Solved "generic32.CEMU" "win64/patched.A" "generic31.ZCS" "generic29.ANPX" "generic15.CGSY" the lists go on

[sblua]

Virus Attacked:

"generic32.CEMU"
"win64/patched.A"
"generic31.ZCS"
"generic29.ANPX"
"generic15.CGSY"
"Luhe.Sirefef.A"

"";"Virus identified Win64/Patched.A, c:\Windows\System32\services.exe";"Cannot be cleaned Remove manually"
"";"Trojan horse Generic32.CEMU, c:\Windows\Installer\{ecf60bac-53c1-5fe2-1250-45251f7a192c}\U\80000064.@";"Secured"
"";"Trojan horse Generic29.ANPX, c:\Windows\assembly\GAC_64\Desktop.ini";"Cannot be removed
Access is denied."
"";"Trojan horse BackDoor.Generic15.CGSY, c:\Windows\assembly\GAC_32\Desktop.ini";"Cannot be removed
Access is denied."
"";"Found Luhe.Sirefef.A, c:\Windows\Installer\{ecf60bac-53c1-5fe2-1250-45251f7a192c}\U\80000032.@";"Secured"

Help Please...

Will post the log file for
[SIZE=28px]"4-Step Viruses/Spyware/Malware Removal Preliminary Instructions"[/SIZE][SIZE=28px][/size][SIZE=28px][/size]

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[sblua]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.25.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Song :: SONG-PC [administrator]

Protection: Enabled

25/6/2013 12:23:44 PM
mbam-log-2013-06-25 (12-23-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227650
Time elapsed: 17 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\$Recycle.Bin\S-1-5-21-3090707503-2689606237-485621480-1000\$R8FWU86.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3090707503-2689606237-485621480-1000\$R2BC7FH\Activator.rar (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3090707503-2689606237-485621480-1000\$RIDWOI0\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

 

[sblua]

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Song :: SONG-PC [administrator]

25/6/2013 12:01:41 AM
mbam-log-2013-06-25 (00-01-41).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 409575
Time elapsed: 2 hour(s), 18 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 22
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{F9BC0421-BB5C-447D-8547-BB45AFA80A4D} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{331D51F6-4375-C0EB-FC13-2CC4758E4C62} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\331D51F6-4375-C0EB-FC13-2CC4758E4C62.Addr.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\331D51F6-4375-C0EB-FC13-2CC4758E4C62.Addr (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{331D51F6-4375-C0EB-FC13-2CC4758E4C62} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{331D51F6-4375-C0EB-FC13-2CC4758E4C62} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{331D51F6-4375-C0EB-FC13-2CC4758E4C62} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.JsObject (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D02E3AB9-7796-40CB-BDFC-20D834FE1F75} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Program Files (x86)\BaiduAddr\{331D51F6-4375-C0EB-FC13-2CC4758E4C62}\AddressBar.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BaiduAddr\{331D51F6-4375-C0EB-FC13-2CC4758E4C62}\ASBarBroker.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\cola\Music\9AC0596D90804BA4.exe (Trojan.StartPage) -> Quarantined and deleted successfully.
C:\KwDownload\Temp\3900E478314AF606.exe (Adware.Ebiz.K) -> Quarantined and deleted successfully.
C:\KwDownload\Temp\9AC0596D90804BA4.exe (Trojan.StartPage) -> Quarantined and deleted successfully.
C:\Windows\Installer\{ecf60bac-53c1-5fe2-1250-45251f7a192c}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

 

[sblua]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611
Run by Song at 13:11:11 on 2013-06-25
Microsoft Windows 7 Professional 6.1.7601.1.936.86.1033.18.6045.3398 [GMT 8:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\ATService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe
C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
c:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Users\Song\AppData\Local\liebao\LBBrowser\KNBCenter.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe
C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files (x86)\LAN Messenger\lmc.exe
C:\Program Files (x86)\PPStream\PPSKernel.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Song\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Tencent\QQIntl\Bin\TXPlatform.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba.msn.com
uDefault_Page_URL = hxxp://toshiba.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: TFPUPWDBankBHO Class: {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [LAN Messenger] C:\Program Files (x86)\LAN Messenger\lmc.exe
uRun: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe
uRun: [Facebook Update] "C:\Users\Song\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [QQIntl] "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background
mRun: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [TSUScheduler] C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [kxesc] "c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe" -autorun
dRun: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe
StartupFolder: C:\Users\Song\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Song\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
StartupFolder: C:\Users\Song\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 192.168.1.99
TCP: Interfaces\{6FCEEAE8-2FB4-4859-BDD9-5CD2AF4A7D1D} : DHCPNameServer = 192.168.1.99
TCP: Interfaces\{6FCEEAE8-2FB4-4859-BDD9-5CD2AF4A7D1D}\24142564C49502B4C4 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6FCEEAE8-2FB4-4859-BDD9-5CD2AF4A7D1D}\341647861697 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{6FCEEAE8-2FB4-4859-BDD9-5CD2AF4A7D1D}\36865716E277C6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6FCEEAE8-2FB4-4859-BDD9-5CD2AF4A7D1D}\36F666665656E26616D696C6C656 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6FCEEAE8-2FB4-4859-BDD9-5CD2AF4A7D1D}\36F666665656E26616D696C6C656 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6FCEEAE8-2FB4-4859-BDD9-5CD2AF4A7D1D}\C4964747C656F4E656 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{6FCEEAE8-2FB4-4859-BDD9-5CD2AF4A7D1D}\D42405A40284F6473707F647 : DHCPNameServer = 10.0.0.1 8.8.8.8 8.8.4.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} - <orphaned>
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [BatteryManager] C:\Program Files (x86)\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE
x64-Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start
x64-Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
x64-Run: [Windows Mobile-based device management] C:\windows\WindowsMobile\wmdcBase.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 kavbootc;kavbootc;C:\windows\System32\drivers\kavbootc64.sys [2013-6-24 31848]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-25 482384]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 KDHacker;KDHacker;C:\Program Files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys [2013-6-24 166776]
R2 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe [2012-1-5 1408904]
R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2010-6-18 2734912]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2011-6-8 250296]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2011-6-8 47032]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-7-22 212944]
R2 kisknl;kisknl;C:\windows\System32\drivers\kisknl.sys [2013-6-24 223032]
R2 KNBCenter;KNBCenter;C:\Users\Song\AppData\Local\liebao\LBBrowser\knbcenter.exe [2013-6-24 456544]
R2 kxescore;Kingsoft Core Service;C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxescore.exe [2013-6-24 168784]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-20 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-20 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 risdxc;risdxc;C:\windows\System32\drivers\risdxc64.sys [2013-3-20 101888]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-9-23 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-20 14472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-3-20 2656536]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver;C:\windows\System32\drivers\ATSwpWDF.sys [2010-6-18 770152]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 KNBDrv;KNBDrv;C:\windows\System32\drivers\knbdrv.sys [2013-6-24 90936]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-3-20 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-7-29 92672]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-7-29 209408]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-3-20 38096]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-3-20 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-8-11 833464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\System32\drivers\btfilter.sys [2011-8-9 45168]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-11-28 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2012-9-10 22528]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2011-11-28 27648]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-3-21 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-06-24 13:56:3390936----a-w-C:\windows\System32\drivers\KNBDrv64.sys
2013-06-24 13:56:3390936----a-w-C:\windows\System32\drivers\knbdrv.sys
2013-06-24 13:55:03--------d-----w-C:\Users\Song\AppData\Local\liebao
2013-06-24 11:33:161202688----a-w-C:\windows\System32\ac3filter64.acm
2013-06-24 11:33:13965120----a-w-C:\windows\SysWow64\ac3filter.acm
2013-06-24 11:33:00--------d-----w-C:\Program Files (x86)\AC3Filter
2013-06-24 11:31:25--------d-----w-C:\ProgramData\KRSHistory
2013-06-24 11:29:51--------d-----w-C:\Program Files (x86)\kingsoft
2013-06-24 11:26:45206336----a-w-C:\windows\System32\unrar64.dll
2013-06-24 11:26:45148992----a-w-C:\windows\System32\lagarith.dll
2013-06-24 11:26:24127488----a-w-C:\windows\System32\ff_vfw.dll
2013-06-24 11:26:23--------d-----w-C:\Program Files\K-Lite Codec Pack x64
2013-06-24 10:52:34--------d-----w-C:\Program Files (x86)\MPC-HC
2013-06-24 10:46:05225280----a-w-C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-06-24 10:45:26--------d-----w-C:\Program Files (x86)\x264 Video Codec
2013-06-24 09:29:31--------d-----w-C:\Program Files (x86)\eymd
2013-06-24 09:20:14--------d-----w-C:\Program Files (x86)\TornTV.com
2013-06-18 08:46:51--------d-----w-C:\Users\Song\AppData\Roaming\RealNetworks
2013-06-18 08:45:46--------d-----w-C:\Program Files (x86)\RealNetworks
2013-06-18 08:45:44--------d-----w-C:\ProgramData\RealNetworks
2013-06-18 08:44:46--------d-----w-C:\Program Files (x86)\Common Files\xing shared
2013-06-18 08:44:26153736----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2013-06-18 08:44:07124504----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2013-06-17 14:00:53--------d-----w-C:\Program Files (x86)\GRETECH
2013-06-14 07:27:10--------d-----w-C:\windows\WindowsMobile
2013-06-13 03:36:581767936----a-w-C:\windows\SysWow64\wininet.dll
2013-06-13 03:36:542241024----a-w-C:\windows\System32\wininet.dll
2013-06-12 15:43:211910632----a-w-C:\windows\System32\drivers\tcpip.sys
2013-06-12 15:28:02751104----a-w-C:\windows\System32\win32spl.dll
2013-06-12 15:28:02492544----a-w-C:\windows\SysWow64\win32spl.dll
2013-06-12 15:27:5830720----a-w-C:\windows\System32\cryptdlg.dll
2013-06-12 15:27:5824576----a-w-C:\windows\SysWow64\cryptdlg.dll
2013-06-12 15:27:491424384----a-w-C:\windows\System32\WindowsCodecs.dll
2013-06-12 15:27:481230336----a-w-C:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 15:26:25903168----a-w-C:\windows\SysWow64\certutil.exe
2013-06-12 15:26:2552224----a-w-C:\windows\System32\certenc.dll
2013-06-12 15:26:2543008----a-w-C:\windows\SysWow64\certenc.dll
2013-06-12 15:26:25184320----a-w-C:\windows\System32\cryptsvc.dll
2013-06-12 15:26:251464320----a-w-C:\windows\System32\crypt32.dll
2013-06-12 15:26:25140288----a-w-C:\windows\SysWow64\cryptsvc.dll
2013-06-12 15:26:25139776----a-w-C:\windows\System32\cryptnet.dll
2013-06-12 15:26:251192448----a-w-C:\windows\System32\certutil.exe
2013-06-12 15:26:251160192----a-w-C:\windows\SysWow64\crypt32.dll
2013-06-12 15:26:25103936----a-w-C:\windows\SysWow64\cryptnet.dll
2013-06-12 15:19:361887232----a-w-C:\windows\System32\d3d11.dll
2013-06-12 15:19:361505280----a-w-C:\windows\SysWow64\d3d11.dll
2013-06-10 06:46:03--------d-----w-C:\Users\Song\AppData\Roaming\BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1
2013-06-10 06:43:49--------d-----w-C:\Program Files (x86)\Benjamin Moore
2013-06-07 04:21:07--------d-----w-C:\Users\Song\AppData\Roaming\webex
2013-06-07 04:19:21--------d-----w-C:\ProgramData\WebEx
2013-05-27 04:43:324096---ha-w-C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
.
==================== Find3M ====================
.
2013-06-24 11:30:2219352----a-w-C:\windows\System32\drivers\ksskrpr.sys
2013-06-24 11:30:2124472----a-w-C:\windows\System32\drivers\bc.sys
2013-06-24 11:30:21166776----a-w-C:\windows\System32\drivers\kdhacker64.sys
2013-06-24 11:30:21127992----a-w-C:\windows\System32\drivers\kdhacker.sys
2013-06-24 11:30:16223032----a-w-C:\windows\System32\drivers\kisknl64.sys
2013-06-24 11:30:16223032----a-w-C:\windows\System32\drivers\kisknl.sys
2013-06-24 11:30:1531848----a-w-C:\windows\System32\drivers\kavbootc64.sys
2013-06-24 11:30:1427240----a-w-C:\windows\System32\drivers\kavbootc.sys
2013-06-24 11:30:1118296----a-w-C:\windows\System32\drivers\kusbquery64.sys
2013-06-24 11:30:1114200----a-w-C:\windows\System32\drivers\kusbquery.sys
2013-06-24 11:30:1084328----a-w-C:\windows\System32\drivers\ksapi.sys
2013-06-19 05:13:22137840----a-w-C:\Program Files (x86)\Uninstall.exe
2013-06-18 08:43:44499712----a-w-C:\windows\SysWow64\msvcp71.dll
2013-06-18 08:43:44348160----a-w-C:\windows\SysWow64\msvcr71.dll
2013-06-12 09:35:5471048----a-w-C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 09:35:54692104----a-w-C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:462706432----a-w-C:\windows\System32\mshtml.tlb
2013-06-08 11:13:192706432----a-w-C:\windows\SysWow64\mshtml.tlb
2013-05-27 04:43:324096---ha-w-C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-17 01:25:272877440----a-w-C:\windows\SysWow64\jscript9.dll
2013-05-17 01:25:2661440----a-w-C:\windows\SysWow64\iesetup.dll
2013-05-17 01:25:26109056----a-w-C:\windows\SysWow64\iesysprep.dll
2013-05-17 00:58:103958784----a-w-C:\windows\System32\jscript9.dll
2013-05-17 00:58:0867072----a-w-C:\windows\System32\iesetup.dll
2013-05-17 00:58:08136704----a-w-C:\windows\System32\iesysprep.dll
2013-05-14 12:23:2589600----a-w-C:\windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:1371680----a-w-C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-04-27 18:09:2218760----a-w-C:\windows\SysWow64\QQVistaHelper.dll
2013-04-13 05:49:23135168----a-w-C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19350208----a-w-C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19308736----a-w-C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19111104----a-w-C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16474624----a-w-C:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:152176512----a-w-C:\windows\apppatch\AcGenral.dll
2013-04-12 14:45:081656680----a-w-C:\windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54265064----a-w-C:\windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53983400----a-w-C:\windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:503153920----a-w-C:\windows\System32\win32k.sys
2013-04-04 06:50:3225928----a-w-C:\windows\System32\drivers\mbam.sys
2013-03-28 18:53:48246072----a-w-C:\windows\System32\drivers\avgidsdrivera.sys
.
============= FINISH: 13:13:16.27 ===============

