
- 2009-07-14 04:54 . 2012-04-27 04:20 1785856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-27 21:02 1785856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-27 21:02 9650176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-27 04:20 9650176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:45 . 2012-04-27 00:40 7162691 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-04-27 17:21 7162691 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-12-21 10:35 . 2012-04-27 18:08 2303128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-12-21 20:37 . 2012-04-27 18:08 3868863 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-209557282-4168680159-3086812486-1000-12288.dat
+ 2012-03-26 23:21 . 2012-03-26 23:21 7622656 c:\windows\Installer\5e14f.msi
+ 2009-07-14 02:34 . 2012-04-27 18:23 10797056 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-04-27 04:25 10797056 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-04-13 23:03 . 2012-04-27 18:08 10698444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2012-04-13 23:03 . 2012-04-27 02:52 10698444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-04-27 16:58 . 2012-04-27 16:58 12938752 c:\windows\Installer\50e49.msi
.
-- 快照技术重新设置 --
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-26 960080]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
quietHDD - Shortcut.lnk - c:\users\Random McGill Guy\Desktop\Benchmark\quietHDD.exe [2010-12-24 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ GOOGLEPINYIN2.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-05-26 325200]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_NotSynced]
@="{87B33B34-0E92-4821-B787-9DF83BDC3BEA}"
[HKEY_CLASSES_ROOT\CLSID\{87B33B34-0E92-4821-B787-9DF83BDC3BEA}]
2010-12-16 02:21 1296712 ----a-w- c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_Synced]
@="{78C3446F-4276-4AC1-B17F-F580836D7AD6}"
[HKEY_CLASSES_ROOT\CLSID\{78C3446F-4276-4AC1-B17F-F580836D7AD6}]
2010-12-16 02:21 1296712 ----a-w- c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_Syncing]
@="{E427F712-D68E-4BE6-886F-B088037A87CB}"
[HKEY_CLASSES_ROOT\CLSID\{E427F712-D68E-4BE6-886F-B088037A87CB}]
2010-12-16 02:21 1296712 ----a-w- c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- 而外的扫描 -------
.
uStart Page = about:blank
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_3820&r=273612107806l0458z1k5t67l1m094
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: 使用迅雷下载 - c:\program files (x86)\Thunder\Program\GetUrl.htm
IE: 使用迅雷下载全部链接 - c:\program files (x86)\Thunder\Program\GetAllUrl.htm
LSP: c:\program files (x86)\YouKu\common\ikutm.dll
TCP: DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KUGOU2~1\KUGOO3~1.OCX
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KUGOU2~1\KUGOO3~1.OCX
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
.
.
------- 文件类型 -------
.
txtfile=c:\windows\notepad.exe %1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"=hex:51,66,7a,6c,4c,1d,38,12,b8,bf,48,
c1,9f,0f,c3,0d,e6,45,75,49,c1,d0,e8,d3
"{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12,
04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00
"{01443AEC-0FD1-40FD-9C87-E93D1494C233}"=hex:51,66,7a,6c,4c,1d,38,12,82,39,57,
05,e3,41,93,05,e3,91,aa,7d,11,ca,86,27
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:9b,ad,37,9f,0e,24,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,de,81,df,91,ba,12,43,85,75,84,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,de,81,df,91,ba,12,43,85,75,84,\
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-209557282-4168680159-3086812486-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-209557282-4168680159-3086812486-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf.14"
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"慤慴"=hex:47,b5,77,c6,35,85,e5,ba,81,8b,d8,e4,3c,48,33,d0,d8,1b,06,34,1b,dd,
63,cc,0e,f7,95,84,82,51,4e,61,17,69,bc,94,67,8d,73,c9,51,0b,b0,5e,19,00,c2,\
"歲祥"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\SecuROM\License information*]
"datasecu"=hex:a3,b1,07,fa,28,8f,9a,55,c6,6b,ce,3f,9b,9e,6a,c2,50,38,6c,28,92,
b0,62,83,d3,9e,9a,8a,85,2d,9d,9e,80,3a,6e,29,15,93,3f,ed,ff,55,59,cb,fe,7d,\
"rkeysecu"=hex:eb,3f,2e,50,0b,a5,eb,8b,44,7b,20,03,d6,14,a8,b6
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{107E6D21-54ED-32EA-89EBEFDD29F12B2C}\{B975045C-7EA8-ADE1-408732B9E3F99960}\{A296A331-83C2-2419-70104A7C6B45B24D}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{17DE1F14-B3E4-1035-F057BA15C83B1D27}\{8EADAA70-8C9A-100D-77D42F75FD081297}\{52159879-7142-2CA4-73B8A923B4C8F27A}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{793A0CD2-18B8-B505-D2705730ED7730B5}\{224F5FE7-6AB9-E5AA-092A0B3F1E7E0249}\{E87C09AA-1A97-D30E-8C0D3EFE96A56BA8}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2012-04-27 17:25:12
ComboFix-quarantined-files.txt 2012-04-27 21:25
ComboFix2.txt 2012-04-27 04:34
ComboFix3.txt 2012-04-26 22:12
ComboFix4.txt 2012-04-16 06:27
.
Pre-Run: 76,694,568,960 bytes free
Post-Run: 76,568,104,960 bytes free
.
- - End Of File - - 9FBE35F2AA150BF3E374A397D2B98D0A
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
FCopy::
c:\windows\ERDNT\cache86\user32.dll | c:\windows\SysWOW64\user32.dll

RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{107E6D21-54ED-32EA-89EBEFDD29F12B2C}\{B975045C-7EA8-ADE1-408732B9E3F99960}\{A296A331-83C2-2419-70104A7C6B45B24D}*]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{17DE1F14-B3E4-1035-F057BA15C83B1D27}\{8EADAA70-8C9A-100D-77D42F75FD081297}\{52159879-7142-2CA4-73B8A923B4C8F27A}*]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{793A0CD2-18B8-B505-D2705730ED7730B5}\{224F5FE7-6AB9-E5AA-092A0B3F1E7E0249}\{E87C09AA-1A97-D30E-8C0D3EFE96A56BA8}*]

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
hi broni, i just ran combofix, couldnt generate a log firt time so did it again to get this

ComboFix 12-04-27.02 - Random McGill Guy 27/04/2012 18:22:24.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.936.86.1033.18.3764.1431 [GMT -4:00]
执行位置: c:\users\Random McGill Guy\Desktop\ComboFix.exe
Command switches used :: c:\users\Random McGill Guy\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- 早前运行的结果 -------
.
c:\programdata\fevmeaa.tmp
.
.
--------------- FCopy ---------------
.
c:\windows\ERDNT\cache86\user32.dll --> c:\windows\SysWOW64\user32.dll
.
((((((((((((((((((((((((( 2012-03-27 至 2012-04-27 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-04-27 22:34 . 2012-04-27 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 18:12 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72B7FF91-E5C1-4D2B-96CF-892861529D3A}\mpengine.dll
2012-04-27 17:21 . 2012-04-27 17:20 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B500EB32-269F-4B05-B023-D084A2849BD7}\gapaengine.dll
2012-04-27 17:16 . 2012-04-27 17:16 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-27 17:16 . 2012-04-27 17:16 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-27 16:47 . 2012-04-27 16:47 -------- d-----w- C:\_OTL
2012-04-27 14:06 . 2012-04-27 14:06 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-04-27 13:50 . 2012-04-27 14:06 27936 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-04-27 01:01 . 2012-04-27 01:01 -------- d-----w- c:\program files (x86)\ESET
2012-04-26 21:43 . 2012-04-26 21:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-26 21:43 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-26 20:49 . 2012-04-26 20:49 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\SUPERAntiSpyware.com
2012-04-26 20:49 . 2012-04-26 20:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-26 20:49 . 2012-04-26 20:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-26 06:20 . 2012-04-26 06:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-26 06:05 . 2012-04-26 21:53 -------- d-----w- C:\MGtools
2012-04-26 04:27 . 2012-04-26 04:27 -------- d-----w- c:\program files\HitmanPro
2012-04-26 04:27 . 2012-04-27 14:06 -------- d-----w- c:\programdata\HitmanPro
2012-04-25 18:32 . 2012-04-26 21:05 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-25 18:32 . 2012-04-26 21:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-25 15:05 . 2012-04-26 23:40 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\vlc
2012-04-24 23:19 . 2012-04-24 23:19 -------- d-----w- c:\users\Random McGill Guy\AppData\Local\WindowsApplication1
2012-04-24 17:00 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{281EF0DE-0994-4F1F-B8F9-B6D2A7EAA443}\mpengine.dll
2012-04-22 01:44 . 2012-04-22 01:45 -------- d-----w- c:\programdata\Battle.net
2012-04-20 15:07 . 2012-04-20 15:07 -------- d-----w- c:\programdata\IObit
2012-04-16 06:33 . 2012-04-16 06:33 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\Malwarebytes
2012-04-16 06:33 . 2012-04-16 06:33 -------- d-----w- c:\programdata\Malwarebytes
2012-04-16 05:44 . 2012-04-16 05:44 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\IObit
2012-04-16 05:44 . 2012-04-20 15:07 -------- d-----w- c:\program files (x86)\IObit
