Solved Infected by Agent.BA, Conedex.B, Sirefef.AP all from one site

[roy392003]

As stated in the topic I have been infected by Agend.BA, Conedex.B, Sirefef.AP
I have read and performed the 5 steps.

• Malwarebytes Anti-Malware log
• GMER log
• DDS logs: both DDS.txt and Attach.txt

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.22.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Roy Yip :: ROYYIP-PC [administrator]
Protection: Enabled
22/8/2012 8:21 AM
mbam-log-2012-08-22 (08-21-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252629
Time elapsed: 2 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\Roy Yip\Favorites\Free porn video.url (Rogue.Link) -> Quarantined and deleted successfully.
(end)
====================================================================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-22 10:39:21
Windows 6.1.7601 Service Pack 1
Running: rpb7un5o.exe

---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f4394
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0f4394@002548bd833f 0x1F 0x42 0x71 0xE5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0xB5 0x51 0x14 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5B 0xCB 0x26 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFB 0xB4 0x91 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x56 0xE0 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f4394 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0f4394@002548bd833f 0x1F 0x42 0x71 0xE5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0xB5 0x51 0x14 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0x1A 0xDD 0xFC ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFB 0xB4 0x91 0x5E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x56 0xE0 0xF1 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\\x300a星海爭霸 II\x300b\\x300a星海爭霸 II\x300b.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\x300a星海爭霸 II\x300b\\x300a星海爭霸 II\x300b.lnk 1
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\3074714069\Groups@8^(u#\xe46c}摸\0 1
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\3074714069\Groups@?D} 1
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\3074714069\Groups@琫\nN 0
Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\3074714069\Groups@?琫\0 0
Reg HKCU\Software\Microsoft\Windows Live\Companion\roy392003@yahoo.com.hk@d8816fb1e840ab0254a4dfada7f6c24c\r\n 0x11 0x06 0x50 0x6F ...
---- Files - GMER 1.0.15 ----
File C:\Users\Roy Yip\AppData\Local\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.0.0.\Alcohol Soft Development Team.manifest 588 bytes
File C:\Users\Roy Yip\AppData\Local\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.0.0.\Alcohol Soft Development Team@1.0.0..manifest 588 bytes
File C:\Users\Roy Yip\AppData\Local\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.7.\Alcohol Soft Development Team.manifest 588 bytes
File C:\Users\Roy Yip\AppData\Local\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.7.\Alcohol Soft Development Team@1.9.7..manifest 588 bytes
File C:\Users\Roy Yip\AppData\Local\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.9.\Alcohol Soft Development Team.manifest 588 bytes
File C:\Users\Roy Yip\AppData\Local\Xenocode\Sandbox\LdR_Alcohol_r.exe\2.0.1.2033\2010.09.18T21.28\Virtual\SXS\Alcohol Soft Development Team@1.9.9.\Alcohol Soft Development Team@1.9.9..manifest 588 bytes
---- EOF - GMER 1.0.15 ----
====================================================================