 

[sblua]

I couldnt wait any longer and found similar problems on: https://www.techspot.com/community/...vices-exe-cannot-be-cleaned-remove-ma.193218/

I tried the Roguekiller for 64bit and here's the report:
Report 1
RogueKiller V8.6.1 _x64_ [Jun 24 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Song [Admin rights]
Mode : Scan -- Date : 06/25/2013 13:33:25
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] knbcenter.exe -- C:\Users\Song\AppData\Local\liebao\LBBrowser\KNBCenter.exe [7] -> KILLED [TermThr]

¤¤¤ Registry Entries : 4 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] @ : C:\Windows\Installer\{ecf60bac-53c1-5fe2-1250-45251f7a192c}\@ [-] --> FOUND
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-] --> FOUND
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> FOUND
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> FOUND
[Aslr|ZeroAccess][File] services.exe : C:\Windows\System32\services.exe [-] --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA THNSNB128GMCJ +++++
--- User ---
[MBR] 5d602c4232bff7fab3bb919b984d4b52
[BSP] 6368ab6eb2d09f29dcee8be95b7cf837 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 108391 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 225058816 | Size: 12212 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_06252013_133325.txt >>

 

[sblua]

Report 2
RogueKiller V8.6.1 _x64_ [Jun 24 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Song [Admin rights]
Mode : Remove -- Date : 06/25/2013 14:03:27
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] knbcenter.exe -- C:\Users\Song\AppData\Local\liebao\LBBrowser\KNBCenter.exe [7] -> KILLED [TermThr]

¤¤¤ Registry Entries : 4 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] @ : C:\Windows\Installer\{ecf60bac-53c1-5fe2-1250-45251f7a192c}\@ [-] --> DELETED
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-] --> REMOVED AT REBOOT
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> REMOVED AT REBOOT
[ZeroAccess][Junction] en-US : C:\Program Files\Windows Defender\en-US >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpAsDesc.dll : C:\Program Files\Windows Defender\MpAsDesc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpCmdRun.exe : C:\Program Files\Windows Defender\MpCmdRun.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpCommu.dll : C:\Program Files\Windows Defender\MpCommu.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpEvMsg.dll : C:\Program Files\Windows Defender\MpEvMsg.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpOAV.dll : C:\Program Files\Windows Defender\MpOAV.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MSASCui.exe : C:\Program Files\Windows Defender\MSASCui.exe >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpCom.dll : C:\Program Files\Windows Defender\MsMpCom.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpLics.dll : C:\Program Files\Windows Defender\MsMpLics.dll >> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] MsMpRes.dll : C:\Program Files\Windows Defender\MsMpRes.dll >> \systemroot\system32\config [-] --> Junction DELETED
[Aslr|ZeroAccess][File] services.exe : C:\Windows\System32\services.exe [-] --> REPLACED AT REBOOT -> (C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA THNSNB128GMCJ +++++
--- User ---
[MBR] 5d602c4232bff7fab3bb919b984d4b52
[BSP] 6368ab6eb2d09f29dcee8be95b7cf837 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 108391 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 225058816 | Size: 12212 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_06252013_140327.txt >>
RKreport[0]_S_06252013_133325.txt

 

[sblua]

Log after run through: Malwarebytes Anti-Rootkit (MBAR)
Mbarlog.txt
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.25.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Song :: SONG-PC [administrator]

25/6/2013 2:50:05 PM
mbar-log-2013-06-25 (14-50-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 254971
Time elapsed: 42 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\Windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> Delete on reboot.
c:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)


(end)

 

[sblua]

Systemlog.txt
test
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16618

Java version: 1.6.0_20

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 6338166784, free: 3435237376

Downloaded database version: v2013.06.25.02
Initializing...
------------ Kernel report ------------
06/25/2013 14:49:20
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\kavbootc64.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\risdxc64.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\ATSwpWDF.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\kisknl.sys
\??\C:\windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\windows\system32\drivers\KNBDrv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005c4c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa8005a0a050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005c4c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005c4cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005c4c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005a09b20, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005a0a050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6ECF545C

Partition information:

Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3074048 Numsec = 221984768

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 225058816 Numsec = 25010176
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 128035676160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
Done!
Read File: File "c:\programdata\avg2013\chjw\3a623b24623ae473.dat:d98f843e-3bce-446c-889a-99299f5e842b" is sparse (flags = 32768)
Infected: c:\Windows\assembly\GAC_32\Desktop.ini --> [Rootkit.0access]
Infected: c:\Windows\assembly\GAC_64\Desktop.ini --> [Rootkit.0access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_225058816_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

 

[sblua]

fixdamage tool that was included with Malwarebytes Anti-Rootkit located in the mbar\plugins was run.

The good things are: AVG doesnt prompt anymore to tell me there are still viruses..

But what's happening to my computer now is..
After I log in.. I can run everything smoothly for less than 1 min.. After 1 min, it just doesnt listen to me no matter what button I hit including Ctrl + Alt + Del, it only know power off button.

Did I do too far than I should do?

 

[Broni]

First of all if you want me to continue helping you observe rules I posted in my very first reply especially:

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

...and this is exactly what happened.

If you don't adhere to my rules I'll close this topic.

=============================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• Startup Repair
• System Restore
• Windows Complete PC Restore
• Windows Memory Diagnostic Tool
• Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[sblua]

Sorry.. Didnt see that rules.


FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2013 02
Ran by SYSTEM on 26-06-2013 11:29:57
Running from E:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] [x]
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12681320 2011-08-25] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [981888 2011-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [BatteryManager] %ProgramFiles%\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [285608 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start [925104 2010-03-02] (TOSHIBA)
HKLM\...\Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start [789368 2010-11-04] (TOSHIBA)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1548208 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-08-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [598448 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-14] (CANON INC.)
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x]
HKLM-x32\...\Run: [TSUScheduler] %ProgramFiles(x86)%\TOSHIBA\Sync Utility\TosSyncScheduler.exe [x]
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] "c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "c:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-19] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295512 2013-06-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [kxesc] "c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe" -autorun [1306272 2013-06-24] (Kingsoft Corporation)
HKU\Song\...\Run: [LAN Messenger] C:\Program Files (x86)\LAN Messenger\lmc.exe [1721344 2012-07-24] (LAN Messenger)
HKU\Song\...\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSKernel.exe [3682168 2013-01-22] (PPStream Inc.)
HKU\Song\...\Run: [Facebook Update] "C:\Users\Song\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2013-04-17] (Facebook Inc.)
HKU\Song\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-18] (Skype Technologies S.A.)
HKU\Song\...\Run: [QQIntl] "C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe" /background [129048 2013-04-27] (Tencent)
HKU\Song\...\Run: [RESTART_STICKY_NOTES] C:\windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\Song\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> (No File)
Startup: C:\Users\Song\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 ArcGIS License Manager; C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe [1408904 2012-01-05] (Flexera Software, Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-17] (AVG Technologies CZ, s.r.o.)
S2 KNBCenter; C:\Users\Song\AppData\Local\liebao\LBBrowser\KNBCenter.exe [456544 2013-06-24] (Kingsoft Corporation)
S2 kxescore; c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe [168784 2013-06-24] (Kingsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-03] (Malwarebytes Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-15] ()