2012-04-16 05:35 . 2011-04-05 21:35 60504 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-04-16 05:35 . 2011-04-05 21:35 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-04-16 05:35 . 2011-04-05 21:35 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-04-16 05:35 . 2011-02-08 13:14 84568 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-04-16 05:31 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-04-15 12:24 . 2012-04-15 12:24 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-14 00:00 . 2012-04-26 20:16 -------- d-----w- c:\program files (x86)\Ludashi
2012-04-13 22:43 . 2012-04-13 23:59 -------- d-----w- c:\programdata\360safe
2012-04-13 22:40 . 2011-08-31 10:18 19800 ----a-w- c:\windows\system32\drivers\efimon.sys
2012-04-13 22:40 . 2012-04-13 22:40 -------- d-----w- c:\program files (x86)\360
2012-04-13 17:45 . 2012-04-13 17:45 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\Caiyun
2012-04-13 17:44 . 2012-04-13 21:18 -------- d-----w- c:\program files (x86)\彩云游戏浏览器
2012-04-12 20:13 . 2012-04-22 06:28 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\KuGou7
2012-04-12 20:13 . 2012-04-12 20:13 -------- d-----w- c:\program files (x86)\KuGou2012
2012-04-12 06:46 . 2012-04-13 17:45 -------- d-----w- C:\TGGAME
2012-04-12 04:18 . 2012-04-12 04:18 -------- d-----w- c:\users\Random McGill Guy\AppData\Local\Mozilla
2012-04-12 04:01 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-12 04:01 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-04-12 04:01 . 2012-02-28 01:58 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-04-12 04:01 . 2012-02-28 07:37 174392 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-12 04:01 . 2012-02-28 06:47 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-04-12 04:01 . 2012-02-28 06:56 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-12 04:01 . 2012-02-28 01:08 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2012-04-12 03:59 . 2012-03-06 06:43 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 03:59 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 03:59 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 03:55 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 03:55 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 03:55 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 03:55 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 03:55 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 03:55 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 03:55 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 01:06 . 2012-04-09 01:06 61440 ----a-r- c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2012-04-09 01:06 . 2012-04-09 01:06 61440 ----a-r- c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\ARPPRODUCTICON.exe
2012-04-09 01:06 . 2012-04-09 01:06 106496 ----a-r- c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2012-04-09 01:06 . 2012-04-09 01:06 106496 ----a-r- c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2012-04-09 01:06 . 2012-04-09 01:06 106496 ----a-r- c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2012-04-09 01:06 . 2012-04-09 01:06 -------- d-----w- c:\program files (x86)\Common Files\Tencent
2012-04-09 01:06 . 2012-04-09 01:06 -------- d-----w- c:\program files (x86)\Tencent
2012-04-09 01:06 . 2012-04-09 01:07 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\Tencent
2012-04-09 01:06 . 2012-04-09 01:06 18760 ----a-w- c:\windows\SysWow64\QQVistaHelper.dll
2012-04-08 00:21 . 2012-04-08 00:22 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\GRETECH
2012-04-08 00:21 . 2012-04-08 00:27 -------- d-----w- c:\program files (x86)\GRETECH
2012-04-07 13:32 . 2012-04-07 13:32 -------- d-----w- c:\program files (x86)\Common Files\duowan
2012-04-07 13:32 . 2012-04-07 13:32 -------- d-----w- c:\program files (x86)\duowan
2012-04-07 13:32 . 2012-04-07 13:32 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\duowan
2012-03-31 16:54 . 2012-03-31 16:54 -------- d-----w- c:\users\Random McGill Guy\AppData\Local\Unity
2012-03-29 05:04 . 2012-03-29 05:04 -------- d-----w- c:\users\Random McGill Guy\AppData\Roaming\ATI
2012-03-29 05:04 . 2012-03-29 05:04 -------- d-----w- c:\users\Random McGill Guy\AppData\Local\ATI
2012-03-29 05:04 . 2012-03-29 05:04 -------- d-----w- c:\programdata\ATI
2012-03-29 05:00 . 2012-03-29 05:00 0 ----a-w- c:\windows\ativpsrm.bin