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Roy Yip at 10:43:08 on 2012-08-22
Microsoft Windows 7 旗艦版 6.1.7601.1.950.852.3076.18.16376.13605 [GMT -7:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: 個人防火牆 *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\PPS.tv\PPStream\PPSAP.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\NETGEAR\WN121T\wn121t.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\ytbb.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Roy Yip\Desktop\rpb7un5o.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.charter.net/google/index.php?q=
uStart Page = hxxp://www.yahoo.com.hk/
uWindow Title = Powered by Charter Communications
uInternet Settings,ProxyOverride = local
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Users\Roy Yip\AppData\Roaming\Complitly\AutocompletePro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: WebDetectorBHO Class: {43beafd9-e005-483d-a367-146ba6c8a32e} - C:\Program Files (x86)\Tudou\?速Tudou\tudouDetector.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID 登入協助程式: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [PPS Accelerator] C:\PPS.tv\PPStream\ppsap.exe
uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe
mRun: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
mRun: [Antiphishing Domain Advisor] "C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [IME14 CHT Uninstall] C:\Program Files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /CHT /Log
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
StartupFolder: C:\Users\ROYYIP~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\速土豆~1.LNK -
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIO-RE~1.LNK - C:\Program Files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WN121T\wn121t.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &使用BitComet下載 - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &使用BitComet下載全部連結 - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: 傳送至 OneNote(&N) - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: 匯出至 Microsoft Excel(&X) - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
LSP: mswsock.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{09C5506C-D5CF-4F35-BCFC-9607CEEA793C} : DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
TCP: Interfaces\{09C5506C-D5CF-4F35-BCFC-9607CEEA793C}\37471627771627 : DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
TCP: Interfaces\{09C5506C-D5CF-4F35-BCFC-9607CEEA793C}\A4F686E67237 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B8BC4DE1-5F10-49D7-91BA-A70F9A1960B4} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{02478D38-C3F9-4efb-9B51-7695ECA05670}
{0FB6A909-6086-458F-BD92-1F8EE10042A0}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
{43BEAFD9-E005-483D-A367-146BA6C8A32E}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9D425283-D487-4337-BAB6-AB8354A81457}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
{9D425283-D487-4337-BAB6-AB8354A81457}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
TB-X64: {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - No File
mRun-x64: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe
mRun-x64: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
mRun-x64: [Antiphishing Domain Advisor] "C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe"
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [IME14 CHT Uninstall] C:\Program Files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE /Uninstall /CHT /Log
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
IE-X64: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE-X64: {92780B25-18CC-41C8-B9BE-3C9C571A8263}
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R1 BIOS;BIOS;C:\Windows\System32\drivers\BIOS64.sys [2011-2-20 14136]
R1 BS_I2cIo;BS_I2cIo;\??\C:\Windows\system32\drivers\BS_I2c64.sys --> C:\Windows\system32\drivers\BS_I2c64.sys [?]
R1 BS_TPIO;BS_TPIO;\??\C:\Windows\system32\drivers\BS_TPIO64.sys --> C:\Windows\system32\drivers\BS_TPIO64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-8-31 131320]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-9 974944]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-22 655944]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2012-6-13 386344]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-19 3027840]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
R2 WDFMEService;WDFME;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
R2 WDRulesService;WDRules;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;QuickCam Pro for Notebooks(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe --> C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-14 250056]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
S3 BthAvrcp;Bluetooth AVRCP 組態檔;C:\Windows\system32\DRIVERS\BthAvrcp.sys --> C:\Windows\system32\DRIVERS\BthAvrcp.sys [?]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]
S3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);C:\Windows\system32\DRIVERS\WN111x.sys --> C:\Windows\system32\DRIVERS\WN111x.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows 啟用技術服務;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-22 15:20:05 -------- d-----w- C:\Users\Roy Yip\AppData\Roaming\Malwarebytes
2012-08-22 15:19:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-22 15:19:53 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-22 15:19:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-22 12:07:31 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{ACF9169F-1CD1-476B-9C0E-F80B8C97D048}
2012-08-22 00:07:06 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{63490997-CB3E-4E78-B163-C32B984496FE}
2012-08-21 12:06:42 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{83052195-C2E3-4AB4-A076-15CB0473D700}
2012-08-21 00:06:29 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{199F1084-1D5D-4D1E-931F-9911B7D1F2C5}
2012-08-20 23:00:33 -------- d-----w- C:\ProgramData\Battle.net
2012-08-20 22:45:04 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-08-20 22:45:04 -------- d-----w- C:\Program Files (x86)\StarCraft II
2012-08-20 22:45:04 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-08-20 12:06:17 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{9E110453-E715-4C7B-B6FF-A76CF897764D}
2012-08-20 00:06:04 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{B6761FC3-3DEB-4381-8A9A-EEDE0D5154DA}
2012-08-19 12:05:52 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{DA031531-C94A-442D-A360-264AF0A932A3}
2012-08-19 00:05:39 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{0AA137AD-C40A-4AD5-8CA5-050F9B248690}
2012-08-18 12:05:27 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{3BFA2964-9DED-4BBB-8054-50E500CC4866}
2012-08-18 00:04:46 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{6690BC6B-96EE-4ED1-B71D-CFDDC28F1C28}
2012-08-17 09:30:35 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{9EC34FF4-CB67-49EB-86D0-93088119888F}
2012-08-17 09:30:23 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{AFC381E6-0279-4172-8FA5-302343002404}
2012-08-16 21:31:09 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{8DFE87C6-74F4-4C6B-B097-4E01745909D0}
2012-08-16 09:30:45 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{468A4D13-AFF7-4F7F-A100-1A0B899CE983}
2012-08-16 09:30:23 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{4E723BBE-562C-40B8-B5D8-3A3A5335A358}
2012-08-15 21:29:46 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{5D26C4F5-5E5C-4B72-B10B-A6F240D84A6C}
2012-08-15 21:29:19 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{C49B059A-BAF3-41AD-838C-4D7971C2C11B}
2012-08-15 10:04:24 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-15 07:42:42 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-15 00:58:46 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{C4A47706-2335-4471-9710-0753847B01CB}
2012-08-15 00:58:34 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{4A27EC3B-2E2F-4BC0-858F-6E7571AB69A3}
2012-08-14 14:18:30 -------- d-----w- C:\Program Files\CPUID
2012-08-14 14:06:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 14:06:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-14 12:57:58 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{7EAFAAB3-37CF-49BB-B510-BBAFB926ACBD}
2012-08-14 12:57:30 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{F33E184B-C00A-4875-9CAB-7D7197DD62C4}
2012-08-14 05:53:24 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{BF2D6CD0-83AA-46A6-9C0C-66309842971D}
2012-08-14 05:53:01 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{53C15148-8777-419E-A8D3-08647DDA1DEA}
2012-08-13 17:52:28 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{5383E5EE-88AA-4D0D-864D-7A109AF2E69D}
2012-08-13 17:52:05 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{580633FE-07B6-4841-9D18-529FC6B6A7F4}
2012-08-13 05:51:37 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{12FC1627-06B6-4C4A-8C08-A4E9546F69F0}
2012-08-13 05:51:14 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{24C18583-5591-4F08-AF95-D24028FFC043}
2012-08-12 17:50:46 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{4FB48938-E7F4-4F39-A448-F2A041A1F02C}
2012-08-12 17:50:24 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{211A0E65-9125-40B9-81D1-FF4F68D152A2}
2012-08-12 05:49:58 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{19EACD02-E456-41CF-B96C-811BB1DBBDF5}
2012-08-12 05:49:35 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{3114121F-4A21-4368-AEA9-B67C8105F564}
2012-08-11 17:49:09 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{46DF1A1A-9B4E-4681-BDF9-738B987FD84D}
2012-08-11 17:48:47 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{1A14E8CC-B835-4B80-A133-BBA51EFB1305}
2012-08-11 05:48:22 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{EE29170B-8606-48CF-9926-EFC984798AA6}
2012-08-11 05:47:59 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{26410040-5714-4C5B-86B7-A802FF2CB2D0}
2012-08-10 17:47:35 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{5E19881C-8065-47AF-8B0F-3147ABA31138}
2012-08-10 17:47:12 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{320ECA2D-FB29-4252-9B96-F3377F1C788D}
2012-08-10 05:46:49 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{D86488D1-47DC-4E59-9AA0-3FE52B3FABE1}
2012-08-10 05:46:26 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{CA0DFE5D-7F60-43F5-90EE-42EC7486DC1A}
2012-08-09 17:47:57 -------- d-----w- C:\Users\Roy Yip\AppData\Roaming\AnvSoft
2012-08-09 17:47:42 -------- d-----w- C:\Program Files (x86)\AnvSoft
2012-08-09 17:46:03 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{6A4FA2EE-F8A2-44D4-891D-4756A76FF8AB}
2012-08-09 17:45:41 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{AD756DD4-7AFC-4B05-B980-F38C3A4DEB8E}
2012-08-09 05:45:05 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{15D45FC8-F6DC-4196-AB70-512D77539EF5}
2012-08-09 05:44:42 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{A269BFEE-57F6-4269-AFDF-0A430673BF67}
2012-08-08 17:44:18 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{A6C94227-D5B3-4BD5-A427-63648313CA94}
2012-08-08 17:43:56 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{4C4041AA-ABB4-4B51-BC9C-DF420C34A27A}
2012-08-08 05:43:33 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{B8102E89-BE15-4671-A263-347286D8A655}
2012-08-08 05:43:07 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{6DC7EB9B-2BAE-4CF9-803A-F98D119E27CE}
2012-08-07 17:42:44 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{B69473C5-54E4-4B0A-A0E2-2036816D061C}
2012-08-07 17:42:22 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{B3276097-62A5-458C-9187-C5839BAE7C65}
2012-08-07 05:41:55 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{6A1EA3BD-AECC-41DB-8BC6-B05D98064C65}
2012-08-07 05:41:43 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{B35F87F6-1FFB-48AE-809D-572CBF197ED6}
2012-08-06 17:41:28 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{34AC9246-9773-45A0-BAFB-A3999F28D6CF}
2012-08-06 17:41:16 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{814BCCB6-CFD9-4DCC-B42A-E3F07CC21300}
2012-08-06 05:40:51 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{482494B0-E705-4609-B3ED-F93B07AB8570}
2012-08-06 05:40:29 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{2804BC33-900A-49BA-BBEC-F014668D588F}
2012-08-05 17:40:05 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{24E514C4-1A8C-4F61-9EEC-BE763A1ECF14}
2012-08-05 17:39:42 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{611EE387-9777-47E3-8B65-0C1FB26A9911}
2012-08-05 05:39:19 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{9AEF48F7-ADA8-44EB-8FA4-CE58C82CD304}
2012-08-05 05:38:57 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{79BDF927-A1DA-47F9-B3F6-F8EF0A07ACCC}
2012-08-04 17:38:33 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{696929C8-C2E0-408D-9F4C-DE90B77B0FFD}
2012-08-04 17:38:11 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{D6AC97F9-A5E7-428F-AE59-4BC1B95B3FF5}
2012-08-04 05:37:48 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{3E8E3C9F-4D2D-46B1-B3A1-4F259644D1DA}
2012-08-04 05:37:26 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{A214482A-860D-4A06-8437-663F11A57B5D}
2012-08-03 17:36:50 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{BCD290C9-9AFB-4F3E-9DDE-CCB5CF8E348C}
2012-08-03 17:36:27 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{EB935108-B16E-4FEF-A7F8-3EC0EC2427DC}
2012-08-03 05:36:04 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{E2933D49-5F64-494A-962C-1169877C9BCC}
2012-08-03 05:35:42 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{8E29FA66-D960-4A1C-983C-DDF2694D8CD3}
2012-08-02 17:35:19 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{2A82CBA1-64BA-4BC1-B6A6-B0BEC808F496}
2012-08-02 17:34:56 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{7DDF60BB-3401-416F-918D-81C5C0C7A0AF}
2012-08-02 07:40:55 16 ----a-w- C:\Windows\SysWow64\22AS6EJH.dll
2012-08-02 07:32:26 -------- d-----w- C:\Program Files (x86)\蜓樅毞狟5
2012-08-02 05:34:20 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{F398C358-0CA3-4F9E-8A96-CE37D8AAC168}
2012-08-02 05:33:57 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{041500D4-9675-448F-863E-0DC5EAE31C8F}
2012-08-01 17:33:34 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{1F7DD50A-71DF-4B38-918B-AB4BD2B28B7A}
2012-08-01 17:33:11 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{2D52F759-7164-442B-B2E7-63F92CCC44DF}
2012-08-01 05:32:49 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{6740FF7B-AE98-46BA-94EC-1184549B6D87}
2012-08-01 05:32:27 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{4C8788E9-7913-4654-9110-517BB270DE8A}
2012-07-31 23:32:24 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2012-07-31 17:50:24 -------- d-----w- C:\Program Files\T-TIME
2012-07-31 17:31:51 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{D54EE760-BDD9-4173-B4ED-111786DF56E7}
2012-07-31 17:31:29 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{8A8770F0-CBA6-43E8-9B09-C3058DCD419E}
2012-07-31 05:30:52 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{D51543CA-F39C-4DAF-AA55-62E4CE486436}
2012-07-31 05:30:30 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{D293A778-7930-4435-A12D-DD820A46817B}
2012-07-30 17:30:06 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{372B8875-0C8A-4342-8E69-4082DD78A9C9}
2012-07-30 17:29:44 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{221A3F42-CC5F-4803-BC10-009149DCC753}
2012-07-30 10:28:04 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-07-30 10:28:04 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-07-30 05:29:04 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{78DBD22D-1789-4E5C-8629-34A5AD48B4BA}
2012-07-30 05:28:42 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{85A7A9A2-C6B6-4B15-AAC0-37B967D223D1}
2012-07-29 17:28:16 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{159B28E9-40B8-4E3D-980C-A1028B2C68D7}
2012-07-29 17:27:53 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{FD368396-22D8-433B-A101-DB914E0F4FA4}
2012-07-29 05:27:29 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{337544D9-2DC0-4292-8DC5-E427A13CD7DD}
2012-07-29 05:27:06 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{C32A417E-BB2B-4EC9-90A2-5F60FAA62FEB}
2012-07-28 17:26:42 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{6D265A40-49C3-4913-B258-30CDED8BB59A}
2012-07-28 17:26:20 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{F7FE290C-8CDF-49B4-BCE6-F12A372E75CD}
2012-07-28 05:25:57 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{9A47CB7C-0784-46BE-A9E7-E2BBA0B25A4B}
2012-07-28 05:25:34 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{023A6F4E-6699-4FB1-BFF7-E731F408D7C2}
2012-07-27 17:25:11 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{12DDA58D-A402-4ACF-9EE5-7526A8980E6A}
2012-07-27 17:24:49 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{A75FDC00-1C9D-4B90-844C-C86E631735EF}
2012-07-27 05:24:26 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{755A5476-CC78-4FED-96A1-A8AC73D119C5}
2012-07-27 05:24:04 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{D64988D1-197B-4D77-93F9-B2C97CA1D306}
2012-07-26 17:23:25 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{E583F511-51AE-4C5E-B341-090BFD6AE47D}
2012-07-26 17:23:02 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{5845E1E4-95C3-41FB-B306-60F0CB7C2330}
2012-07-26 05:22:37 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{F9A93FAB-66D4-461E-A574-515AFFBDA885}
2012-07-26 05:22:14 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{80738819-E7C1-4D7A-99DD-2FD5854D4673}
2012-07-25 17:21:50 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{190ED281-1CDC-4C6E-8294-811F5C5CB255}
2012-07-25 17:21:28 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{1CD56FC7-9B7D-42E5-AD3D-92E95F83A251}
2012-07-25 05:21:04 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{BB45A82B-434A-46F0-B3DD-172A8150116D}
2012-07-25 05:20:41 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{184DD765-30C2-47F4-872B-06287893CE27}
2012-07-24 17:20:18 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{67094822-F382-4425-BB4C-35BEBCA9AB8D}
2012-07-24 17:19:55 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{C2D73A27-53E8-4541-8737-6E0FDC877954}
2012-07-24 05:19:26 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{4CBEBC53-FB5A-43A2-AAB2-582064BA4ABF}
2012-07-24 05:19:00 -------- d-----w- C:\Users\Roy Yip\AppData\Local\{834EBA7D-E67C-4C05-816A-43AEDBC1E554}
.
==================== Find3M ====================
.
2012-08-20 11:34:04 107832 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-08-04 10:48:56 107832 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-16 05:16:04 609792 ----a-w- C:\Windows\System32\vbscript.dll
2012-06-16 04:26:57 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-06-07 03:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 10:43:28.90 ===============