==================== Drivers (Whitelisted) ====================

S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-28] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-07] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-07] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-07] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-20] (AVG Technologies CZ, s.r.o.)
S0 kavbootc; C:\Windows\System32\drivers\kavbootc64.sys [31848 2013-06-24] (Kingsoft Corporation)
S1 KDHacker; c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys [166776 2013-06-24] (Kingsoft Corporation)
S1 KDHacker; c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys [166776 2013-06-24] (Kingsoft Corporation)
S2 kisknl; C:\windows\system32\drivers\kisknl.sys [223032 2013-06-24] (Kingsoft Corporation)
S2 kisknl; C:\windows\system32\drivers\kisknl.sys [223032 2013-06-24] (Kingsoft Corporation)
S3 KNBDrv; C:\windows\system32\drivers\KNBDrv.sys [90936 2013-06-24] (Kingsoft Corporation)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [36680 2013-06-24] ()
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [36680 2013-06-24] ()
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-03] (Malwarebytes Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-03] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-26 11:29 - 2013-06-26 11:29 - 00000000 ____D C:\FRST
2013-06-24 23:04 - 2013-06-24 23:04 - 00000000 ____D C:\ProgramData\KSafeCommon
2013-06-24 22:36 - 2013-06-24 22:36 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2013-06-24 22:26 - 2013-06-24 22:26 - 00000000 ____D C:\Users\Song\Downloads\mbar-1.06.0.1004
2013-06-24 22:03 - 2013-06-24 22:03 - 00004258 ____A C:\Users\Song\Desktop\RKreport[0]_D_06252013_140327.txt
2013-06-24 22:03 - 2009-07-13 17:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2013-06-24 21:33 - 2013-06-24 21:33 - 00003863 ____A C:\Users\Song\Desktop\RKreport[0]_S_06252013_133325.txt
2013-06-24 21:23 - 2013-06-24 22:03 - 00000000 ____D C:\Users\Song\Desktop\RK_Quarantine
2013-06-24 21:23 - 2013-06-24 21:23 - 13399154 ____A C:\Users\Song\Downloads\mbar-1.06.0.1004.zip
2013-06-24 21:22 - 2013-06-24 21:23 - 03759104 ____A C:\Users\Song\Downloads\RogueKillerX64.exe
2013-06-24 21:13 - 2013-06-24 21:18 - 00017215 ____A C:\Users\Song\Desktop\attach.txt
2013-06-24 21:13 - 2013-06-24 21:13 - 00029761 ____A C:\Users\Song\Desktop\dds.txt
2013-06-24 18:55 - 2013-06-24 18:55 - 00001021 ____A C:\Users\Song\Desktop\avg.txt
2013-06-24 06:24 - 2013-06-24 06:42 - 00002088 ____A C:\Users\Song\Desktop\32.CEMU.txt
2013-06-24 05:56 - 2013-06-24 06:02 - 00001216 ____A C:\Users\Song\Desktop\???????.lnk
2013-06-24 05:56 - 2013-06-24 05:56 - 00090936 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\KNBDrv64.sys
2013-06-24 05:56 - 2013-06-24 05:56 - 00090936 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\knbdrv.sys
2013-06-24 05:55 - 2013-06-24 05:55 - 00000000 ____D C:\Users\Song\AppData\Local\liebao
2013-06-24 03:48 - 2013-06-24 03:48 - 00002126 ____A C:\Users\Public\Desktop\??????.lnk
2013-06-24 03:36 - 2013-06-24 03:36 - 01225254 ____A ( ) C:\Users\Song\Downloads\klcp_update_996_20130604 (1).exe
2013-06-24 03:33 - 2013-06-24 19:23 - 00000000 ____D C:\Program Files (x86)\AC3Filter
2013-06-24 03:33 - 2012-06-17 06:18 - 01202688 ____A C:\Windows\System32\ac3filter64.acm
2013-06-24 03:33 - 2012-06-17 06:10 - 00965120 ____A C:\Windows\SysWOW64\ac3filter.acm
2013-06-24 03:32 - 2013-06-24 03:32 - 00000000 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-24 03:30 - 2013-06-24 23:24 - 00000000 __SHD C:\KRECYCLE
2013-06-24 03:30 - 2013-06-24 03:49 - 00000000 ____D C:\ProgramData\Kingsoft
2013-06-24 03:30 - 2013-06-24 03:33 - 00000000 ____D C:\Users\Song\AppData\Roaming\kingsoft
2013-06-24 03:30 - 2013-06-24 03:30 - 04563950 ____A (Alexander Vigovsky ) C:\Users\Song\Downloads\ac3filter_2_5b.exe
2013-06-24 03:30 - 2013-06-24 03:30 - 00223032 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kisknl64.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00223032 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kisknl.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00166776 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kdhacker64.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00127992 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kdhacker.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00084328 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\ksapi.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00031848 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kavbootc64.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00027240 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kavbootc.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00024472 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\bc.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00019352 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\ksskrpr.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00018296 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kusbquery64.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00014200 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kusbquery.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00001070 ____A C:\Users\Public\Desktop\???.lnk
2013-06-24 03:30 - 2013-06-24 03:30 - 00000000 ____D C:\Users\Song\AppData\Local\Kingsoft
2013-06-24 03:29 - 2013-06-24 03:30 - 00000000 ____D C:\Program Files (x86)\kingsoft
2013-06-24 03:26 - 2013-06-24 19:23 - 00000000 ____D C:\Program Files\K-Lite Codec Pack x64
2013-06-24 03:26 - 2013-06-21 10:00 - 00127488 ____A C:\Windows\System32\ff_vfw.dll
2013-06-24 03:26 - 2012-06-09 09:21 - 00206336 ____A C:\Windows\System32\unrar64.dll
2013-06-24 03:26 - 2011-12-07 09:37 - 00148992 ____A ( ) C:\Windows\System32\lagarith.dll
2013-06-24 03:24 - 2013-06-24 03:25 - 12414036 ____A ( ) C:\Users\Song\Downloads\K-Lite_Codec_Pack_999_x64.exe
2013-06-24 03:18 - 2013-06-24 03:18 - 10577882 ____A ( ) C:\Users\Song\Downloads\klcp_update_996_20130604.exe
2013-06-24 03:15 - 2013-06-24 03:15 - 12231680 ____A (x264 project) C:\Users\Song\Downloads\x264.exe
2013-06-24 03:10 - 2013-06-24 03:27 - 19212288 ____A (Kingsoft Corporation) C:\Users\Song\Downloads\kavsetup130624_99_50.exe
2013-06-24 02:53 - 2013-06-24 02:53 - 00000000 ____D C:\Users\Song\AppData\Roaming\Media Player Classic
2013-06-24 02:52 - 2013-06-24 19:23 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2013-06-24 02:45 - 2013-06-24 19:23 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-06-24 01:29 - 2013-06-24 19:23 - 00000000 ____D C:\Program Files (x86)\eymd
2013-06-24 01:20 - 2013-06-24 01:23 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-06-24 01:18 - 2013-06-24 19:23 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-06-21 03:54 - 2013-06-21 03:54 - 00000000 ____D C:\Users\Song\Documents\OneNote Notebooks
2013-06-20 21:00 - 2013-06-20 21:00 - 00087239 ____A C:\Users\Song\Downloads\KTMB_KL Sentral.kml
2013-06-20 18:15 - 2013-06-20 18:15 - 00003252 ____A C:\Users\Song\Downloads\KMLEditor.jnlp
2013-06-20 18:02 - 2013-06-20 18:03 - 04815135 ____A (FileZilla Project) C:\Users\Song\Downloads\FileZilla_3.7.1_win32-setup.exe
2013-06-20 03:31 - 2013-06-20 03:32 - 01266667 ____A C:\Users\Song\Downloads\project_ukm.zip
2013-06-19 16:14 - 2013-06-19 16:14 - 01814245 ____A C:\Users\Song\Downloads\AS14988.zip
2013-06-19 03:32 - 2013-06-19 03:46 - 00000000 ____D C:\Users\Song\Downloads\km_final
2013-06-19 02:08 - 2013-06-19 02:29 - 00103424 ____A C:\Users\Song\Desktop\km_final1.xls
2013-06-18 21:10 - 2013-06-18 21:13 - 00034113 ____A C:\Program Files (x86)\Uninstall.ini
2013-06-18 21:10 - 2013-06-18 21:13 - 00001253 ____A C:\Users\Song\Desktop\Google Earth Pro v7.1.1.1580 Final.lnk
2013-06-18 00:46 - 2013-06-18 00:46 - 00000000 ____D C:\Users\Song\AppData\Roaming\RealNetworks
2013-06-18 00:45 - 2013-06-18 00:45 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-18 00:45 - 2013-06-18 00:45 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-06-17 06:01 - 2013-06-24 19:23 - 00000000 ____D C:\Users\Song\AppData\Roaming\GRETECH
2013-06-17 06:00 - 2013-06-17 06:00 - 00000000 ____D C:\Program Files (x86)\GRETECH
2013-06-17 05:56 - 2013-06-17 05:58 - 11158200 ____A (Gretech Corporation) C:\Users\Song\Downloads\GOMPLAYERENSETUP.EXE
2013-06-16 17:03 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 17:03 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 17:03 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 17:03 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 17:03 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 17:03 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 17:03 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 17:03 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 17:03 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 17:03 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 17:03 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 17:03 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 02:09 - 2013-06-14 02:10 - 57051280 ____A (Igor Pavlov) C:\Users\Song\Downloads\MapSource_6163.exe
2013-06-13 23:54 - 2013-06-13 23:54 - 00140274 ____A C:\Users\Song\Downloads\AS10806.zip
2013-06-13 23:36 - 2013-06-13 23:36 - 00035890 ____A C:\Users\Song\Downloads\shape_viewer.zip
2013-06-13 23:27 - 2013-06-13 23:27 - 00000000 ____D C:\Windows\WindowsMobile
2013-06-12 19:37 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 19:37 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 19:37 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 19:37 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 19:37 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 19:37 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 19:37 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 19:37 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 19:37 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 19:37 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 19:37 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 19:37 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 19:37 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 19:37 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 19:37 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 19:37 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 19:37 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 19:36 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 19:36 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 07:43 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 07:28 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 07:28 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 07:27 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 07:27 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 07:27 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 07:27 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 07:26 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 07:26 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 07:26 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 07:26 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 07:26 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 07:26 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 07:26 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 07:26 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 07:26 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 07:26 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 07:19 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 07:19 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 02:39 - 2013-06-12 02:39 - 00021684 ____A C:\Users\Song\Desktop\ampang_hub1&2.zip
2013-06-09 22:46 - 2013-06-09 22:46 - 00000000 ____D C:\Users\Song\AppData\Roaming\BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1
2013-06-09 22:43 - 2013-06-09 22:44 - 00000000 ____D C:\Program Files (x86)\Benjamin Moore
2013-06-09 06:08 - 2013-06-11 21:54 - 00000132 ____A C:\Users\Song\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-06-09 05:55 - 2013-06-09 05:55 - 00025544 ____A C:\Users\Song\Desktop\HMT_Template_PAYMENT VOUCHER.xlsx
2013-06-09 02:52 - 2013-06-09 02:52 - 00150928 ____A C:\Users\Song\Downloads\songsclaimssince2007.zip
2013-06-07 00:51 - 2013-06-07 00:51 - 04808816 ____A (FileZilla Project) C:\Users\Song\Downloads\FileZilla_3.7.0.2_win32-setup.exe
2013-06-06 23:24 - 2013-06-06 23:24 - 00227747 ____A C:\Users\Song\Downloads\Trading Zone Listing format.pptx
2013-06-06 23:23 - 2013-06-06 23:23 - 01145961 ____A C:\Users\Song\Downloads\ABM005 & DP020 TRADE AREA.XLSX
2013-06-06 20:21 - 2013-06-06 20:21 - 00000000 ____D C:\Users\Song\AppData\Roaming\webex
2013-06-06 20:19 - 2013-06-06 20:20 - 00000000 ____D C:\ProgramData\WebEx
2013-06-05 20:21 - 2013-06-05 20:21 - 00112858 ____A C:\Users\Song\Downloads\1001-PaySlip.xlsx
2013-06-05 20:15 - 2013-06-05 20:15 - 00047239 ____A C:\Users\Song\Downloads\2011 06 -Update & Amend. Mei Ling.xlsx
2013-06-05 03:03 - 2013-06-05 03:04 - 00000000 ____D C:\Users\Song\Downloads\motorola_ampanghub3ukmrailways
2013-06-05 02:53 - 2013-06-05 02:53 - 00502423 ____A C:\Users\Song\Downloads\motorola_ampanghub3ukmrailways.zip
2013-06-04 23:57 - 2013-06-05 00:00 - 04718283 ____A C:\Users\Song\Downloads\retouristmapofputrajaya.zip