2012-03-29 04:58 . 2012-03-29 04:58 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-29 04:58 . 2012-03-29 04:58 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-29 04:58 . 2012-03-29 04:58 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-03-29 04:58 . 2012-03-29 04:58 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-03-29 04:54 . 2012-03-29 04:54 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-03-29 04:54 . 2012-03-29 04:58 -------- d-----w- c:\program files\ATI Technologies
2012-03-29 04:54 . 2012-03-29 04:54 -------- d-----w- c:\program files\ATI
2012-03-29 04:52 . 2012-02-15 08:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-29 03:06 . 2012-02-15 07:16 58880 ----a-w- c:\windows\system32\coinst.dll
2012-03-29 03:01 . 2012-03-29 03:01 -------- d-----w- c:\users\Random McGill Guy\AppData\Local\Leshcat & Co
2012-03-29 01:26 . 2012-03-29 01:42 -------- d-----w- c:\program files (x86)\ImageJ
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-27 16:59 . 2011-08-21 01:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-26 06:05 . 2012-04-26 06:05 33660 ----a-w- C:\MGlogs.zip
2012-04-15 12:24 . 2011-11-07 22:55 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-29 01:30 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-29 01:30 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-21 00:44 . 2012-03-21 00:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 00:44 . 2012-03-21 00:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-23 14:18 . 2010-12-21 09:07 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 06:27 . 2012-03-14 08:44 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 08:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 08:44 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 08:44 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 02:05 . 2012-02-15 02:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-15 02:05 . 2012-02-15 02:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-15 02:05 . 2012-02-15 02:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-15 02:05 . 2012-02-15 02:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-15 02:05 . 2012-02-15 02:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-15 02:04 . 2012-02-15 02:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-15 02:03 . 2012-02-15 02:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-15 02:03 . 2012-02-15 02:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-10 10:08 . 2012-03-20 23:26 279840 ----a-w- c:\windows\system32\ikutm.dll
2012-02-10 06:24 . 2012-03-14 16:55 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:23 . 2012-03-14 16:55 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 06:23 . 2012-03-14 16:55 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 06:23 . 2012-03-14 16:55 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 06:23 . 2012-03-14 16:55 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:35 . 2012-03-14 16:55 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 05:35 . 2012-03-14 16:55 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:35 . 2012-03-14 16:55 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:35 . 2012-03-14 16:55 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-10 05:35 . 2012-03-14 16:55 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-03 04:16 . 2012-03-14 16:55 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 10:02 . 2012-01-31 10:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 10:00 . 2012-01-31 10:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-27_21.22.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-04-25 14:53 . 2012-04-27 21:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2012-04-25 14:53 . 2012-04-27 21:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2012-04-27 21:35 . 2012-04-27 21:35 23552 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{EF941C69-90B0-11E1-81D4-206A8A1429CE}.dat