 

[roy392003]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 旗艦版
Boot Device: \Device\HarddiskVolume1
Install Date: 20/2/2011 2:18:13 AM
System Uptime: 22/8/2012 8:29:34 AM (2 hours ago)
.
Motherboard: BIOSTAR Group | | TA890FXE
Processor: AMD Phenom(tm) II X6 1055T Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 235 GiB total, 49.649 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 699 GiB total, 484.982 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 6.164 GiB free.
G: is FIXED (NTFS) - 1863 GiB total, 1.514 GiB free.
H: is FIXED (NTFS) - 466 GiB total, 0.31 GiB free.
I: is FIXED (NTFS) - 466 GiB total, 309.067 GiB free.
J: is FIXED (NTFS) - 75 GiB total, 24.419 GiB free.
K: is FIXED (NTFS) - 466 GiB total, 0.271 GiB free.
L: is FIXED (NTFS) - 932 GiB total, 0.247 GiB free.
M: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
?速土豆 1.40.19.0
《星海爭霸 II》
7-Zip 9.15 beta
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4) - Chinese Traditional
Advertising Center
All Video Fixer 8.9
Amazon Add to Wish List IE Extension 1.1
AMD USB Filter Driver
AMD VISION Engine Control Center
Antiphishing Domain Advisor
Any Video Converter 3.4.2
Apple Software Update
Apple 應用程式支援
Arena CAH Death Match
Battlefield 3? Open Beta
Battlelog Web Plugins
BFME1->BFME2 Map Pack BETA
BIO-Remote
BIOScreen
BiosNotice
BitComet(比特彗星) 1.29
CA Yahoo! Anti-Spy (remove only)
CameraHelperMsi
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Complitly
CyberLink PowerDirector 10
CyberPower PowerPanel Personal Edition 1.2.3
D3DX10
DAEMON Tools Lite
DolbyFiles
Ease Audio Converter 5.21
eHOT Line
erLT
ESN Sonar
Fraps
Free YouTube Downloader 3.3.115
GameRanger
HydraVision
ImagXpress
iTudou 2.7.2.1
Java Auto Updater
Java(TM) 6 Update 32
JDownloader
Junk Mail filter update
LightScribe System Software
Logitech Webcam 軟體
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.62.0.1300
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft AppLocale
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# .NET Redistributable Package 1.1
MobTime Cell Phone Manager V6.6.5
Movie Templates - Starter Kit
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Need For Speed Most Wanted
Need For Speed Underground
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
NeroExpress
neroxml
NETGEAR WN121T wireless USB 2.0 adapter
NVIDIA PhysX
OpenAL
Origin
PPStream V2.7.0.1336 Final
PunkBuster Services
QuickTime
RAIDXpert
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Rise of the Witch King Unofficial Patch 2.02
Saints Row The Third
SAMSUNG Intelli-studio
Search Toolbar
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SmartSound Quicktracks 5
SpeedFan (remove only)
StarCraft II
T-Utility Green Power Utility II
TeamViewer 7
The Lord of the Rings - Conquest?
Tom Clancy's Rainbow Six Vegas 2
TOVERCLOCKER
Tseries BIOS Update
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Video Fixer 3.23
VLC media player 1.1.7
Watson
WinAVI Video Converter
Windows 7 USB/DVD Download Tool
Windows Live Communications Platform
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Live 程式集
Windows Live 影像中心
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Software Update
Yahoo! Toolbar
Zombie Driver 1.1.6b
中世?2全面??之王?游?完美?化版
流星蝴蝶劍
富甲天下四
童話
蜓樅毞狟5 楛极笢恅V1.03唳
跡宒馱釦 2.70
影音之星 5.3
適用遠端連線的 Windows Live Mesh ActiveX 控制項
魔戒：中土戰爭II 巫王的崛起
.
==== End Of File ===========================

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst64 and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to the disclaimer.
• Place a check next to List Drivers MD5 as well as the default check marks that are already there (if necessary)
• Press Scan button. It will do its scan and save a log on your flash drive.
• Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
  
  
  
  When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
• Type exit in the Command Prompt window and reboot the computer normally
• FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

 

[roy392003]