==================== One Month Modified Files and Folders =======

2013-06-26 11:29 - 2013-06-26 11:29 - 00000000 ____D C:\FRST
2013-06-25 19:09 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-25 19:09 - 2009-07-13 20:51 - 00059344 ____A C:\Windows\setupact.log
2013-06-25 03:00 - 2013-03-19 17:51 - 00000000 ____D C:\Users\Song\AppData\Roaming\Skype
2013-06-25 02:48 - 2013-03-19 17:51 - 00000000 ____D C:\ProgramData\MFAData
2013-06-25 02:47 - 2013-04-27 10:09 - 00000000 ____D C:\Users\Song\Documents\Tencent Files
2013-06-25 02:47 - 2013-03-22 23:02 - 00000000 ____D C:\ppsfile
2013-06-25 02:47 - 2013-03-19 17:44 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-25 02:46 - 2009-07-13 21:08 - 00032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-25 00:13 - 2013-03-19 20:17 - 01675939 ____A C:\Windows\WindowsUpdate.log
2013-06-25 00:12 - 2009-07-13 21:13 - 00726142 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-25 00:01 - 2013-03-22 23:01 - 00000000 ____D C:\Users\Song\AppData\Roaming\PPStream
2013-06-24 23:37 - 2010-11-20 19:47 - 00734816 ____A C:\Windows\PFRO.log
2013-06-24 23:37 - 2009-07-13 20:45 - 00027856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-24 23:37 - 2009-07-13 20:45 - 00027856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-24 23:35 - 2013-04-23 22:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-24 23:24 - 2013-06-24 03:30 - 00000000 __SHD C:\KRECYCLE
2013-06-24 23:04 - 2013-06-24 23:04 - 00000000 ____D C:\ProgramData\KSafeCommon
2013-06-24 22:54 - 2013-03-19 17:44 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-24 22:36 - 2013-06-24 22:36 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2013-06-24 22:26 - 2013-06-24 22:26 - 00000000 ____D C:\Users\Song\Downloads\mbar-1.06.0.1004
2013-06-24 22:03 - 2013-06-24 22:03 - 00004258 ____A C:\Users\Song\Desktop\RKreport[0]_D_06252013_140327.txt
2013-06-24 22:03 - 2013-06-24 21:23 - 00000000 ____D C:\Users\Song\Desktop\RK_Quarantine
2013-06-24 21:33 - 2013-06-24 21:33 - 00003863 ____A C:\Users\Song\Desktop\RKreport[0]_S_06252013_133325.txt
2013-06-24 21:23 - 2013-06-24 21:23 - 13399154 ____A C:\Users\Song\Downloads\mbar-1.06.0.1004.zip
2013-06-24 21:23 - 2013-06-24 21:22 - 03759104 ____A C:\Users\Song\Downloads\RogueKillerX64.exe
2013-06-24 21:18 - 2013-06-24 21:13 - 00017215 ____A C:\Users\Song\Desktop\attach.txt
2013-06-24 21:13 - 2013-06-24 21:13 - 00029761 ____A C:\Users\Song\Desktop\dds.txt
2013-06-24 20:18 - 2013-03-19 17:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-24 19:23 - 2013-06-24 03:33 - 00000000 ____D C:\Program Files (x86)\AC3Filter
2013-06-24 19:23 - 2013-06-24 03:26 - 00000000 ____D C:\Program Files\K-Lite Codec Pack x64
2013-06-24 19:23 - 2013-06-24 02:52 - 00000000 ____D C:\Program Files (x86)\MPC-HC
2013-06-24 19:23 - 2013-06-24 02:45 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec
2013-06-24 19:23 - 2013-06-24 01:29 - 00000000 ____D C:\Program Files (x86)\eymd
2013-06-24 19:23 - 2013-06-24 01:18 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-06-24 19:23 - 2013-06-17 06:01 - 00000000 ____D C:\Users\Song\AppData\Roaming\GRETECH
2013-06-24 19:23 - 2013-04-18 07:09 - 00000000 ____D C:\Users\Public\Documents\ppstream
2013-06-24 19:23 - 2013-04-16 04:29 - 00000000 ____D C:\Users\Song\AppData\Roaming\uTorrent
2013-06-24 19:23 - 2013-03-19 23:01 - 00000000 ____D C:\Users\Song\AppData\Roaming\LAN Messenger
2013-06-24 19:23 - 2013-03-19 21:40 - 00000000 ____D C:\ProgramData\FLEXnet
2013-06-24 19:23 - 2013-03-19 07:25 - 00000000 ____D C:\users\Song
2013-06-24 19:23 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-06-24 19:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-24 19:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-06-24 18:55 - 2013-06-24 18:55 - 00001021 ____A C:\Users\Song\Desktop\avg.txt
2013-06-24 18:05 - 2013-03-19 18:12 - 00000000 ____D C:\ProgramData\AVG2013
2013-06-24 18:01 - 2013-04-17 02:55 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090707503-2689606237-485621480-1000UA.job
2013-06-24 06:42 - 2013-06-24 06:24 - 00002088 ____A C:\Users\Song\Desktop\32.CEMU.txt
2013-06-24 06:02 - 2013-06-24 05:56 - 00001216 ____A C:\Users\Song\Desktop\???????.lnk
2013-06-24 05:56 - 2013-06-24 05:56 - 00090936 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\KNBDrv64.sys
2013-06-24 05:56 - 2013-06-24 05:56 - 00090936 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\knbdrv.sys
2013-06-24 05:55 - 2013-06-24 05:55 - 00000000 ____D C:\Users\Song\AppData\Local\liebao
2013-06-24 03:49 - 2013-06-24 03:30 - 00000000 ____D C:\ProgramData\Kingsoft
2013-06-24 03:48 - 2013-06-24 03:48 - 00002126 ____A C:\Users\Public\Desktop\??????.lnk
2013-06-24 03:41 - 2013-03-19 07:27 - 00000000 ____D C:\Users\Song\AppData\Local\VirtualStore
2013-06-24 03:36 - 2013-06-24 03:36 - 01225254 ____A ( ) C:\Users\Song\Downloads\klcp_update_996_20130604 (1).exe
2013-06-24 03:33 - 2013-06-24 03:30 - 00000000 ____D C:\Users\Song\AppData\Roaming\kingsoft
2013-06-24 03:32 - 2013-06-24 03:32 - 00000000 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-24 03:30 - 2013-06-24 03:30 - 04563950 ____A (Alexander Vigovsky ) C:\Users\Song\Downloads\ac3filter_2_5b.exe
2013-06-24 03:30 - 2013-06-24 03:30 - 00223032 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kisknl64.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00223032 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kisknl.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00166776 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kdhacker64.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00127992 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kdhacker.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00084328 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\ksapi.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00031848 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kavbootc64.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00027240 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kavbootc.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00024472 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\bc.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00019352 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\ksskrpr.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00018296 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kusbquery64.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00014200 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kusbquery.sys
2013-06-24 03:30 - 2013-06-24 03:30 - 00001070 ____A C:\Users\Public\Desktop\???.lnk
2013-06-24 03:30 - 2013-06-24 03:30 - 00000000 ____D C:\Users\Song\AppData\Local\Kingsoft
2013-06-24 03:30 - 2013-06-24 03:29 - 00000000 ____D C:\Program Files (x86)\kingsoft
2013-06-24 03:27 - 2013-06-24 03:10 - 19212288 ____A (Kingsoft Corporation) C:\Users\Song\Downloads\kavsetup130624_99_50.exe
2013-06-24 03:25 - 2013-06-24 03:24 - 12414036 ____A ( ) C:\Users\Song\Downloads\K-Lite_Codec_Pack_999_x64.exe
2013-06-24 03:18 - 2013-06-24 03:18 - 10577882 ____A ( ) C:\Users\Song\Downloads\klcp_update_996_20130604.exe
2013-06-24 03:15 - 2013-06-24 03:15 - 12231680 ____A (x264 project) C:\Users\Song\Downloads\x264.exe
2013-06-24 03:03 - 2013-03-19 18:13 - 00000000 ____D C:\Users\Song\AppData\Local\CrashDumps
2013-06-24 03:00 - 2013-04-17 02:55 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3090707503-2689606237-485621480-1000Core.job
2013-06-24 02:53 - 2013-06-24 02:53 - 00000000 ____D C:\Users\Song\AppData\Roaming\Media Player Classic
2013-06-24 02:46 - 2013-04-16 19:49 - 00000000 ____D C:\Users\Song\AppData\Local\Windows Live
2013-06-24 02:35 - 2013-03-23 01:43 - 00000000 ____D C:\cola
2013-06-24 02:25 - 2013-03-19 21:00 - 00000000 ____D C:\Song
2013-06-24 01:51 - 2013-04-16 04:16 - 00802136 ____A (BitTorrent Inc.) C:\Users\Song\Downloads\utorrent.exe
2013-06-24 01:23 - 2013-06-24 01:20 - 00000000 ____D C:\Program Files (x86)\TornTV.com
2013-06-24 01:20 - 2013-03-20 07:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-22 02:20 - 2013-03-19 17:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-22 02:20 - 2013-03-19 17:43 - 00000000 ____D C:\Users\Song\AppData\Local\Google
2013-06-21 10:00 - 2013-06-24 03:26 - 00127488 ____A C:\Windows\System32\ff_vfw.dll
2013-06-21 04:15 - 2013-03-19 22:44 - 00000000 ____D C:\Users\Song\Documents\Received Files
2013-06-21 03:59 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-06-21 03:54 - 2013-06-21 03:54 - 00000000 ____D C:\Users\Song\Documents\OneNote Notebooks
2013-06-21 03:45 - 2013-03-25 00:24 - 00002004 ___AH C:\Users\Song\Documents\Default.rdp
2013-06-20 23:01 - 2013-03-19 22:57 - 00000000 ____D C:\Users\Song\AppData\Roaming\FileZilla
2013-06-20 21:00 - 2013-06-20 21:00 - 00087239 ____A C:\Users\Song\Downloads\KTMB_KL Sentral.kml
2013-06-20 18:15 - 2013-06-20 18:15 - 00003252 ____A C:\Users\Song\Downloads\KMLEditor.jnlp
2013-06-20 18:04 - 2013-03-19 22:56 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-06-20 18:03 - 2013-06-20 18:02 - 04815135 ____A (FileZilla Project) C:\Users\Song\Downloads\FileZilla_3.7.1_win32-setup.exe
2013-06-20 03:32 - 2013-06-20 03:31 - 01266667 ____A C:\Users\Song\Downloads\project_ukm.zip
2013-06-19 22:25 - 2013-03-19 17:51 - 00002154 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-19 16:14 - 2013-06-19 16:14 - 01814245 ____A C:\Users\Song\Downloads\AS14988.zip
2013-06-19 03:46 - 2013-06-19 03:32 - 00000000 ____D C:\Users\Song\Downloads\km_final
2013-06-19 02:29 - 2013-06-19 02:08 - 00103424 ____A C:\Users\Song\Desktop\km_final1.xls
2013-06-18 21:13 - 2013-06-18 21:10 - 00034113 ____A C:\Program Files (x86)\Uninstall.ini
2013-06-18 21:13 - 2013-06-18 21:10 - 00001253 ____A C:\Users\Song\Desktop\Google Earth Pro v7.1.1.1580 Final.lnk
2013-06-18 21:13 - 2013-05-13 04:03 - 00137840 ____A C:\Program Files (x86)\Uninstall.exe
2013-06-18 00:46 - 2013-06-18 00:46 - 00000000 ____D C:\Users\Song\AppData\Roaming\RealNetworks
2013-06-18 00:45 - 2013-06-18 00:45 - 00000000 ____D C:\ProgramData\RealNetworks
2013-06-18 00:45 - 2013-06-18 00:45 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-06-18 00:44 - 2013-04-16 04:59 - 00201872 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-06-18 00:44 - 2013-04-16 04:59 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-06-18 00:44 - 2013-04-16 04:59 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-06-18 00:44 - 2013-04-16 04:58 - 00000000 ____D C:\Program Files (x86)\Real
2013-06-18 00:44 - 2013-04-16 04:54 - 00000000 ____D C:\ProgramData\Real
2013-06-18 00:43 - 2013-04-16 04:58 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-06-18 00:43 - 2013-04-16 04:58 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2013-06-18 00:43 - 2011-04-07 03:20 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-06-17 06:00 - 2013-06-17 06:00 - 00000000 ____D C:\Program Files (x86)\GRETECH
2013-06-17 05:58 - 2013-06-17 05:56 - 11158200 ____A (Gretech Corporation) C:\Users\Song\Downloads\GOMPLAYERENSETUP.EXE
2013-06-16 20:48 - 2013-03-25 00:29 - 00075147 ____A C:\Users\Song\tilemill.log
2013-06-14 02:10 - 2013-06-14 02:09 - 57051280 ____A (Igor Pavlov) C:\Users\Song\Downloads\MapSource_6163.exe
2013-06-13 23:54 - 2013-06-13 23:54 - 00140274 ____A C:\Users\Song\Downloads\AS10806.zip
2013-06-13 23:39 - 2013-03-21 18:00 - 00000000 ____D C:\Users\Song\.qgis
2013-06-13 23:36 - 2013-06-13 23:36 - 00035890 ____A C:\Users\Song\Downloads\shape_viewer.zip
2013-06-13 23:27 - 2013-06-13 23:27 - 00000000 ____D C:\Windows\WindowsMobile
2013-06-12 22:42 - 2013-03-19 22:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 02:39 - 2013-06-12 02:39 - 00021684 ____A C:\Users\Song\Desktop\ampang_hub1&2.zip
2013-06-12 01:35 - 2013-04-23 22:37 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 01:35 - 2013-04-23 22:37 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 21:54 - 2013-06-09 06:08 - 00000132 ____A C:\Users\Song\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-06-11 21:37 - 2013-04-16 04:56 - 00000000 ____D C:\Users\Song\AppData\Roaming\Real
2013-06-09 22:46 - 2013-06-09 22:46 - 00000000 ____D C:\Users\Song\AppData\Roaming\BenjaminMoore.PCV3.USEN.EDC653D570C2AEC0ED05A14996D862CA553BDF51.1
2013-06-09 22:44 - 2013-06-09 22:43 - 00000000 ____D C:\Program Files (x86)\Benjamin Moore
2013-06-09 22:43 - 2013-04-16 20:05 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-09 20:57 - 2011-11-27 22:42 - 00000000 ____D C:\ProgramData\Adobe
2013-06-09 06:54 - 2013-03-19 22:32 - 00000000 ____D C:\Users\Song\AppData\Local\Adobe
2013-06-09 05:55 - 2013-06-09 05:55 - 00025544 ____A C:\Users\Song\Desktop\HMT_Template_PAYMENT VOUCHER.xlsx
2013-06-09 02:55 - 2013-03-19 10:36 - 00000000 ____D C:\Users\Song\AppData\Roaming\Adobe
2013-06-09 02:52 - 2013-06-09 02:52 - 00150928 ____A C:\Users\Song\Downloads\songsclaimssince2007.zip
2013-06-08 06:08 - 2013-06-16 17:03 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 06:07 - 2013-06-16 17:03 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 06:06 - 2013-06-16 17:03 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 06:06 - 2013-06-16 17:03 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 06:06 - 2013-06-16 17:03 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 04:28 - 2013-06-16 17:03 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 03:42 - 2013-06-16 17:03 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 03:40 - 2013-06-16 17:03 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 03:40 - 2013-06-16 17:03 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 03:40 - 2013-06-16 17:03 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 03:40 - 2013-06-16 17:03 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 03:13 - 2013-06-16 17:03 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-07 00:51 - 2013-06-07 00:51 - 04808816 ____A (FileZilla Project) C:\Users\Song\Downloads\FileZilla_3.7.0.2_win32-setup.exe
2013-06-06 23:24 - 2013-06-06 23:24 - 00227747 ____A C:\Users\Song\Downloads\Trading Zone Listing format.pptx
2013-06-06 23:23 - 2013-06-06 23:23 - 01145961 ____A C:\Users\Song\Downloads\ABM005 & DP020 TRADE AREA.XLSX
2013-06-06 20:21 - 2013-06-06 20:21 - 00000000 ____D C:\Users\Song\AppData\Roaming\webex
2013-06-06 20:20 - 2013-06-06 20:19 - 00000000 ____D C:\ProgramData\WebEx
2013-06-06 20:19 - 2013-04-22 03:49 - 00000000 ____D C:\Users\Song\AppData\Roaming\Mozilla
2013-06-05 20:21 - 2013-06-05 20:21 - 00112858 ____A C:\Users\Song\Downloads\1001-PaySlip.xlsx
2013-06-05 20:15 - 2013-06-05 20:15 - 00047239 ____A C:\Users\Song\Downloads\2011 06 -Update & Amend. Mei Ling.xlsx
2013-06-05 03:04 - 2013-06-05 03:03 - 00000000 ____D C:\Users\Song\Downloads\motorola_ampanghub3ukmrailways
2013-06-05 02:53 - 2013-06-05 02:53 - 00502423 ____A C:\Users\Song\Downloads\motorola_ampanghub3ukmrailways.zip
2013-06-05 00:00 - 2013-06-04 23:57 - 04718283 ____A C:\Users\Song\Downloads\retouristmapofputrajaya.zip
2013-05-27 06:33 - 2013-03-20 16:03 - 00000000 ____D C:\Users\Song\AppData\Roaming\Apple Computer
2013-05-27 06:20 - 2013-04-18 07:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-27 06:20 - 2011-11-27 22:54 - 00000000 ____D C:\ProgramData\Skype
2013-05-27 02:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-05-27 02:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-05-27 02:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-27 02:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-27 02:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions

==================== Known DLLs (Whitelisted) ================

 

[sblua]

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-06-16 17:03:06
Restore point made on: 2013-06-19 02:51:00
Restore point made on: 2013-06-22 02:03:04
Restore point made on: 2013-06-24 19:21:07
Restore point made on: 2013-06-24 22:35:42
Restore point made on: 2013-06-24 23:35:08

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 6044.55 MB
Available physical RAM: 5234.69 MB
Total Pagefile: 6042.75 MB
Available Pagefile: 5230.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (S3A4916D001) (Fixed) (Total:105.85 GB) (Free:18.39 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.18 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive e: (TOSHIBA) (Removable) (Total:7.26 GB) (Free:3.99 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119 GB) (Disk ID: 6ECF545C)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=106 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0C)


LastRegBack: 2013-06-12 08:18

==================== End Of Log ============================

 

[Broni]

There is nothing malicious there anymore but let's see if we can bring your computer back to normal.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
See if you can start normally.

 

[sblua]

So basically I just repeated these steps? with only added in the fixlist.txt in my same pendrive?

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• Startup Repair
• System Restore
• Windows Complete PC Restore
• Windows Memory Diagnostic Tool
• Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[Broni]

Yes.
Run FRST/FRST64 and press the Fix button just once and wait.

 

[sblua]

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-06-2013 02
Ran by SYSTEM at 2013-06-26 12:02:48 Run:1
Running from E:\
Boot Mode: Recovery
==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

 

[sblua]

I restart my laptop after above fixed..

And I think it looks fantastic now!

Thank you so much Broni~

(y) (y) (y) (y)

 

[Broni]

Good news but we're not done yet.

Re-run MBAM (update it first), RogueKiller and MBAR (in that order).
Post all logs.