+ 2010-05-14 03:49 . 2012-04-27 22:38 68168 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-27 22:38 41864 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-27 20:06 . 2012-04-27 21:35 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{73B3C289-90A4-11E1-81D4-206A8A1429CE}.dat
- 2012-04-27 20:06 . 2012-04-27 21:02 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{73B3C289-90A4-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 21:28 . 2012-04-27 21:28 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E9832AAD-90AF-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 21:40 . 2012-04-27 21:40 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8AE16F1F-90B1-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 21:24 . 2012-04-27 21:24 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4D9CC53E-90AF-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 21:29 . 2012-04-27 21:29 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{16CBC6FF-90B0-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 21:28 . 2012-04-27 21:35 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E9832AAE-90AF-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 21:40 . 2012-04-27 21:45 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8AE16F20-90B1-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 21:24 . 2012-04-27 21:24 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6708B769-90AF-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 21:24 . 2012-04-27 21:24 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{599912FD-90AF-11E1-81D4-206A8A1429CE}.dat
+ 2012-04-27 21:29 . 2012-04-27 21:34 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{16CBC700-90B0-11E1-81D4-206A8A1429CE}.dat
- 2012-04-27 18:09 . 2012-04-27 18:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-27 22:36 . 2012-04-27 22:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-27 22:36 . 2012-04-27 22:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-27 18:09 . 2012-04-27 18:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-25 14:52 . 2012-04-27 21:02 573440 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2012-04-25 14:52 . 2012-04-27 21:40 573440 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2012-04-13 20:43 . 2012-04-27 21:40 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-04-13 20:43 . 2012-04-27 21:02 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-04-27 21:02 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-27 21:40 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-27 04:00 . 2012-04-27 21:40 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012042720120428\index.dat
- 2012-04-27 04:00 . 2012-04-27 21:02 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012042720120428\index.dat
+ 2009-07-14 05:01 . 2012-04-27 22:35 470276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-27 18:08 470276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-04-27 21:02 1785856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-27 21:40 1785856 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-27 21:40 9650176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-27 21:02 9650176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-21 10:35 . 2012-04-27 18:08 2303128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-12-21 10:35 . 2012-04-27 22:35 2303128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-12-21 20:37 . 2012-04-27 22:35 9097196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-209557282-4168680159-3086812486-1000-12288.dat
- 2012-04-13 23:03 . 2012-04-27 18:08 10698444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-04-13 23:03 . 2012-04-27 22:35 10698444 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-05-26 960080]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Random McGill Guy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
quietHDD - Shortcut.lnk - c:\users\Random McGill Guy\Desktop\Benchmark\quietHDD.exe [2010-12-24 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ GOOGLEPINYIN2.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-21 135664]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-05-26 325200]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_NotSynced]