Scan result of Farbar Recovery Scan Tool Version: 22-08-2012
Ran by SYSTEM at 22-08-2012 11:49:25
Running from J:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190472 2009-09-16] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [2716216 2009-12-16] (ESET)
HKLM-x32\...\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe" [174424 2009-05-08] (Yahoo! Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [315392 2009-05-27] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)
HKLM-x32\...\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe [196608 2008-12-04] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475072 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475072 2009-07-13] (Microsoft Corporation)
HKU\Roy Yip\...\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-03] (Yahoo! Inc)
HKU\Roy Yip\...\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-03] (Yahoo! Inc)
HKU\Roy Yip\...\Run: [PPS Accelerator] E:\PPS.tv\PPStream\ppsap.exe [x]
HKU\Roy Yip\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\Roy Yip\...\Run: [Logitech Vid HD] "C:\Program Files (x86)\Logitech\Vid\vid.exe" -bootmode [x]
HKU\Roy Yip\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKU\Roy Yip\...\Run: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray [10811696 2010-12-08] (www.BitComet.com)
HKU\Roy Yip\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [x]
HKU\Roy Yip\...\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount [203928 2009-04-23] (Alcohol Soft Development Team)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\desktop(183).ini ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WN121T Smart Wizard.lnk
ShortcutTarget: NETGEAR WN121T Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WN121T\wn121t.exe (No File)
==================== Services (Whitelisted) ======
2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [124256 2009-05-05] ()
3 EhttpSrv; "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe" [23296 2009-12-16] (ESET)
4 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [735960 2009-12-16] (ESET)
2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2010-10-01] (PC Tools)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2010-02-08] ()
2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [214864 2010-03-14] ()
2 ppped; "C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe" [868352 2009-05-27] (Cyber Power Systems, Inc.)
2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
========================== Drivers (Whitelisted) =============
3 DualCoreCenter; \??\C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [44344 2008-12-27] (MICRO-STAR INT'L CO., LTD.)
2 eamon; C:\Windows\System32\Drivers\eamon.sys [145336 2009-12-16] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [136584 2009-12-16] (ESET)
2 epfw; C:\Windows\System32\Drivers\epfw.sys [169080 2009-12-18] (ESET)
3 Epfwndis; C:\Windows\System32\Drivers\Epfwndis.sys [33608 2010-01-08] (ESET)
2 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [44944 2009-12-18] (ESET)
3 FLASHSYS; C:\Windows\SysWow64\Drivers\FLASHSYS.sys [9216 2008-02-01] ()
3 IPvE; C:\Windows\System32\DRIVERS\IPvEx64.sys [32304 2010-06-01] (IPVE)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
3 MRV6X64U; C:\Windows\System32\DRIVERS\WN111x.sys [340480 2007-10-28] (Marvell Semiconductor, Inc)
3 MSILiveVirtualCamera; C:\Windows\System32\Drivers\MSILiveVirtualCamera.sys [456192 2007-01-29] (MSI Corporation)
3 RushTopDevice2; \??\C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys [75576 2008-12-19] (Your Corporation)
3 RushTopDevice_J; \??\C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys [33080 2009-03-05] (Your Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-25] (Duplex Secure Ltd.)
3 aspnet_state; [x]
3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
3 Mrvleap; C:\Windows\System32\DRIVERS\mrv64drv.sys [x]
3 MSICDSetup; \??\D:\CDriver64.sys [x]
3 NMIndexingService; [x]
3 NVHDA; [x]
3 WEBNTACCESS; \??\C:\Windows\system32\NTACCESS.SYS [x]
3 X6va003; [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

============ 3 Months Modified Files ========================

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 7%
Total physical RAM: 16375.88 MB
Available physical RAM: 15224.66 MB
Total Pagefile: 16374.03 MB
Available Pagefile: 15204.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:465.66 GB) (Free:6.09 GB) NTFS
3 Drive e: (?????) (Fixed) (Total:465.76 GB) (Free:309.07 GB) NTFS
4 Drive f: (?????) (Fixed) (Total:465.76 GB) (Free:0.31 GB) NTFS
5 Drive h: (BYTECC) (Fixed) (Total:698.63 GB) (Free:484.98 GB) NTFS
6 Drive I: (SimpleDrive) (Fixed) (Total:465.76 GB) (Free:0.27 GB) NTFS
7 Drive j: () (Removable) (Total:14.99 GB) (Free:0.45 GB) NTFS
8 Drive k: (Elements) (Fixed) (Total:1863.01 GB) (Free:1.51 GB) NTFS
9 Drive l: (WD USB 2) (Fixed) (Total:74.53 GB) (Free:24.42 GB) NTFS
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (FantomHD) (Fixed) (Total:931.51 GB) (Free:0.25 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 931 GB 1024 KB
Disk 2 Online 465 GB 100 MB
Disk 3 Online 698 GB 0 B
Disk 4 Online 465 GB 1024 KB
Disk 5 Online 14 GB 0 B
Disk 6 Online 1863 GB 0 B
Disk 7 Online 74 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y FantomHD NTFS Partition 931 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB
Partition 2 Primary 465 GB 465 GB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F ????? NTFS Partition 465 GB Healthy
==================================================================================
Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E ????? NTFS Partition 465 GB Healthy
==================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 101 MB
==================================================================================
Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C NTFS Partition 465 GB Healthy
==================================================================================
Partitions of Disk 3:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 698 GB 1024 KB
==================================================================================
Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H BYTECC NTFS Partition 698 GB Healthy
==================================================================================
Partitions of Disk 4:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB
==================================================================================
Disk: 4
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I SimpleDrive NTFS Partition 465 GB Healthy
==================================================================================
Partitions of Disk 5:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 31 KB
==================================================================================
Disk: 5
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J NTFS Removable 14 GB Healthy
==================================================================================
Partitions of Disk 6:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB
==================================================================================
Disk: 6
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K Elements NTFS Partition 1863 GB Healthy
==================================================================================
Partitions of Disk 7:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 74 GB 1024 KB
==================================================================================
Disk: 7
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L WD USB 2 NTFS Partition 74 GB Healthy
==================================================================================
Last Boot: 2011-01-07 04:47
======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 22-08-2012
Ran by SYSTEM at 2012-08-22 11:51:58
Running from J:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======

 

[roy392003]

I really need a help..Please

 

[Jay Pfoutz]

Something wasn't run correctly. Try the scan again please. (You made sure to get the right FRST for your OS?)

 

[roy392003]

Yes,I did. I get the 64 bit FRST for my OS . Which one you want me to scan again?all scan? or just the FRST scan part?

 

[Jay Pfoutz]

Just FRST please.

 

[roy392003]

Scan result of Farbar Recovery Scan Tool Version: 22-08-2012
Ran by SYSTEM at 24-08-2012 06:26:07
Running from J:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190472 2009-09-16] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [2716216 2009-12-16] (ESET)
HKLM-x32\...\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe" [174424 2009-05-08] (Yahoo! Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-02-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [315392 2009-05-27] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)
HKLM-x32\...\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe [196608 2008-12-04] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475072 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475072 2009-07-13] (Microsoft Corporation)
HKU\Roy Yip\...\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-03] (Yahoo! Inc)
HKU\Roy Yip\...\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-03] (Yahoo! Inc)
HKU\Roy Yip\...\Run: [PPS Accelerator] E:\PPS.tv\PPStream\ppsap.exe [x]
HKU\Roy Yip\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\Roy Yip\...\Run: [Logitech Vid HD] "C:\Program Files (x86)\Logitech\Vid\vid.exe" -bootmode [x]
HKU\Roy Yip\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKU\Roy Yip\...\Run: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray [10811696 2010-12-08] (www.BitComet.com)
HKU\Roy Yip\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [x]
HKU\Roy Yip\...\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" /automount [203928 2009-04-23] (Alcohol Soft Development Team)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\desktop(183).ini ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WN121T Smart Wizard.lnk
ShortcutTarget: NETGEAR WN121T Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WN121T\wn121t.exe (No File)
==================== Services (Whitelisted) ======
2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [124256 2009-05-05] ()
3 EhttpSrv; "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe" [23296 2009-12-16] (ESET)
4 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [735960 2009-12-16] (ESET)
2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2010-10-01] (PC Tools)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2010-02-08] ()
2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [214864 2010-03-14] ()
2 ppped; "C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe" [868352 2009-05-27] (Cyber Power Systems, Inc.)
2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
========================== Drivers (Whitelisted) =============
3 DualCoreCenter; \??\C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [44344 2008-12-27] (MICRO-STAR INT'L CO., LTD.)
2 eamon; C:\Windows\System32\Drivers\eamon.sys [145336 2009-12-16] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [136584 2009-12-16] (ESET)
2 epfw; C:\Windows\System32\Drivers\epfw.sys [169080 2009-12-18] (ESET)
3 Epfwndis; C:\Windows\System32\Drivers\Epfwndis.sys [33608 2010-01-08] (ESET)
2 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [44944 2009-12-18] (ESET)
3 FLASHSYS; C:\Windows\SysWow64\Drivers\FLASHSYS.sys [9216 2008-02-01] ()
3 IPvE; C:\Windows\System32\DRIVERS\IPvEx64.sys [32304 2010-06-01] (IPVE)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
3 MRV6X64U; C:\Windows\System32\DRIVERS\WN111x.sys [340480 2007-10-28] (Marvell Semiconductor, Inc)
3 MSILiveVirtualCamera; C:\Windows\System32\Drivers\MSILiveVirtualCamera.sys [456192 2007-01-29] (MSI Corporation)
3 RushTopDevice2; \??\C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys [75576 2008-12-19] (Your Corporation)
3 RushTopDevice_J; \??\C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys [33080 2009-03-05] (Your Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-03-25] (Duplex Secure Ltd.)
3 aspnet_state; [x]
3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
3 Mrvleap; C:\Windows\System32\DRIVERS\mrv64drv.sys [x]
3 MSICDSetup; \??\D:\CDriver64.sys [x]
3 NMIndexingService; [x]
3 NVHDA; [x]
3 WEBNTACCESS; \??\C:\Windows\system32\NTACCESS.SYS [x]
3 X6va003; [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