 

[sblua]

Wow.. we are really not done yet..
MBAMlog.txt

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.25.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Song :: SONG-PC [administrator]

Protection: Disabled

26/6/2013 12:42:56 PM
mbam-log-2013-06-26 (12-42-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227392
Time elapsed: 14 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 16
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.JsObject (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[sblua]

RogueKillerlog.txt

RogueKiller V8.6.1 _x64_ [Jun 24 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Song [Admin rights]
Mode : Remove -- Date : 06/26/2013 13:21:56
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA THNSNB128GMCJ +++++
--- User ---
[MBR] 5d602c4232bff7fab3bb919b984d4b52
[BSP] 6368ab6eb2d09f29dcee8be95b7cf837 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 108391 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 225058816 | Size: 12212 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_06262013_132156.txt >>
RKreport[0]_D_06252013_140327.txt;RKreport[0]_S_06252013_133325.txt;RKreport[0]_S_06262013_131843.txt

 

[sblua]

mbarlog

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.25.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Song :: SONG-PC [administrator]

26/6/2013 1:27:25 PM
mbar-log-2013-06-26 (13-27-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 253934
Time elapsed: 29 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

systemlog

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16618

Java version: 1.6.0_20

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.795000 GHz
Memory total: 6338166784, free: 3435237376

Downloaded database version: v2013.06.25.02
Initializing...
------------ Kernel report ------------
06/25/2013 14:49:20
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\kavbootc64.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\risdxc64.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\ATSwpWDF.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\kisknl.sys
\??\C:\windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\windows\system32\drivers\KNBDrv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005c4c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa8005a0a050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005c4c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005c4cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005c4c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005a09b20, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005a0a050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6ECF545C

Partition information:

Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3074048 Numsec = 221984768

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 225058816 Numsec = 25010176
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 128035676160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
Done!
Read File: File "c:\programdata\avg2013\chjw\3a623b24623ae473.dat:d98f843e-3bce-446c-889a-99299f5e842b" is sparse (flags = 32768)
Infected: c:\Windows\assembly\GAC_32\Desktop.ini --> [Rootkit.0access]
Infected: c:\Windows\assembly\GAC_64\Desktop.ini --> [Rootkit.0access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_225058816_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16576

Java version: 1.6.0_20

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.796000 GHz
Memory total: 6338166784, free: 4090392576

Downloaded database version: v2013.06.25.03
Downloaded database version: v2013.06.25.04
Downloaded database version: v2013.06.25.05
Downloaded database version: v2013.06.25.06
Downloaded database version: v2013.06.25.07
Downloaded database version: v2013.06.25.08
Downloaded database version: v2013.06.25.09
Downloaded database version: v2013.06.25.10
Initializing...
------------ Kernel report ------------
06/26/2013 13:26:56
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\pciide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ.SYS
\SystemRoot\system32\DRIVERS\tos_sps64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\risdxc64.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\ATSwpWDF.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005c71060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xfffffa8005a1e050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005c71060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005c71b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005c71060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005a1d7c0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005a1e050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6ECF545C

Partition information:

Partition 0 type is Other (0x27)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 3072000
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 3074048 Numsec = 221984768

Partition 2 type is HIDDEN (0x17)
Partition is NOT ACTIVE.
Partition starts at LBA: 225058816 Numsec = 25010176
Partition is not bootable
Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 128035676160 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-250049680-250069680)...
Done!
Read File: File "c:\programdata\avg2013\chjw\3a623b24623ae473.dat:d98f843e-3bce-446c-889a-99299f5e842b" is sparse (flags = 32768)
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_225058816_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

 

[Broni]

Good

Do you change default posting font to this faded one?
If so please don't.

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[sblua]