@="{87B33B34-0E92-4821-B787-9DF83BDC3BEA}"
[HKEY_CLASSES_ROOT\CLSID\{87B33B34-0E92-4821-B787-9DF83BDC3BEA}]
2010-12-16 02:21 1296712 ----a-w- c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_Synced]
@="{78C3446F-4276-4AC1-B17F-F580836D7AD6}"
[HKEY_CLASSES_ROOT\CLSID\{78C3446F-4276-4AC1-B17F-F580836D7AD6}]
2010-12-16 02:21 1296712 ----a-w- c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\..DBankExt_Syncing]
@="{E427F712-D68E-4BE6-886F-B088037A87CB}"
[HKEY_CLASSES_ROOT\CLSID\{E427F712-D68E-4BE6-886F-B088037A87CB}]
2010-12-16 02:21 1296712 ----a-w- c:\users\Random McGill Guy\Documents\数据银行\DBankExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Random McGill Guy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-03-09 345648]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- 而外的扫描 -------
.
uStart Page = about:blank
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_3820&r=273612107806l0458z1k5t67l1m094
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: 使用迅雷下载 - c:\program files (x86)\Thunder\Program\GetUrl.htm
IE: 使用迅雷下载全部链接 - c:\program files (x86)\Thunder\Program\GetAllUrl.htm
LSP: c:\program files (x86)\YouKu\common\ikutm.dll
TCP: DhcpNameServer = 24.48.19.13 24.202.72.13 24.53.0.2
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KUGOU2~1\KUGOO3~1.OCX
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\progra~2\KUGOU2~1\KUGOO3~1.OCX
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"=hex:51,66,7a,6c,4c,1d,38,12,b8,bf,48,
c1,9f,0f,c3,0d,e6,45,75,49,c1,d0,e8,d3
"{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12,
04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00
"{01443AEC-0FD1-40FD-9C87-E93D1494C233}"=hex:51,66,7a,6c,4c,1d,38,12,82,39,57,
05,e3,41,93,05,e3,91,aa,7d,11,ca,86,27
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:9b,ad,37,9f,0e,24,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,de,81,df,91,ba,12,43,85,75,84,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,de,81,df,91,ba,12,43,85,75,84,\
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-209557282-4168680159-3086812486-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-209557282-4168680159-3086812486-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf.14"
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"慤慴"=hex:47,b5,77,c6,35,85,e5,ba,81,8b,d8,e4,3c,48,33,d0,d8,1b,06,34,1b,dd,
63,cc,0e,f7,95,84,82,51,4e,61,17,69,bc,94,67,8d,73,c9,51,0b,b0,5e,19,00,c2,\
"歲祥"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-209557282-4168680159-3086812486-1000\Software\SecuROM\License information*]
"datasecu"=hex:a3,b1,07,fa,28,8f,9a,55,c6,6b,ce,3f,9b,9e,6a,c2,50,38,6c,28,92,
b0,62,83,d3,9e,9a,8a,85,2d,9d,9e,80,3a,6e,29,15,93,3f,ed,ff,55,59,cb,fe,7d,\
"rkeysecu"=hex:eb,3f,2e,50,0b,a5,eb,8b,44,7b,20,03,d6,14,a8,b6
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他运行进程 ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Launch Manager\LMworker.exe
.
**************************************************************************
.
完成时间: 2012-04-27 18:48:22 - 电脑已重新启动
ComboFix-quarantined-files.txt 2012-04-27 22:48
ComboFix2.txt 2012-04-27 21:25
ComboFix3.txt 2012-04-27 04:34
ComboFix4.txt 2012-04-26 22:12
ComboFix5.txt 2012-04-27 21:45
.
Pre-Run: 76,631,740,416 bytes free
Post-Run: 76,438,335,488 bytes free
.
- - End Of File - - CF2107718EFA1046B98A4A08D1580D85
 
seems clean on ie but i am afraid to reenable javascripts for chrome. I will do it now and try it out :)
 
hi broni, i ve just tried google for the past 2 hrs and the redirect is gone! Thank you sooo much!
 
Perfect!

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current (including Service Pack 1 installation!!!)

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Status
Not open for further replies.

Similar threads

midian182
Google to delete billions of Incognito mode browsing records as part of lawsuit settlement
Replies
6
Views
133
ZedRM
ZedRM
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
782
uber_beetle
uber_beetle

Latest posts

Back