============ 3 Months Modified Files ========================

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 7%
Total physical RAM: 16375.88 MB
Available physical RAM: 15228.52 MB
Total Pagefile: 16374.03 MB
Available Pagefile: 15204.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:465.66 GB) (Free:6.09 GB) NTFS
3 Drive e: (?????) (Fixed) (Total:465.76 GB) (Free:4.72 GB) NTFS
4 Drive f: (?????) (Fixed) (Total:465.76 GB) (Free:308.91 GB) NTFS
5 Drive g: (SimpleDrive) (Fixed) (Total:465.76 GB) (Free:0.15 GB) NTFS
6 Drive h: (BYTECC) (Fixed) (Total:698.63 GB) (Free:484.98 GB) NTFS
7 Drive j: () (Removable) (Total:14.99 GB) (Free:0.45 GB) NTFS
8 Drive k: (Elements) (Fixed) (Total:1863.01 GB) (Free:1.53 GB) NTFS
9 Drive l: (WD USB 2) (Fixed) (Total:74.53 GB) (Free:24.42 GB) NTFS
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
11 Drive y: (FantomHD) (Fixed) (Total:931.51 GB) (Free:0.25 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 931 GB 1024 KB
Disk 2 Online 465 GB 1024 KB
Disk 3 Online 698 GB 0 B
Disk 4 Online 465 GB 100 MB
Disk 5 Online 14 GB 0 B
Disk 6 Online 1863 GB 0 B
Disk 7 Online 74 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y FantomHD NTFS Partition 931 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB
Partition 2 Primary 465 GB 465 GB
==================================================================================
Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E ????? NTFS Partition 465 GB Healthy
==================================================================================
Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F ????? NTFS Partition 465 GB Healthy
==================================================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB
==================================================================================
Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G SimpleDrive NTFS Partition 465 GB Healthy
==================================================================================
Partitions of Disk 3:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 698 GB 1024 KB
==================================================================================
Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H BYTECC NTFS Partition 698 GB Healthy
==================================================================================
Partitions of Disk 4:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 101 MB
==================================================================================
Disk: 4
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 C NTFS Partition 465 GB Healthy
==================================================================================
Partitions of Disk 5:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 31 KB
==================================================================================
Disk: 5
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J NTFS Removable 14 GB Healthy
==================================================================================
Partitions of Disk 6:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB
==================================================================================
Disk: 6
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K Elements NTFS Partition 1863 GB Healthy
==================================================================================
Partitions of Disk 7:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 74 GB 1024 KB
==================================================================================
Disk: 7
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L WD USB 2 NTFS Partition 74 GB Healthy
==================================================================================
Last Boot: 2011-01-07 04:47
======================= End Of Log ==========================

Farbar Recovery Scan Tool Version: 22-08-2012
Ran by SYSTEM at 2012-08-24 06:27:44
Running from J:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======

 

[Jay Pfoutz]

Back to Normal Mode...
ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
• It is important to rename ComboFix before the download.
• Please do not rename ComboFix to other names, but only the one indicated.

After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
• It will attempt to install the Recovery Console:

• When ComboFix finishes, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

[roy392003]