c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{410D31DC-FD0B-435E-8F9D-A7E888A23216}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4177F95A-D5F8-404A-9BA1-B238911B0882}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{41A42B1D-D60E-4736-B15C-52E907140DB0}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{41BF2722-8626-4CF7-B06A-DE881CF46D76}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{41C40723-F9E4-4F93-9EBF-CFA160BFCA50}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{41D64682-4924-44C9-B055-EF4BA4E9B07E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{41FE7CDE-0783-4705-9315-5CDF23C998AD}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{422FE836-3190-48D5-8107-AEACF6E3810F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{424FE6DF-B685-4D3E-A16B-2F9232BF8809}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{429DA147-FC8E-4776-AEC3-966CF7C31251}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{43A4C08B-BC97-4091-9D4B-BF2173856DC9}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{43BFB330-624A-41C3-A91A-0E1865091EA2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{43C3B96E-A04A-4749-9D97-3EFD75D64A00}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{43CCAD4D-CB63-4505-864C-AC57F532E425}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{43E5C3A3-A968-4456-B42B-138AC86906A6}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4413388A-9D84-4BF4-B695-B2BC406EDC5F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4414B4DE-7F07-44AB-8822-443F49D82B46}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{44A69A7F-4050-469A-B0CC-4EFBEE1174C4}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{44B4AD2F-9111-4086-A652-1B66F7A1CD57}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{44F81865-86E7-4E34-9811-F3E8314A15BB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{44FAF223-F1B5-4F61-92FE-3149683A1D15}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{452E5241-95A7-4A38-87B1-68D5CD34E695}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4531167D-3D44-4161-8C2B-CE4A037A1106}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{458C3819-5A42-4B7A-862E-F73DBFF3BB67}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{459745AF-9E22-4F93-B458-FC1D4D597589}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{45DC840B-4D21-448B-BD0A-1E0C6933569D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{45F53BF9-AFCB-4C34-8613-D561C20C5DE5}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{46781535-0E3E-47C1-AF19-3073381C4A42}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{468A5327-623C-4930-A85D-393BB4A452FD}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{470C8A99-34AB-4A2C-AB82-2347A08A4BE9}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{471A9B59-777D-47D0-9F23-D63B6308CFD6}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4769E53F-2D60-48FA-847C-EE51CE93BADE}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4784D346-8CFE-43EF-BB0C-024431044832}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{47B226B1-4C3D-4F67-BA19-445659F30168}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{47B7A7D0-FCE8-4828-8CF7-BE7E5ADEA211}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{48425FA3-EB9C-4E0D-8DC5-2FFF76013B71}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{484C009A-91FD-4CF6-9FFC-7011A5AF35FB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4851F76E-6912-4ABC-9655-21573DBF42F7}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{485620F2-9BD4-4458-84E5-A8EBF6876FEA}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{485AA030-4C86-45A8-B0E3-5FA862E41C8F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{487D970C-BF06-4CCF-8E98-98B23C903E48}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{48CC7A2E-0623-4271-8149-83A6A9FC234F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4962A09D-AAC9-4C2D-B4AA-8469C1DEB611}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4982AFE2-BFDC-481E-B545-38DD40203984}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4995EF3C-D072-44B5-AEB2-94F25A9160D2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4A1EFBDB-38C1-43D1-9EC2-98E512F3CE34}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4A60ADD5-6FF5-44C3-A9B8-C303A65B0071}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4A7E06FB-9215-4DB1-846E-7DFB7A20206C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4A9F100F-4656-45B7-8334-C7DB944FB446}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4ACF09CD-66D1-4298-8FBC-CA9C881C5B72}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4AE39064-3253-4C73-8942-7813519F53F1}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4B0042A8-80FB-4E93-8E8F-410408B90D38}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4B16E870-D8D1-458F-9C9E-E8EDE76DA4DB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4B46D863-938B-4E07-AF47-241F8324C30E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4BD3EFCF-34F5-4C63-841F-B1223E8DB0B3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4CBE7908-29B0-448E-83F8-F657490BC222}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4D67CEC3-FD0D-4A99-B0BC-8746419365D0}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4DFF5878-974A-43A6-8725-3A52DC251994}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4E0D5DBB-A932-4201-AC67-D698962E7F5D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4E11663F-21BF-4363-A3E5-DAB9D42CE321}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4E856A9C-A30E-48E3-9896-31ECD5A96984}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4E894C4A-72B0-48F9-A4B6-EF3096E1A267}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4E97E23C-CB67-4E2B-B710-CB466C132B8E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4EDE3964-79A8-4631-B719-4B1C8FC99C1A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4EE97D64-4B8E-4AB4-A5BB-88D97AD440FA}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{500277E5-91FE-4E93-9BA4-962187E4BD2F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{50BAC160-4C7E-4D1A-8F33-35A63902522E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{50F31438-DD00-408C-AE43-923D388726D6}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{51318640-FDA3-4E38-B1F3-8C1D326A8239}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{51558B5C-0D8C-400C-A68A-FF7EB0BDA2CB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5164C60A-1173-4932-9228-D21E62BBD9EC}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5194D25E-F03D-47BA-BDEA-E992A83A39A7}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{520FF38D-0BCB-4F8F-9766-E534BAB61E2B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{522A788C-9741-4D51-A0AE-14E6075A8F44}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{523C9F22-2B8A-438B-82A7-297E066986D7}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{52B5875F-A614-452B-BB55-B36BA767F315}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{52BAC010-8ED4-44D2-BAE8-A127151C02DC}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{52BEE238-3509-4F73-BFF2-F7496508FA40}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{52CF70FC-ACD2-4CF3-8D47-E001FE3F855D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{537996BE-4175-4F7E-B920-46FCDCAA1F02}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{539EFE93-0D6D-47A6-9A7A-9FF0F0436D2E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{542D6DCC-BF67-4621-AE1C-145306C09204}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5491CFE3-FF5B-429E-93A7-9161C7C27143}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{54CFBD02-883C-4907-887F-F0A75EF9BF3C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{55629002-6954-4638-AAC1-3B726E219A51}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5587E7C7-B675-435B-9BF1-1DBF22929CAA}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{55A86B31-BD33-4CB5-8614-F99525F2433C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{56167494-8EB6-46AD-B253-BABC0B69C78B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{563FD886-066F-4F4E-BD97-B85158154D20}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5660DE0B-E402-4B1D-914E-7F5AC07D579B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{56A2B8C9-E8D0-4BE1-96AE-BB30DECB6D9F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{571482DA-950A-4EB4-9AF5-06607912F698}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5723C8CA-9C7E-4D53-8CED-8730B82860EE}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{57557EBE-FC21-47F0-8CEC-B94B107F61E0}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5779D145-8B68-4832-A9BE-1481E9E44262}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{57F97BC4-CE7B-4992-9B1B-5CBD6CE875D0}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{582B9FD4-BA61-4029-9DB0-1A79003EE036}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{58A7D465-32D9-4EFB-BA66-FA36B037A2B9}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{593F483B-5AA8-4A33-8841-CF07E64763C3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{596081E4-1973-45D1-8761-9806F9D23DDE}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{59D89A23-46D0-4FC4-8C31-18DA1BF4447A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5A9045E4-111E-46BB-A6B8-5EF05A794BB6}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5B4FF344-9CD7-42FA-BBE9-1E7BDAA8E9F7}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5BC6BC02-FA04-4DD4-B782-8B9DEE3D3E20}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5BCD287B-3034-4E7D-970F-1E1878E24025}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5BDFE739-EF22-4169-BF72-6FFAA46E2309}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5C3C23C9-D984-43C2-9D78-DCA877BB9F2F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5C5D3604-1016-4789-8806-ED5FBB081DC2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5C67C30D-FEE5-4815-9888-41639918C780}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5CFCCB3E-0990-4756-98D3-50C9F12E21BC}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5D225562-68AA-4CAD-A58A-52AA94F16DCB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5D3CD2DD-322D-4852-AD34-A94C81CAEDB7}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5DDB10AA-9D4E-420B-8AE9-F46D572B0C3F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5F052628-E0F9-49FB-950D-A1D7104FF0E3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5F092C3A-079E-44B0-9B5C-6057D88B4A1C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{602DACFF-C178-4826-836D-5145CF3E4335}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{604E50B2-65B9-4DF8-802B-91FB16BA5C68}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{60588BF5-98C8-431B-80EC-760E5A5BAA14}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{60BBEE7B-6BB0-4F4E-8C44-25C58250269D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{60CB0D91-BE00-4451-989E-42268806E519}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{60D9BCC1-5F85-4013-8D01-81D5A9864832}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{60DE04B8-AFAB-442B-B02E-4F3DB7A0A5FD}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{61D41AA4-71AC-4B99-92B4-4BCDF9E57E01}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{626FEE26-B10C-44FD-88C0-7EA884BB4554}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{627614F5-025D-40F6-8A70-A52FEC4F278F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{628E2954-F7FF-420F-B138-0C105BCEA9F0}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{63B31264-606B-4EF6-9C3A-75713F00B8BE}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{63B971A1-6439-47F4-8E92-3D838DA2CE8F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{63BBC00E-652E-4278-AE5E-EF0F6A1CBB30}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{63CB3837-9421-4A66-9779-B3342233DEB5}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{63CCC85D-2906-4FC6-9A11-EEB6A555850F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{647BA8CA-F081-465B-96EA-8C46502B109D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{64EACBD3-E2F2-40B8-8BD1-C12EB3D44239}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{64F69C20-433B-4D92-B5F3-6950B6273498}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{64FA6288-5E77-4B95-B02B-ADDD4DD60306}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6514A3E7-F389-412C-BC5E-84D891C4E7EF}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{65651871-3323-4C4E-A23D-CF75A47AA74D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{65B21248-2073-4D9B-882D-D27EF812DEC7}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{664A2672-3886-45ED-AFFB-B4F1E1D8E028}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{66A14E11-D9EA-466B-A1E4-17682927ABB9}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{66A580B6-F3EE-4F3D-9FA4-3713FACBA46E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{66DB6DEC-5622-42E7-83F0-9901CCD26E40}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6722FE77-71E3-4410-A7EE-7CA927379294}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{672B1EB6-1413-4DD0-B9AD-C8A55973F223}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{675DB893-3C61-468A-9DD5-B165760CD130}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{675F2970-31ED-4C9B-A131-16FB9E48EA55}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{67874088-C5EC-48ED-BE56-25715A18C994}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{678FBDEC-73D7-448E-AAA5-25FA53BC9418}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{67B93E69-3B4D-4FD8-A077-A4EA86EAEF5B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{67D511B7-A189-4CC6-91F5-638EEC27B8FE}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6817B6D4-05D2-48B9-813D-2B2613B2EC1C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{68AD9AC4-A269-4F8A-A5D2-23337588DF10}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{68F6082B-9D8C-461C-BA89-0455D7A995F6}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6902A75E-3439-4721-B4F0-2AFBC479F58F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{691E8D71-6FFB-4BC6-85DF-482339AF8717}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{692C6F98-2740-464D-ADBB-F39E3B9D233F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{69404CD1-24D2-4543-8715-DC7F4E5F713E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{69807BD4-FC9E-4425-ADEF-3A030F217038}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{699F0B8A-4260-49FB-B892-A64974D3073E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{69F14505-9F70-4B77-9116-2BAD3DE62412}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6A202C2D-F907-455A-93F3-88722562F6B2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6A37CE51-5AAA-4BB5-983C-B3D1D0280ABE}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6A6C386C-F549-4F9D-B2DC-435B77B44342}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6AE6671B-FF63-4558-A2F5-D834AFF512AC}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6B7B2347-3D69-4634-A756-34CEB04BA245}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6B83E357-01F2-4ECA-9A0C-54627AEEE2A4}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6BADF2FD-53EF-45AA-83C9-F974D6457A6F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6BB49880-1E65-4BAE-92B8-733785811404}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6C748C13-30E9-46DC-AD6A-902EBA069BE4}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6C84D98A-9378-4A06-A169-762B30DE5A6C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6C86FA01-E84E-4E1B-B289-69C4A244809B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D3C497A-0BA2-4FFB-856D-F23AC3D7096A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D7030D9-3A41-42D9-809D-E33DC7318695}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D884C8E-EBDD-4D29-A2D1-F15623603002}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6E0B2A95-5FFC-422A-8F74-A0F15E28A717}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6E3DB601-D5C5-4702-A110-DAB63744B508}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6E6A9FCF-9945-4E26-8EB2-D1C11213AB04}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6E8FFC87-D588-4622-9C06-EB2AD1044D8D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6EA51895-A41A-4839-9CB8-78D33314B020}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6F752C0C-EF3A-4057-80FA-C6522A080F07}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6F778F01-072D-44AF-8199-0F946295DC56}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6FB4FBF7-89FD-4BAB-A206-CC3817129802}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{70135F3B-AB86-497D-8B0F-4203404E4BB7}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{70399A11-8AD9-4BA2-92F6-B94D7EA4D5B9}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{706C337F-6B21-4B61-B4EC-A66476B04533}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{711D55E7-404D-4F66-86EA-2AA43AE17AC3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{71452213-D3DA-481D-A64F-8A6E7A2689CF}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{71836A3D-BA1D-4F92-88FE-2E7EC3B14E8E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{72977CD5-7DF4-400B-B83D-50301FB63CBB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{72B460ED-F533-4921-999B-8716F580E3DE}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{72B99288-6320-484D-A956-B8176405C951}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{72E2D536-DFA0-41E6-8F7D-3386670E99B9}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{736E8E7B-337E-4F81-AF26-9C0159599745}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{73F9EE57-9C33-4D8A-B15F-DFF53683D69A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7430D84E-F8EC-4680-BAD5-D43158E80A3A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7451EE23-4060-4876-9406-5CEFDCB64E65}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{74B274BF-9392-416D-96B5-4C7F3EC121B1}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{74B476B9-1C9E-447F-9590-69EB85DBEC7B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{752023C5-DD15-4D24-B29C-F820FABF2BB4}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7531DB3C-217D-4FE6-874D-F8435AA716B3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{76E6B684-60D6-4BAD-B47C-D6E458E62CC6}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7729545D-0C42-42AA-BD74-40A52FB66005}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{772DD293-4D0C-4BBD-BF8E-1EE168ED3678}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7753BD56-F120-45CC-A8DB-DD75759854A5}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{779E5C76-FC9E-47C4-B17E-78D4C627A838}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7820B8DF-763D-4426-B712-9E4F32A0F33E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{78DDD43E-794E-4DCB-88EF-557C115ECB99}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7905A075-0FF9-44DD-B0C2-7CBFFDAB4527}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{79973FB1-D3E1-444B-B766-471C26B94174}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7999A102-15C0-4BF4-B0A9-59AD8F709E30}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7A9817BF-3A20-4E17-9610-F1431CE4D38A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7AD91815-E15B-455F-A39B-BB85F14CC367}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7AE3C271-1786-4CE2-BC16-A00541047AC7}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7B134887-842E-46A9-BA85-81417A41D001}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7B41031E-5550-4077-9722-1EB0F2276FE6}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7BA383C6-3300-4336-A431-600840CC75A0}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7BDC107A-E42E-4C9B-999D-76CC6210E42F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7BE0E0C9-ED72-42BF-83E8-12122261FDEB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7BECF518-6779-4EF1-A5DA-6B9DA41A5A38}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7C970441-426A-4398-81D1-1E32D12A3BF8}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7CB46ED1-131D-47B9-A74A-156604D4F2F7}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7CDF7731-98DC-448D-BB11-9E811A2055C7}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7CE55F7B-D301-482C-B0FA-053696ED9ED3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7CED98CA-619C-4992-A82C-5408C7EC0C5C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7CF973FE-99A9-462F-900E-4BD1B7E21432}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7D0E4845-CE83-491F-B768-5A546B61A524}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7D237A5F-C317-4AC8-B5EF-27EA18ED2AB0}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7D24B744-02B8-4AA9-924D-92DDFFC034AB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7DBFBA73-04B7-4191-91B5-E7211BE686D6}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7E7C2C3C-CC89-4316-85CC-AF42E6E3290E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7F132697-27A8-41B7-B629-5EFF34430A13}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7F1607C3-F7C4-4F44-8235-7B823A4F0E1F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7FAFCC78-CDD5-48DD-8395-B1DAD21E3FD4}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7FF1D60A-CD47-4F60-8572-86ABAD1CAA6C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{80943ADF-07A0-4AE7-AB03-711AEF7B6245}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{809CF861-2F4D-4BD8-B3FE-75F05547A19B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{80DA0E24-59CE-4425-A6AD-3A5D1D1C7DC4}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{811960E8-BB41-48C8-9CE9-B123ABAA1B1A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{812EB94C-4E60-4894-8530-A02DD5B9190D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{81D9CCB4-2FDE-41E5-B91E-68982B44B179}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{81DBAB0E-BFAC-48B4-8AEC-80806A8A16F8}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{82A73838-C536-4878-861E-635C3E042300}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{82AAF453-0024-43F7-977A-0958AC873062}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{82D1EE69-DDEE-487E-B48B-D3E6201E64B2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8316668F-1413-4F1B-B91A-858FAAEA2D5E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{838722F0-DFAC-49B4-81FC-ED0C1CE19A97}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{83881203-8079-4373-9B80-CE43D09DE414}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{83B1FA54-5410-479F-BB8D-F1FEB4E4539A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{83C9B9FC-77C5-4A17-BD1E-A97D5E5FAB66}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{853DADC6-9D62-4F38-82C7-60B2CD6C1428}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{85483BB2-4EAA-4F64-ABAE-087C8C159DA3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8565CC04-A98A-4C22-A3BF-AC2D104F512F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{85830C3E-70D8-4AFE-86C6-44390C53BC31}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{858658E8-5DA0-438D-A91E-53117D57639F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{86006347-A86E-4546-A3C8-BCFD6EED68FA}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{865B7B95-7726-4EF7-9150-AC3F47EA7A9B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8692FBB6-5A13-4C61-80BB-C33B286451A4}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{869AE12F-6170-4F50-B691-CD48F711FABE}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{86BF29C4-4DC9-4D07-8D4B-FDFAE9E07F29}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8734D3EA-2D62-421F-B2FE-304FDFD5189B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8773B927-6EDB-490F-AD7E-BED93AD49A4B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{879965B9-7059-4C38-82A1-5FA0E19C8767}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{87E7C42F-97F0-4F94-9C0E-85A3D91CF4D8}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8855F96F-A2C8-42B6-B4AA-1711E61CE794}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{89013830-F6B3-4547-BF2C-79D858C08700}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8905E126-E08E-4199-B035-C946A38D31A3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{896CA3AC-4179-4BB0-90BE-C4A4450E0F0D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{899B7CF4-AEF1-45DA-A71B-CE03891CB501}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{89D8C3A9-B921-42AB-88F1-839C0F77951F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8A2B8E91-DBA8-4843-957A-35CA76118206}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8A3B1B4A-51C1-4A72-97C3-6B9EFC226013}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8C04DA58-029E-4FB1-8C6C-B364BFF4A02F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8C1EA12B-DA2C-438C-8317-73D60E74A787}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8C65B8B1-756B-476F-AFEB-AA8F20233982}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8C9CE94D-F094-465F-AEAC-467E4EA6AA5B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8C9DD30D-5C24-40D2-B03F-1BB59FB19648}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8C9FE872-A792-447A-AC23-58EAAFD938E2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8CBB25FD-701A-4FAB-A509-49C81D1453C4}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8D0E7DC7-B625-442C-B06C-43F81453A7BD}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8D42FF0D-6511-46BD-9589-3DE977DBC293}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8D64890D-7842-4533-BBE7-F2383D7128D5}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8D6C9AA5-DB5F-49D5-8E93-DF715B71B40B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8DE058E0-9422-42D8-92D4-2F3ED7C18544}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8E15CD51-AB32-4271-B382-E8ED7E6027F0}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8E297869-C15E-4766-8B1E-E36A0CE647C3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8E508521-631E-4D62-B2D5-2A57D80CF3BE}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8E939C2B-2720-4635-9B05-8D347D466221}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8EF0AD4C-35BF-4763-9444-C565D3269D32}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8F38D577-BF21-4B11-BC57-956F14A98F16}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8F4EC1E8-F747-444C-BEC8-2A7115C8AC29}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8F5AADA7-9D5C-41BE-ADB4-4531BC8FBE0B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8F5B1FC6-7BC0-45ED-91AD-C3939232240B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8F69B186-D912-4C87-BC0A-8CE35A3E7C7F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8F91E048-AAC7-46D0-89B3-D64003FF6ACF}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8FEC581D-098F-438E-8829-7026B1EA3273}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8FEE2EA5-5569-4C1F-BC60-B357F61F8294}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{902EB305-792F-4F11-A229-2F61A9511379}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{905592E8-3C73-447B-B664-61B5955225BB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9065BBFA-D5C9-4D69-8CFF-651856EFE278}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9071E361-0191-4152-93A9-9CE8BF062B19}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{90993F59-A76C-45D5-8617-3708DAE6A9C6}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{90D2A56A-FF38-40C2-8596-478B6EA11440}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{90E29ACC-0CBF-450B-90DD-5A70DFC163E2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{90EA6AD5-091A-4986-9115-171D05CCAF16}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{914881F1-83B9-4732-8648-C9B7C8113C1A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9156643A-E84A-4AC7-9671-72D5F1B1DC12}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9169B3B7-4819-4109-9CE2-79681B44BE92}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{91E6413C-5612-4391-B28E-CD4B1DA9001B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{924E3036-B3FD-4C03-A0DD-B82253952A1F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{929F69E3-B770-4704-8758-B5E72176B285}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{92C12F13-12E5-431F-AE5B-83D866D4478B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{936F5369-954A-4208-B3D7-D368F4D08C03}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{93B99B5E-FF9A-4684-88BA-9C326BBB8B0B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{93BC9202-2E7B-479F-B769-3D9BFE881EE7}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{93E151D1-0F42-423C-8A70-A33D6BB1950A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{93F752DD-2749-4743-B986-CECBE97E479A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{944EB286-222D-40DC-83AF-D8592CD74974}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9483365B-B144-4AF6-BED9-F2817E9DAA20}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{94F1E2DE-D47D-4B45-A0BC-F38D1DA3330D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9500B74A-7628-434E-9CF6-345F43C75D5A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9529C0BF-EE28-4338-AFFA-BE5B476EBC9B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{95365CA4-7F6F-4441-8D8A-7557C42D38A9}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{953F2D2D-95C4-4273-B0D6-EB3293397AF1}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{95CC88F7-C6BD-43FF-B891-E1DFA5F0EA4E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{962C4B12-8CB7-493C-A532-30D693431D34}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{963F1F75-A1E4-4CEB-93DB-B8F5B0D24935}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{96ABB3D4-F461-48FF-9C71-87AD02F45656}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{96C4EE73-237F-4E83-BE42-B4419587E609}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{96CF0334-8D60-4F02-8D8E-D26AA8EE2FF3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9745177B-D924-4E40-95C3-27D51D878567}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{977EB46E-5445-49D4-A5EC-7EDBC15FD558}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{978B5E0C-C583-48E9-8A0E-FFAB56952202}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{97E31A96-BA4F-4C91-9201-FC7814A0EA7F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{97ECA453-ED1F-4538-8E9F-7682DA61A42D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9870F827-BC22-4148-BF7F-47E98FE77F7A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{98874B6E-051B-4C7D-AA9A-FE9FB978B7D5}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{98A58561-77FA-4C3E-878E-23456BD95F16}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{98B04AA7-C13E-4146-B357-810FBF7E8EB4}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{98EAC7F5-357F-42E8-A6A2-384A0644DC5B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{98EDBE03-EA84-43B7-B1BD-D7FACC77CAE9}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{990BCB48-2052-47C6-A7FF-7090972F343D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{991024FF-915C-4153-8D11-104D0F19CBF3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9930888B-0887-406E-A596-F2B23916E99D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{99944F2E-09FF-4959-B04F-2CDA17F9E47B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{99A46875-59D9-4036-8F5C-BFA65193268E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{99C83BD5-DBC5-4BEE-9956-8C0749F44A62}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9A1EB5F0-2DA5-46C8-AA6D-D76470208952}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9A30FFF6-C859-42D0-94D4-2B343032673E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9A6A2B82-DC63-4EDF-8573-5F7790E81DD3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9A808596-E007-4965-94DB-69F17BB590BA}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9B05B809-FC07-40A2-9DA5-98FA94FCBABD}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9B36DF3E-EC03-43E1-9688-4C307A652471}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9B3E51AF-ABD7-47DC-AD40-E25945642BCA}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9B570D62-CB3D-4F75-BC01-E98607FECC25}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9BB528CA-6F3F-4BC0-892D-A7CDDC94AA68}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9C169212-CCF5-4387-AA3B-149CF29F8CA6}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9C3C9D94-4BC4-4DD7-B160-82FB7039F355}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9C56BA0E-2DC0-40BB-8035-99D99CE5685A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9C9D995D-B78D-497D-824A-818A823B4012}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9D568633-D351-42C5-A241-1B24A2A00100}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9DD7A7C0-BEE0-4E7B-8B86-AF2D99E9F273}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9EA0B1ED-3D0B-4AD6-8D8D-EA7FBA8B9DEE}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9EF7C879-4D42-42F5-A546-F36190889F49}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9F0158DB-AF3A-4A3A-AE82-FCBC1B8908F1}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9F1DED36-557D-4A87-864F-F5FF9330238D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9F7190A2-91E3-42C8-9F35-D25E2BD0D02C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9F8199F7-8604-4406-9B29-898A67F74093}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A04518E4-F199-48C2-9C5F-917EF0EAC7BB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A0972F20-5DEA-4CC2-A52D-EFB046CC6A0E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A0B273C7-0EAE-4677-86FF-C1F38A17ACC8}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A113AD91-361F-45F0-84D6-4CE403CEC5DF}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A1542865-F7E0-4980-890D-6AC9BA1B5950}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A1DC6F8D-0F52-4694-9DCB-9117F09B41DF}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A1E95945-E229-4357-B2C8-EF90A35993EB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A22157B7-6D6F-49D8-B98D-373DC21FC653}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A221A583-3C3C-4810-A435-A51CC9B92F11}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A2D50D6F-F05A-442A-BAA7-04E01023BFB6}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A2EED023-0F30-4B40-BA33-ADF55FB7FA43}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A317B3B6-90F6-4FA7-9263-EE4087C77C88}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A3B037E2-934D-469D-95B6-4DD2ED362E8A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A3F5369F-C3AE-42C5-971B-3181CB6F43D0}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A41BE52A-DF6E-443D-9EED-62883D5A4FF7}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A433278C-16AD-4CEE-9EF7-B676E5B3B198}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A4F5B0A0-1FB0-438A-B8A2-E726424606C8}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A543BD04-D4A7-4DCD-8B06-973E1A3157D5}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A56E2240-C4BF-4585-8F01-C3F4FAE29293}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A5D21ABD-1F09-49DF-8A62-8B069A4B395A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A5EBB1E4-6DDD-4126-8466-6EE4ED1F2C56}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A692AD0C-8E74-4C6C-BB52-9609507EE93E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A6D5734F-F05E-489B-8C58-7C6C8A77BD49}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A71F02D9-5DA9-4CB3-8F8E-ABDD2F579F69}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A730BE44-86E5-43A5-8168-55D04155B638}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A739BE6A-695C-44D2-B7CD-913A21F64A38}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A767B3E2-1D8C-4B15-BACB-20FFCB26A49A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A7BED193-5ED7-49EC-9DFD-86CD7DD0D281}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A82F7841-721E-4D12-BBAA-2F711696577F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A8467E42-935B-4626-9C22-8AED0E54EAFD}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A85F47D7-FD22-4C3B-93C7-1C7BABD63BAA}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A8A40E76-6FC3-4C02-BA65-66D7C768D3BB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A8AA4BC0-A355-4AD0-9AAD-91D990965A64}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A8CA5E23-180F-4B82-9548-0AB322341843}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A92C59CB-13E3-4550-A665-F55468EBA6F2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A96B237A-F37C-4CF6-9D84-2E9A20B3944F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A997C89F-50D2-4174-8614-AEAB229EDC35}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A9AA76A0-50B8-40DA-B3F7-3B1C2249D6EE}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A9D7681C-B394-41FF-96D4-D1B92326BB1A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AB4EDBCA-4F82-470F-8335-0FD5086926C9}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ABA3104C-C273-4FD0-A2CE-2FB845950664}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ABCEBD75-F97D-4EA4-903B-44A45C843E9F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ABCF52C2-82FF-454A-A374-A01B01395DE0}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ABF3F579-6343-4A87-B90A-40A30E922D4F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AC5AEF36-D02F-4AFA-860A-BC7BCB6284D6}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ACF1A9F2-25B5-42A1-8C62-E993DEDEDC2E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AD2CB856-ED0C-431A-980B-778651DF0423}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AD368C69-645C-421E-B790-F007467F0582}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ADC1404D-AFAE-44CB-94EF-94FF31CEDE72}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AE3DDA7D-15E5-4982-8062-5766D256D5CF}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AEC8B7B3-8966-44AC-A5DF-AB8D74BBFF74}.xps