ComboFix 12-08-24.02 - Roy Yip 08/2012 週五 13:25:48.1.6 - x64
Microsoft Windows 7 旗艦版 6.1.7601.1.950.852.3076.18.16376.14042 [GMT -7:00]
執行位置: c:\users\Roy Yip\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: 個人防火牆 *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\hk_sres.data
c:\data\heotzsqqt_o\hk_sres.data
c:\program files (x86)\Complitly
c:\program files (x86)\Complitly\chrome\autocompleteprochrome.crx
c:\program files (x86)\Complitly\FireFoxExtension.exe
c:\program files (x86)\Complitly\InstTracker.exe
c:\program files (x86)\Complitly\support@Complitly.com\chrome.manifest
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files (x86)\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files (x86)\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files (x86)\Complitly\support@Complitly.com\install.rdf
c:\program files (x86)\Complitly\unins000.dat
c:\program files (x86)\Complitly\unins000.exe
c:\program files (x86)\driver
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\programdata\Amazon.ico
c:\programdata\MercadoLivre.ico
c:\programdata\Poker.ico
c:\programdata\QuickStores.ico
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\@
c:\windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\L\00000004.@
c:\windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U\00000004.@
c:\windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U\00000008.@
c:\windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U\000000cb.@
c:\windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U\80000032.@
c:\windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U\80000064.@
c:\windows\SysWow64\cnm8E6.tmp
c:\windows\SysWow64\SET49FE.tmp
c:\windows\SysWow64\update
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\XSxS
G:\autorun.inf
.
發現受感染 c:\windows\system32\services.exe 並且成功解毒
從 - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe 恢復原來檔案
.
.
((((((((((((((((((((((((( 2012-07-24 至 2012-08-24 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2012-08-22 18:28 . 2012-08-22 18:28 -------- d-----w- C:\FRST
2012-08-22 15:20 . 2012-08-22 15:20 -------- d-----w- c:\users\Roy Yip\AppData\Roaming\Malwarebytes
2012-08-22 15:19 . 2012-08-22 15:19 -------- d-----w- c:\programdata\Malwarebytes
2012-08-22 15:19 . 2012-08-22 15:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-22 15:19 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-20 23:00 . 2012-08-20 23:00 -------- d-----w- c:\programdata\Battle.net
2012-08-20 22:45 . 2012-08-20 23:14 -------- d-----w- c:\program files (x86)\StarCraft II
2012-08-20 22:45 . 2012-08-20 23:02 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-08-20 22:45 . 2012-08-20 23:02 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-08-15 10:04 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 07:42 . 2012-08-15 07:42 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-14 15:12 . 2012-08-14 15:12 -------- d-----w- c:\users\Guest
2012-08-14 14:18 . 2012-08-14 14:18 -------- d-----w- c:\program files\CPUID
2012-08-14 14:06 . 2012-08-14 14:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 14:06 . 2012-08-14 14:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 11:02 . 2012-08-14 11:02 -------- d-----w- c:\programdata\ATI
2012-08-09 17:47 . 2012-08-09 17:47 -------- d-----w- c:\users\Roy Yip\AppData\Roaming\AnvSoft
2012-08-09 17:47 . 2012-08-09 17:47 -------- d-----w- c:\program files (x86)\AnvSoft
2012-08-02 07:40 . 2007-02-01 07:40 16 ----a-w- c:\windows\SysWow64\22AS6EJH.dll
2012-08-02 07:32 . 2012-08-02 07:41 -------- d-----w- c:\program files (x86)\蜓樅毞狟5
2012-07-31 23:32 . 2012-08-01 00:14 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-07-31 17:50 . 2012-08-01 00:11 -------- d-----w- c:\program files\T-TIME
2012-07-30 10:28 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-30 10:28 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 11:34 . 2011-10-08 12:28 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-15 10:01 . 2011-02-21 08:06 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-04 10:48 . 2011-03-14 07:53 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-21 09:10 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-09 05:43 . 2012-07-11 11:22 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 11:22 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 11:22 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 11:22 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 11:22 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 11:22 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 11:22 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 02:48 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 02:48 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 02:48 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 02:48 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 02:48 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 02:48 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 02:48 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 02:48 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 02:48 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:50 . 2012-07-11 11:22 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 11:22 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 11:22 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 11:22 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 11:22 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 11:22 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 11:22 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 11:22 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 11:22 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43BEAFD9-E005-483D-A367-146BA6C8A32E}]
c:\program files (x86)\Tudou\?速Tudou\tudouDetector.dll [?]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"BitComet"="c:\program files (x86)\BitComet\BitComet.exe" [2011-09-23 11515184]
"PPS Accelerator"="c:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"BiosNotice"="c:\program files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe" [2010-06-15 994304]
"PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2009-05-27 315392]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"YMailAdvisor"="c:\program files (x86)\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"Antiphishing Domain Advisor"="c:\programdata\Antiphishing Domain Advisor\vmn3_5dn.exe" [2010-11-12 221144]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576]
"IME14 CHT Uninstall"="c:\program files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE" [2010-01-21 80240]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2010-07-08 47104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BIO-Remote.lnk - c:\program files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe [2011-2-20 687616]
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-7-31 2680160]
NETGEAR WN121T Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN121T\wn121t.exe [2008-3-17 2498560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-08 197976]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 ALSysIO;ALSysIO;c:\users\ROYYIP~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BthAvrcp;Bluetooth AVRCP 組態檔;c:\windows\system32\DRIVERS\BthAvrcp.sys [2008-07-11 21504]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-07 35840]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-08 230488]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-08 230488]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-08 95320]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-08 95320]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-08 1612888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);c:\windows\system32\DRIVERS\WN111x.sys [2007-10-29 340480]
R3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\DRIVERS\mrv64drv.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-01-12 35112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-21 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2010-01-19 234040]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2010-01-15 14136]
S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2c64.sys [2010-05-18 15408]
S1 BS_TPIO;BS_TPIO;c:\windows\system32\drivers\BS_TPIO64.sys [2009-04-29 13360]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-18 279616]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-09-01 131320]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-09 974944]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-20 386344]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
S2 WDFMEService;WDFME;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
S2 WDRulesService;WDRules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-11-10 341856]
S3 LVUVC64;QuickCam Pro for Notebooks(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-10 4162784]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
‘計劃任務’ 文件夾 裡的內容
.
2012-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 14:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-01 10806816]
"CheckIt Diagnostics 8"="c:\program files\Smith Micro\CheckIt Diagnostics 8\cd8ctf.exe" [2010-05-11 54088]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-09 4036176]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"WD Quick View"="c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe" [2011-12-15 4244888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- 而外的掃描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com.hk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: &使用BitComet下載 - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &使用BitComet下載全部連結 - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: 傳送至 OneNote(&N) - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-OfficeSyncProcess - c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
WebBrowser-{4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - (no file)
AddRemove-Complitly_is1 - c:\program files (x86)\Complitly\unins000.exe
AddRemove-FormatFactory - j:\program files (x86)\FreeTime\FormatFactory\uninst.exe
AddRemove-iTudou - j:\program files (x86)\Tudou\iTudou\uninst.exe
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-?速土豆 - c:\program files (x86)\Tudou\?速Tudou\uninst.exe
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_?\00?\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~?\00?\00\00\00w\00\00\00\00\00\00\00\00 "
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,51,bc,9c,25,2a,53,46,8d,00,68,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,51,bc,9c,25,2a,53,46,8d,00,68,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,51,bc,9c,25,2a,53,46,8d,00,68,\
.
[HKEY_USERS\S-1-5-21-1801686883-3928919087-1312348882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*vi.bc%21]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1801686883-3928919087-1312348882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*vi.bc%21\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1801686883-3928919087-1312348882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*vi.bc%21]
@Allowed: (Read) (RestrictedCode)
"0"=hex:45,3a,5c,e5,90,89,e6,b2,a2,e6,98,8e,e6,ad,a9,e3,81,ae,e9,a8,8e,e4,b9,
97,e4,bd,8d,e7,8b,82,5c,53,4f,45,2d,36,30,31,2e,61,76,69,2e,62,63,21,00,38,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1801686883-3928919087-1312348882-1000\Software\SecuROM\License information*]
"datasecu"=hex:f0,b9,bd,72,39,e8,3b,8b,c7,34,81,d7,c1,ed,73,28,26,3d,66,6c,cd,
88,37,ed,82,64,08,83,42,0a,e4,aa,a7,e4,6d,d7,7e,49,be,b6,29,97,9f,91,fb,7c,\
"rkeysecu"=hex:43,ea,53,ad,d3,f3,48,db,5b,63,23,0f,b1,c5,0f,53
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Unimodem\DeviceSpecific\j *3*3*6*0*0* *b*p*s* *xe焺_j:*:*(*jxe焺_j^?W)*:*:*M*I*c*r*o*s*o*f*t*\Responses]
"<cr>"=hex:01,00,00,00,00,00,00,00,00,00
"<lf>"=hex:01,00,00,00,00,00,00,00,00,00
"<cr><lf>OK<cr><lf>"=hex:00,00,00,00,00,00,00,00,00,00
"<cr><lf>RING<cr><lf>"=hex:08,00,00,00,00,00,00,00,00,00
"<cr><lf>NO CARRIER<cr><lf>"=hex:04,00,00,00,00,00,00,00,00,00
"<cr><lf>ERROR<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
"<cr><lf>NO DIALTONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
"<cr><lf>BUSY<cr><lf>"=hex:06,00,00,00,00,00,00,00,00,00
"<cr><lf>NO ANSWER<cr><lf>"=hex:07,00,00,00,00,00,00,00,00,00
"<cr><lf>CONNECT<cr><lf>"=hex:02,00,00,00,00,00,00,00,00,00
"0<cr>"=hex:00,00,00,00,00,00,00,00,00,00
"2<cr>"=hex:08,00,00,00,00,00,00,00,00,00
"3<cr>"=hex:04,00,00,00,00,00,00,00,00,00
"4<cr>"=hex:03,00,00,00,00,00,00,00,00,00
"6<cr>"=hex:05,00,00,00,00,00,00,00,00,00
"7<cr>"=hex:06,00,00,00,00,00,00,00,00,00
"8<cr>"=hex:07,00,00,00,00,00,00,00,00,00
"OK"=hex:00,00,00,00,00,00,00,00,00,00
"RING"=hex:08,00,00,00,00,00,00,00,00,00
"NO CARRIER"=hex:04,00,00,00,00,00,00,00,00,00
"ERROR"=hex:03,00,00,00,00,00,00,00,00,00
"NO DIALTONE"=hex:05,00,00,00,00,00,00,00,00,00
"NO DIAL TONE"=hex:05,00,00,00,00,00,00,00,00,00
"BUSY"=hex:06,00,00,00,00,00,00,00,00,00
"NO ANSWER"=hex:07,00,00,00,00,00,00,00,00,00
"FAX"=hex:03,00,00,00,00,00,00,00,00,00
"DATA"=hex:03,00,00,00,00,00,00,00,00,00
"VOICE"=hex:03,00,00,00,00,00,00,00,00,00
"RINGING"=hex:01,00,00,00,00,00,00,00,00,00
"DIALING"=hex:01,00,00,00,00,00,00,00,00,00
"RRING"=hex:01,00,00,00,00,00,00,00,00,00
"DELAYED"=hex:1d,00,00,00,00,00,00,00,00,00
"BLACKLISTED"=hex:1c,00,00,00,00,00,00,00,00,00
"+FCERROR"=hex:03,00,00,00,00,00,00,00,00,00
"CONNECT"=hex:02,00,00,00,00,00,00,00,00,00
"CONNECT/ARQ"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/REL"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/MNP"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/LAP-M"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/V42BIS"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT/V42b"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT 300"=hex:02,00,2c,01,00,00,00,00,00,00
"CONNECT 300/ARQ"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/REL"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/MNP"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/LAP-M"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/V42BIS"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 300/V42b"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 0600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 2400"=hex:02,00,60,09,00,00,00,00,00,00
"CONNECT 2400/ARQ"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/REL"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/MNP"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/LAP-M"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/V42BIS"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 2400/V42b"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 4800"=hex:02,00,c0,12,00,00,00,00,00,00
"CONNECT 4800/ARQ"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/REL"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/MNP"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/LAP-M"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42BIS"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42b"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 7200"=hex:02,00,20,1c,00,00,00,00,00,00
"CONNECT 7200/ARQ"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/REL"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/MNP"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/LAP-M"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42BIS"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42b"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 9600"=hex:02,00,80,25,00,00,00,00,00,00