 

[sblua]

c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B085BE65-D11A-4B30-826A-1F1A36991D0E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B08D115F-0293-4866-8E53-2C68655085BC}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B09662D9-48FD-4BC4-83CB-178807AF9BC4}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B0D2BD78-35FA-473E-9DFD-A27CE66F91F8}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B0D466E5-5F54-4F9A-85C9-8E52B916571A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B16CDA4B-5E7A-49A1-8F97-383AB8412EFA}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B176930E-3DDC-4180-9BB2-0F548D1BC562}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B18A0ABD-30E6-4CBC-AF95-8A732DBDE07E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B1E12554-BF9F-4907-925F-17505271081B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B1F66F37-E224-4D15-8FE5-1C56F9FE6F07}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B1FEB6B2-2297-4394-889F-C241A63B772F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B23CCD4F-729E-4E60-B2A3-FA4D14BCDF00}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B2477759-7A50-4980-B318-2740E8F60FD9}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B2B5B95A-26CE-4D8C-9B0A-B0902A2B1A06}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B2EE6EF1-60B6-4CA1-8BA6-BF2BA5835B1B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B3431E48-CB4E-46B1-A070-6575EA0FCB03}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B4131E5A-B2BF-4D32-9F3B-AF22526A0F35}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B44A1DE8-10DF-4728-88FC-E1E1A4F008E4}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B4A9A400-F31F-4E1A-AC84-0FCCA6DB41EB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B4B8DCEB-00B0-4556-972E-71F726B55F4D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B4EB5259-2D56-4D60-A82E-1F66F6CBD1BE}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B52D5D3F-2896-4C83-907C-3A1F0207BF64}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B59480F4-D459-467A-AC9B-5F014E15BCDD}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B5ABF7AB-B80E-4257-99E3-7B8CEF9A21FB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B5ADAF9B-CDB3-4676-A546-3CE861DDBCC2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B5B1197F-425E-4BFB-A65D-43A7E883B1BC}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B6308CC6-78C7-4FFE-B1DE-AA664652C503}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B63E3319-441E-4AD1-9CEF-9282B9BF600E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B6DA38D3-94B1-43E3-BFC4-B126180652BE}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B70F193A-AD0F-4B2E-8276-23F4BCA1BF95}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B7468A67-CB2F-4145-B5D6-9088F04A3ED1}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B75FFD87-0252-4262-87E4-79F0BD810525}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B765B643-1419-4991-A3E9-E6BB2DF09376}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B7696E27-814D-4213-AD8D-15BCC3D547B3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B76FD741-28B6-413A-A96A-E6A7E4DDBF72}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B772D4B5-86FF-41F9-9C1C-84C80A8AD073}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B7E74E79-D5D6-4809-9E62-95048D05F2C4}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B85E7842-1673-4472-AD98-F9C74472383F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B8660436-6E42-4081-B335-70C691AC3AD8}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B897186B-43BB-490B-8CD5-7620BF368655}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B922E5BF-9C84-43E7-A748-32DC5E435639}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B9A46A11-BF33-43DD-91BF-930F7CD2C31D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B9C24401-1CA8-4D83-AA51-78845B75ABCA}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BA78F986-1A0A-4706-A4E9-2E9EF0D9FD80}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BADA152B-8DD7-4144-B5BE-8E2431FFEBC4}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BB1ECA6D-07BD-496C-BAD4-B42E378EAA5E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BBE14BF0-23DB-47B4-83FD-69B6724CD55D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BBE9C382-B34F-4746-8097-B8437CDFB05D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BCBD10D9-4DC9-4729-8CE3-BC5BFC31A189}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BE2A0E63-6F78-4EF8-B2AA-CF809E17A159}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BE59AD1F-C46A-4DC7-B75F-2AB8EACB0892}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BE65B74E-9DC8-4191-8756-97934FFA5604}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BE881ECC-CED5-478C-A7F7-D81260DB937C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BE8FFFB6-491C-4D5A-BFF6-F2B696B15568}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BF25FC99-69F9-4C7B-9559-9AB96C9E65B7}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BF585512-5031-4D26-90CD-F67B38589B9E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BF6B0FA9-ADDE-4978-8855-A5F8F508E9F5}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BFEEF437-788D-4B58-893E-684B85206FE5}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C0184633-DB4F-45B2-9829-C0BE32F0679F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C03C6F0C-6F7A-4567-9AE4-12B00746110B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C1416027-72B8-421D-9299-98F2A6C3C2CD}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C1740B57-4490-4582-80E3-4A78F9F77141}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C1E0588E-8067-4184-9DE5-8A1C2CA84785}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C27B083E-0252-482B-B9C5-34CE5EFD8136}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C3003568-C28E-4877-8D8B-39A8FCEE8241}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C31AE69F-57A0-48EF-BBD8-05773F46C7F1}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C33FDA39-A38A-40A1-87EF-83976D497DF8}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C365B709-2B2F-4FEB-97F3-E4A8CC4A92F2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C38ADAAE-D540-4B94-A86C-234EE8F19929}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C40255DC-FA8A-46C4-B87C-43828FB99F86}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C4393CFC-D1D0-4ABA-B417-FA0B10E7668E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C461E84A-F06C-4E44-AFD8-3C2D54940E1A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C4B54E2B-1372-48A3-8BF6-016A417F2522}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C51971F3-6076-4A2C-8494-83DD3066AAB0}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C53A591A-B451-4B49-9909-7F133368AAD8}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C59E6ED1-8781-4ADC-91D9-DC18CBACF3CA}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C5EB173F-88E8-4834-9F3D-6318B75D6DD1}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C5F69F71-F218-4AC6-BCF2-8F7054543FC8}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C6FFC68E-1AFC-4045-BCE8-7D05FDC6C01B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C7CE24AD-500D-4D36-84DD-7AE3D6323A39}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C8179034-6D36-4C20-A51B-B54CCC84A732}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C8304169-B41C-41ED-B4F0-5A41E3181D47}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C890CBD7-0618-4132-94E7-92AF3DED4D91}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C93B2435-8AF4-44D2-8A47-5E79B98C96DC}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C9531CCC-5D3D-4293-9AA4-130F33610A36}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CA1BF045-383F-41C6-9323-A3B424B4B34D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CA3CE990-BF31-4543-B19E-A7ED601945B2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CA5B2A17-E97B-4C2D-BCDB-0FC97DF2CA41}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CA7D697F-D1FD-4E23-94F0-A5A1EA201DE2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CA95CC27-6D63-4FDC-91AD-3B5B86A7721C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CA9A0D7C-2886-4178-8D70-C0935B23497F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CADBD649-0623-4A32-ACA6-660A1B7FA736}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CB03EF15-F66A-432C-9175-AFDCCC36159A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CB272DD3-EFE5-4D32-A74D-FE20019BAC16}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CB3CCC66-603B-4961-B159-224FAAE83F5F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CB3F75A5-4842-4983-875D-AE1BEEF17B84}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CB54CF8A-7CDC-405C-95E9-99739265D8DB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CBE05DBF-86E7-4186-9B75-C5286710A7C2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CC40770C-0BDA-45A9-B7EF-B13130A81035}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CC4B8278-DBF0-4648-93CD-6CA166082AEF}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CC9AEE96-10C5-40C4-BFD2-142B324DDDF7}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CCD18860-6295-46BA-9B32-F4E652DFDCBD}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CD66E4B8-FA45-4584-82FC-7837A5C8E3E8}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CD80943B-3018-47B7-8936-ED6EF43CB27F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CD9C89E0-B982-411C-8F4B-822A2537B2FA}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CDBFA341-AF80-4987-B984-91261E3F0C0C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CEAA851C-2EBF-4E33-AC1A-C55D4ADADA86}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CF4F2E42-486D-4B6F-AF3D-A4C1B1CFF4EE}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CF63D0A0-C71E-4EFD-9DB2-0D473C180947}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D008073E-70AE-4BC5-BF13-DBB930936FB8}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D00DBCE8-E708-472C-A98B-38A0AF1EE6EC}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D05D8557-BE8D-4EA1-B0B9-2D72F7451ECC}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D08B38B4-113C-46A6-81F4-3198E87E9578}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D0E8099A-644D-47B7-A461-4BF65BD56278}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D1127ADE-6F21-4DEB-8016-1029F5CDBC74}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D1143CD8-2D1F-440A-9921-1591CFC7F772}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D14EA381-D303-4682-A934-764533046F1D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D169172E-9FC8-4B36-AB94-AF438E6C15A8}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D1A71509-D892-49F9-83EF-07ED17F03A25}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D1BB8299-2E99-46B3-84B5-69BBA06011D5}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D1EB3F41-8E83-4639-A7B1-63DDCCA89C35}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D20E8738-7956-473C-8F53-1059B9F1632C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D21BF755-09EC-4F76-B597-B52F44B5E196}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D234AC21-37C4-46A5-B3ED-A35772E3556C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D244A402-7082-4E07-A2DE-2D03A6BB18DD}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D255AF9A-DD8B-4BA9-BBD2-E4D76A77C636}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D280C04E-6452-4BA7-AF16-60F8BE6E4CCE}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D29F6E87-19D5-4FE8-A784-2A9C9565CA29}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D2DCFD0B-A8B5-4145-82A1-1777E0AB1419}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D31914BC-399A-4AEF-9114-4F9A0BDAF6E2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D35F3606-58F9-4EA4-834A-7339061C784F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D3800DB2-1A7D-46D4-AEB7-DE9993FE5EAB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D3A61967-D46D-45A8-A89C-116DD0B0E0D2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D3DF8ED1-B2CE-46B2-82C8-4577436FC543}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D4149EFB-F91D-4454-93E6-B72FF628A98A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D4389300-DB13-4768-810D-ACE2830ECCB4}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D45AC82C-4510-43CC-A343-68E3708175C8}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D49A03DD-0349-4194-8EF9-6941E3324B3E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D49F673D-0942-4DDB-B9FD-2618ECB066F0}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D4CDEA09-9DAF-4AA5-9A8D-354A6013D5BE}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D4D64CDA-80AC-4D0D-B9A9-0F93FD259410}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D4E5AA72-E67A-4200-ADB1-1F663B564302}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D531537C-EEF8-4EC9-AE31-A234A83E4666}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D58659E7-760F-49F6-B07A-372B3096A37E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D5A7EC4B-ECC1-4F2A-A1A2-6D824140A14A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D5B244A4-4438-4FFF-B1C1-381AD7CAE554}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D5F156A9-A81D-427B-9C9B-C89ECC7F4338}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D6539C4D-36B9-4204-95F3-C6DF53CAAF50}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D676D5B1-F81B-4ADA-B524-7FC48335DFF9}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D68C3DA5-2C54-49A4-B875-ACB85B1A43E3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D77CF1F2-E603-45B2-ABF5-794568C5E1C4}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D79D126A-5F50-420A-BC28-D5937081E17B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D7A1C1A1-C8F0-4A61-88EB-ABCF36365D39}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DA073A60-0984-4B09-9E1C-09A903B91CE1}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DA73B9EA-7A7E-49CE-8150-327C2373B22F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DA80204B-5D91-4B6D-9951-A9D8DBE2F2C3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DAF5BDEB-8C24-4BA0-B44E-C4CA50A603C1}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DB1253A2-8424-4849-B6D6-7364E2070A87}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DB1F419B-D3E6-4D4E-9348-7D25A33E64AD}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DB2ACB45-2BD0-42B6-9F7B-983D3DBCA838}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DB52DA9B-2D58-4211-8F67-1779D615E132}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DB827295-C3DA-4A39-927E-54A23772500E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DC0178D4-F29E-4A4A-BC7B-9FEF9CBCD4C3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DC1C91C1-2FCA-4A6B-996A-C4BEC61238A2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DCF8FF7C-04BF-48A3-B797-917D75A364AD}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DD696B67-EAB4-4509-84B0-AA2197C62A3A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DD85E1DE-C500-454B-BBFE-5D4DB606D4B2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DDCC1858-EEAF-4532-BB8D-0321B608CC2D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DE47F65F-47E6-4B66-A029-4F484B864709}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DE5BFAB4-CA53-49FF-A32E-1B41599C8F02}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DE8A88BC-9CC4-4CCA-A76C-398F3DAF7D64}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DEB111F9-CBC0-4AB4-A851-16FD9B3B9BE0}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DF0CEFC2-C27C-4D53-88BC-3A5FC535F351}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DF16ECA5-E01E-44EA-AC86-10D07DE26D5B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DF7508FA-5946-41C3-B034-5C3B2BF6BDA6}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DF8FD561-5D59-42EA-AB2E-58490EA496C3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DFA4DD51-6393-4187-94D6-DE68F1ED1E53}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DFD50454-6AE3-4BC6-A659-04B885115059}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DFFA48AC-10BE-4DE9-B0FC-CC834C4FF927}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E00A6D70-3488-4D78-8CF2-CB4182CA06BA}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E06064DC-3DFD-4FF6-B960-FF892703C332}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E06DC2BF-3AB9-4454-8876-470446AF09FD}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E08880D3-F9FB-4786-9A13-98F24D743434}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E09020C3-30DF-4519-8550-486322C1F121}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E090230B-1C73-445E-992A-53D26B917051}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E0B44FBD-7E53-41DB-9095-AD266197E1E1}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E12A590C-C402-4A93-8A4A-25B7BECB2BA9}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E1615499-2198-47EA-803B-7937260E3EFB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E166592B-CA05-4A57-834F-F01FD25E2DC8}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E1FBAFA5-B2A4-444C-95DF-C9BAA8587134}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E229F694-8726-4707-A28B-D5A8E6B56BAA}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E24E7C2C-605B-4382-B1A7-42F207C93BCF}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E2722994-1672-436E-AAD7-D36596277022}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E2805B74-C4E0-40A9-BF87-B60DE0AE935A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E323E0E0-8A69-492D-A998-7C1A538FF7E6}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E37530FC-FCA3-48DE-8B4B-71A6849514D9}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E4980509-627E-43B6-B810-641BBC40D11D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E4C7A1F3-3A95-465A-AF5A-E28F826D97FD}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E4F42AA4-DC6A-4D03-83EC-B9BDDB26C3DF}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E52C48FE-6C92-493E-BA9F-50F2CBB2CB3F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E5B50EA5-02ED-4230-ADC9-486692798CE1}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E5CECF0C-0C99-4250-9AE6-1B1389B7E914}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E6D04D9E-AFF3-413D-8CBD-ABE205F474F1}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E6DB2352-C293-4D65-AF4C-68046C59FA38}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E700FC4F-A4EF-4B62-A7DF-55F98BB889AC}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E78B44EA-960C-4A16-B19D-36AA68F26AC9}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E8269E43-ED1B-4A88-8DD8-DF0D65E2393E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E9280179-D603-4E61-9AA2-EAF0793077A7}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E9A909DA-C827-4D68-9C5B-AEC53F8732F2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E9CF9696-296D-4B02-972B-D7EEE85085C5}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E9EFF83C-E3F6-4EEC-92B9-43B69F02245B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EA74A261-D892-443D-B353-EF0C3897E922}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EA8F71A2-0B0D-4160-9B57-A894836112C2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EB9B71E1-F5AC-4D46-879C-C10E0F342739}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EBD391B6-63B3-4F62-BB38-617C9AA9E319}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EC170E64-682B-414B-9DFD-F72E182E717E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EC1F16EF-0189-4405-808D-0AFB12DEAEEF}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EC2A9E8F-1C8C-40E2-A96F-4F6577D17BF1}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EC2DF43F-750D-495A-9540-C3A4836A0276}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EC38D255-76E6-47C8-BD68-EF1CD7579A40}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EDC8338D-508E-423D-B42F-6EAA4F9C779C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EDCFDA27-CC8E-4F7F-AA67-9F2EEAAA3996}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EDE92AE5-9962-457E-82F2-30B19CB69C56}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EEA730C7-4741-4FF9-A946-D056F3556BF0}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EEAFB2C3-BA31-480C-BEE8-5D49473BA8DF}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EEC854C5-97BC-461E-B638-D28B7076BA75}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EF0B8609-2D43-472F-8A84-182596DB5381}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EF4906E5-4DB8-4C25-95AC-00CAD746354F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EF4FD342-E616-4789-9536-80E06D59D3BC}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EF78D5F5-BB01-45ED-851D-AF587F0DB641}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EF86EEBB-7C36-4AB5-A4D0-85CDC54531EE}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F018BAFF-48F6-46CE-87A8-D7BB978B3754}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F02594C1-8BE2-4AEF-B7C1-D7A62E10BC7E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F055DBBF-8342-4A57-A885-697FA0FEE28D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F0CBEFAC-8DAF-4EF4-8152-8F7D8669E188}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F10E628A-211F-40AF-84CB-3B7BA5158E98}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F15F362D-B718-48CE-82FB-B5C3DD51DEC8}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F163D76D-8F12-493E-8ADD-63B66A58E57C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F1C27B13-91A9-490C-B071-0B52CF9386E9}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F1CCD26D-715B-442B-97F8-27CA65ED1556}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F1F9C58D-CCC3-4996-8836-587C92F9E905}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F242C813-A831-4F80-9583-E4643C7C8D64}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F2553473-17A9-4193-8FBD-B7FEFB2A6C9B}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F27E558B-940E-4826-9CF6-A0CC97D3E33F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F2E8C84A-34C4-459C-9BCD-3F551BB5AB35}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F352552B-DCF5-48DE-A570-D753518AF965}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F3829602-BDEA-4EA7-83AA-8EF23661FAEB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F39AB4A5-0929-4A3E-BBEA-40C4AB09243E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F41594BE-C256-4F14-BE91-DB096DB7A4D3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F457A7AC-FB1D-4110-88F6-2A841AA93A38}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F4A35D43-CEF8-42DC-9E7A-C12A69E3EAF5}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F4F6F937-3057-462B-B643-6B791DBFFFA3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F572ABC9-0A07-4B7E-8F36-CA12EAC82053}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F57F71C1-877B-4B8A-863E-9A735627FFD5}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F58CF17B-429D-4C53-B504-8FA21CA3C740}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F5B77B71-8D50-4FE5-A917-AF337DC04E54}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F62D48FD-E945-45ED-BBAC-7C65381F0C87}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F6FE4D6B-3809-4352-9168-6AAE41935B9A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F74260C1-E3B3-45D2-840C-C75A051E4C52}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F7578005-1823-4D50-A38E-603B58EA3725}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F7AF0C6E-E353-4A77-B930-C144DACD05FD}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F80E71F7-0E33-4496-A113-49F56DC2D40A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F83575B3-BAF0-423F-BA5B-688BD7B753A7}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F85401CD-CBD1-4580-9CCE-D8A5C6F31EF1}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F8C8F385-477C-4A18-B98C-D04BC043018F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F8EC674F-EF3A-44D3-B01E-8EE05DC741B7}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F908B87B-16DA-4D61-910B-2F2292351172}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F9A3C5F5-AABC-4327-93FA-8BBE95E6256C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FA0B4B1B-D132-4E4C-838D-846376493D5C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FABA40F2-5D56-4DF2-AB0E-C2E54E8C81A3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FACF30EE-C4FF-455F-81A4-3553D80886E3}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FB096669-CBE2-4CC7-BB62-9A2DE09AB0FA}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FB1BA07B-00B3-45A9-9679-DA55061E1522}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FB306AC2-0B2B-4355-B626-FA05980E8056}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FB37B024-78FB-46FB-BB5E-BE964554691E}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FB86DFB0-928A-434F-84FA-B2336AE9759F}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FBC0851F-8997-409B-92A9-1914B6B60EFC}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FBDEC500-F85C-4C72-B97D-6936EF4CEEEB}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FC019083-6643-4533-A4E5-F356B2917709}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FC0E326C-D7A9-42BC-A772-92B2973FEA30}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FC56113C-F2F4-4B42-AA94-1E50A652090D}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FC6B1CA9-5B55-4012-818B-7CECAAF7AEAC}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FCC891F6-92B8-4237-A355-C6367747B530}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FCF35593-6BE6-4575-8422-AEB12BB84984}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FCF9DC07-B562-4756-864B-16FE9002E641}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FD1E167D-BFDE-4A0E-B6D6-3D7D4CBBAEBC}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FD7C848A-2F75-4EDD-8A92-FB1D640AE421}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FDC5ECC1-A276-4BAC-815E-00D514121BF7}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FDD2DBE3-07E9-4EE9-ABB6-2C9862710E3C}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FDFB9DC4-E3F4-42CC-BB36-E71222BA7DFE}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FE2741F9-ADA9-4EE4-BE59-9EF7DBCF47B2}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FE4BD00B-4AE3-4384-9D62-E33844214994}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FE7147EE-7836-47E3-AF59-14A50B994574}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FEA326A2-312C-4B06-9FA4-6617133558C6}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FEC4AF27-0517-40F6-9EED-F02B0A2AB98A}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FF41457F-3FA6-4C80-AB1A-F8771DD79C38}.xps
c:\users\Song\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FF75422D-DADC-4175-8811-93C16E29C697}.xps
c:\windows\KwYlx.dat
.