"CONNECT 9600/ARQ"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/REL"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/MNP"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/LAP-M"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/V42BIS"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 9600/V42b"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 12000"=hex:02,00,e0,2e,00,00,00,00,00,00
"CONNECT 12000/ARQ"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/REL"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/MNP"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/LAP-M"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42BIS"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42b"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 14400"=hex:02,00,40,38,00,00,00,00,00,00
"CONNECT 14400/ARQ"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/REL"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/MNP"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/LAP-M"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/V42BIS"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 14400/V42b"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 16800"=hex:02,00,a0,41,00,00,00,00,00,00
"CONNECT 16800/ARQ"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/REL"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/MNP"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/LAP-M"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42BIS"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42b"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 19200"=hex:02,00,00,4b,00,00,00,00,00,00
"CONNECT 19200/ARQ"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/REL"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/MNP"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/LAP-M"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42BIS"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42b"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 21600"=hex:02,00,60,54,00,00,00,00,00,00
"CONNECT 21600/ARQ"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/REL"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/MNP"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/LAP-M"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/V42BIS"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 21600/V42b"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 24000"=hex:02,00,c0,5d,00,00,00,00,00,00
"CONNECT 24000/ARQ"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/REL"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/MNP"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/LAP-M"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42BIS"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42b"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 26400"=hex:02,00,20,67,00,00,00,00,00,00
"CONNECT 26400/ARQ"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/REL"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/MNP"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/LAP-M"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/V42BIS"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 26400/V42b"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 28800"=hex:02,00,80,70,00,00,00,00,00,00
"CONNECT 28800/ARQ"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/REL"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/MNP"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/LAP-M"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/V42BIS"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 28800/V42b"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 38400"=hex:02,00,00,00,00,00,00,96,00,00
"CONNECT 38400/ARQ"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/REL"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/MNP"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/LAP-M"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/V42BIS"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 38400/V42b"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 57600"=hex:02,00,00,00,00,00,00,e1,00,00
"CONNECT 57600/ARQ"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/REL"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/MNP"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/LAP-M"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42BIS"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42b"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 115200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115,200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 230400"=hex:02,00,00,00,00,00,00,84,03,00
"CONNECT 230400/ARQ"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/REL"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/MNP"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/LAP-M"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/V42BIS"=hex:02,03,00,00,00,00,00,84,03,00
"CONNECT 230400/V42b"=hex:02,03,00,00,00,00,00,84,03,00
"CARRIER 300"=hex:01,00,2c,01,00,00,00,00,00,00
"CARRIER 1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 1200/75"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 75/1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 2400"=hex:01,00,60,09,00,00,00,00,00,00
"CARRIER 4800"=hex:01,00,c0,12,00,00,00,00,00,00
"CARRIER 7200"=hex:01,00,20,1c,00,00,00,00,00,00
"CARRIER 9600"=hex:01,00,80,25,00,00,00,00,00,00
"CARRIER 12000"=hex:01,00,e0,2e,00,00,00,00,00,00
"CARRIER 14400"=hex:01,00,40,38,00,00,00,00,00,00
"CARRIER 16800"=hex:01,00,a0,41,00,00,00,00,00,00
"CARRIER 19200"=hex:01,00,00,4b,00,00,00,00,00,00
"CARRIER 21600"=hex:01,00,60,54,00,00,00,00,00,00
"CARRIER 24000"=hex:01,00,c0,5d,00,00,00,00,00,00
"CARRIER 26400"=hex:01,00,20,67,00,00,00,00,00,00
"CARRIER 28800"=hex:01,00,80,70,00,00,00,00,00,00
"COMPRESSION: CLASS 5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: MNP5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42 BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: ADC"=hex:01,01,00,00,00,00,00,00,00,00
"COMPRESSION: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT-CELLULAR"=hex:01,0a,00,00,00,00,00,00,00,00
"PROTOCOL: MNP"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP2"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP3"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP4"=hex:01,02,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 1"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 2"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 3"=hex:01,00,00,00,00,00,00,00,00,00
"CARRIER 31200 V.23"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200/VFC"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 33600 V.23"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600/VFC"=hex:01,00,40,83,00,00,00,00,00,00
"CONNECT 31200 EC"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/MNP5"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200"=hex:02,00,e0,79,00,00,00,00,00,00
"CONNECT 31200/ARQ"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/LAP-M"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM V.42 BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42B"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 33600 EC"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/MNP5"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600"=hex:02,00,40,83,00,00,00,00,00,00
"CONNECT 33600/ARQ"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/LAP-M"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/MNP"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM V.42 BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/V42B"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 31200/REL-MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 33600/REL-MNP"=hex:02,02,40,83,00,00,00,00,00,00
"1<cr>"=hex:02,00,2c,01,00,00,00,00,00,00
"5<cr>"=hex:02,00,b0,04,00,00,00,00,00,00
"<cr><lf>NO DIAL TONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
"<cr><lf>RINGING<cr><lf>"=hex:01,00,00,00,00,00,00,00,00,00
"<cr><lf>VOICE<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
"<cr><lf>CONNECT 57333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,f5,df,00,00,00,00,00,
00
"<cr><lf>CONNECT 57333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,f5,df,00,00,00,00,
00,00
"<cr><lf>CONNECT 57333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,f5,df,00,00,00,00,
00,00
"<cr><lf>CONNECT 57333/ARQ/x2/MNP<cr><lf>"=hex:02,02,f5,df,00,00,00,00,00,00
"<cr><lf>CONNECT 57333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,f5,df,00,00,00,00,00,00
"<cr><lf>CONNECT 57333/x2/NONE<cr><lf>"=hex:02,00,f5,df,00,00,00,00,00,00
"<cr><lf>CONNECT 56000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,c0,da,00,00,00,00,00,
00
"<cr><lf>CONNECT 56000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,c0,da,00,00,00,00,
00,00
"<cr><lf>CONNECT 56000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,c0,da,00,00,00,00,
00,00
"<cr><lf>CONNECT 56000/ARQ/x2/MNP<cr><lf>"=hex:02,02,c0,da,00,00,00,00,00,00
"<cr><lf>CONNECT 56000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,c0,da,00,00,00,00,00,00
"<cr><lf>CONNECT 56000/x2/NONE<cr><lf>"=hex:02,00,c0,da,00,00,00,00,00,00
"<cr><lf>CONNECT 54666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,00,
00
"<cr><lf>CONNECT 54666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,
00,00
"<cr><lf>CONNECT 54666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,
00,00
"<cr><lf>CONNECT 54666/ARQ/x2/MNP<cr><lf>"=hex:02,02,8a,d5,00,00,00,00,00,00
"<cr><lf>CONNECT 54666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,8a,d5,00,00,00,00,00,00
"<cr><lf>CONNECT 54666/x2/NONE<cr><lf>"=hex:02,00,8a,d5,00,00,00,00,00,00
"<cr><lf>CONNECT 53333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,55,d0,00,00,00,00,00,
00
"<cr><lf>CONNECT 53333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,55,d0,00,00,00,00,
00,00
"<cr><lf>CONNECT 53333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,55,d0,00,00,00,00,
00,00
"<cr><lf>CONNECT 53333/ARQ/x2/MNP<cr><lf>"=hex:02,02,55,d0,00,00,00,00,00,00
"<cr><lf>CONNECT 53333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,55,d0,00,00,00,00,00,00
"<cr><lf>CONNECT 53333/x2/NONE<cr><lf>"=hex:02,00,55,d0,00,00,00,00,00,00
"<cr><lf>CONNECT 52000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,20,cb,00,00,00,00,00,
00
"<cr><lf>CONNECT 52000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,20,cb,00,00,00,00,
00,00
"<cr><lf>CONNECT 52000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,20,cb,00,00,00,00,
00,00
"<cr><lf>CONNECT 52000/ARQ/x2/MNP<cr><lf>"=hex:02,02,20,cb,00,00,00,00,00,00
"<cr><lf>CONNECT 52000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,20,cb,00,00,00,00,00,00
"<cr><lf>CONNECT 52000/x2/NONE<cr><lf>"=hex:02,00,20,cb,00,00,00,00,00,00
"<cr><lf>CONNECT 50666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,00,
00
"<cr><lf>CONNECT 50666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,
00,00
"<cr><lf>CONNECT 50666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,
00,00
"<cr><lf>CONNECT 50666/ARQ/x2/MNP<cr><lf>"=hex:02,02,ea,c5,00,00,00,00,00,00
"<cr><lf>CONNECT 50666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,ea,c5,00,00,00,00,00,00
"<cr><lf>CONNECT 50666/x2/NONE<cr><lf>"=hex:02,00,ea,c5,00,00,00,00,00,00
"<cr><lf>CONNECT 49333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,00,
00
"<cr><lf>CONNECT 49333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,
00,00
"<cr><lf>CONNECT 49333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,
00,00
"<cr><lf>CONNECT 49333/ARQ/x2/MNP<cr><lf>"=hex:02,02,b5,c0,00,00,00,00,00,00
"<cr><lf>CONNECT 49333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,b5,c0,00,00,00,00,00,00
"<cr><lf>CONNECT 49333/x2/NONE<cr><lf>"=hex:02,00,b5,c0,00,00,00,00,00,00
"<cr><lf>CONNECT 48000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,80,bb,00,00,00,00,00,
00
"<cr><lf>CONNECT 48000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,80,bb,00,00,00,00,
00,00
"<cr><lf>CONNECT 48000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,80,bb,00,00,00,00,
00,00
"<cr><lf>CONNECT 48000/ARQ/x2/MNP<cr><lf>"=hex:02,02,80,bb,00,00,00,00,00,00
"<cr><lf>CONNECT 48000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,80,bb,00,00,00,00,00,00
"<cr><lf>CONNECT 48000/x2/NONE<cr><lf>"=hex:02,00,80,bb,00,00,00,00,00,00
"<cr><lf>CONNECT 46666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,00,
00
"<cr><lf>CONNECT 46666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,
00,00
"<cr><lf>CONNECT 46666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,
00,00
"<cr><lf>CONNECT 46666/ARQ/x2/MNP<cr><lf>"=hex:02,02,4a,b6,00,00,00,00,00,00
"<cr><lf>CONNECT 46666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,4a,b6,00,00,00,00,00,00
"<cr><lf>CONNECT 46666/x2/NONE<cr><lf>"=hex:02,00,4a,b6,00,00,00,00,00,00
"<cr><lf>CONNECT 45333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,15,b1,00,00,00,00,00,
00
"<cr><lf>CONNECT 45333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,15,b1,00,00,00,00,
00,00
"<cr><lf>CONNECT 45333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,15,b1,00,00,00,00,
00,00
"<cr><lf>CONNECT 45333/ARQ/x2/MNP<cr><lf>"=hex:02,02,15,b1,00,00,00,00,00,00
"<cr><lf>CONNECT 45333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,15,b1,00,00,00,00,00,00
"<cr><lf>CONNECT 45333/x2/NONE<cr><lf>"=hex:02,00,15,b1,00,00,00,00,00,00
"<cr><lf>CONNECT 44000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,00,
00
"<cr><lf>CONNECT 44000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,
00,00
"<cr><lf>CONNECT 44000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,
00,00
"<cr><lf>CONNECT 44000/ARQ/x2/MNP<cr><lf>"=hex:02,02,e0,ab,00,00,00,00,00,00
"<cr><lf>CONNECT 44000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,e0,ab,00,00,00,00,00,00
"<cr><lf>CONNECT 44000/x2/NONE<cr><lf>"=hex:02,00,e0,ab,00,00,00,00,00,00
"<cr><lf>CONNECT 42666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,00,
00
"<cr><lf>CONNECT 42666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,
00,00
"<cr><lf>CONNECT 42666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,
00,00
"<cr><lf>CONNECT 42666/ARQ/x2/MNP<cr><lf>"=hex:02,02,aa,a6,00,00,00,00,00,00
"<cr><lf>CONNECT 42666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,aa,a6,00,00,00,00,00,00
"<cr><lf>CONNECT 42666/x2/NONE<cr><lf>"=hex:02,00,aa,a6,00,00,00,00,00,00
"<cr><lf>CONNECT 41333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,75,a1,00,00,00,00,00,
00
"<cr><lf>CONNECT 41333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,75,a1,00,00,00,00,
00,00
"<cr><lf>CONNECT 41333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,75,a1,00,00,00,00,
00,00
"<cr><lf>CONNECT 41333/ARQ/x2/MNP<cr><lf>"=hex:02,02,75,a1,00,00,00,00,00,00
"<cr><lf>CONNECT 41333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,75,a1,00,00,00,00,00,00
"<cr><lf>CONNECT 41333/x2/NONE<cr><lf>"=hex:02,00,75,a1,00,00,00,00,00,00
"<cr><lf>CONNECT 37333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,d5,91,00,00,00,00,00,
00
"<cr><lf>CONNECT 37333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,d5,91,00,00,00,00,
00,00
"<cr><lf>CONNECT 37333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,d5,91,00,00,00,00,
00,00
"<cr><lf>CONNECT 37333/ARQ/x2/MNP<cr><lf>"=hex:02,02,d5,91,00,00,00,00,00,00
"<cr><lf>CONNECT 37333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,d5,91,00,00,00,00,00,00
"<cr><lf>CONNECT 37333/x2/NONE<cr><lf>"=hex:02,00,d5,91,00,00,00,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他運行進程 ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
完成時間: 2012-08-24 13:35:56 - 電腦已重新啟動
ComboFix-quarantined-files.txt 2012-08-24 20:35
.
Pre-Run: 55,462,686,720 bytes free
Post-Run: 67,518,132,224 bytes free
.
- - End Of File - - 0E5726EB7E4CBA3CE8E54FE0473EA1F3

 

[Jay Pfoutz]

ComboFix Script

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

  ClearJavaCache::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
• Please post the contents of the log in your next reply.

Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Search.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

 

[roy392003]

ComboFix 12-08-24.02 - Roy Yip 08/2012 週日 10:56:52.2.6 - x64
Microsoft Windows 7 旗艦版 6.1.7601.1.950.852.3076.18.16376.13704 [GMT -7:00]
執行位置: c:\users\Roy Yip\Desktop\ComboFix.exe
Command switches used :: c:\users\Roy Yip\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: 個人防火牆 *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功創造新還原點
.
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\update
.
.
((((((((((((((((((((((((( 2012-07-26 至 2012-08-26 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2012-08-26 18:00 . 2012-08-26 18:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-08-26 18:00 . 2012-08-26 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-22 18:28 . 2012-08-22 18:28 -------- d-----w- C:\FRST
2012-08-22 15:20 . 2012-08-22 15:20 -------- d-----w- c:\users\Roy Yip\AppData\Roaming\Malwarebytes
2012-08-22 15:19 . 2012-08-22 15:19 -------- d-----w- c:\programdata\Malwarebytes
2012-08-22 15:19 . 2012-08-22 15:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-22 15:19 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-20 23:00 . 2012-08-20 23:00 -------- d-----w- c:\programdata\Battle.net
2012-08-20 22:45 . 2012-08-20 23:14 -------- d-----w- c:\program files (x86)\StarCraft II
2012-08-20 22:45 . 2012-08-20 23:02 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-08-20 22:45 . 2012-08-20 23:02 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-08-15 10:04 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 07:42 . 2012-08-15 07:42 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-14 15:12 . 2012-08-14 15:12 -------- d-----w- c:\users\Guest
2012-08-14 14:18 . 2012-08-14 14:18 -------- d-----w- c:\program files\CPUID
2012-08-14 14:06 . 2012-08-14 14:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 14:06 . 2012-08-14 14:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 11:02 . 2012-08-14 11:02 -------- d-----w- c:\programdata\ATI
2012-08-09 17:47 . 2012-08-09 17:47 -------- d-----w- c:\users\Roy Yip\AppData\Roaming\AnvSoft
2012-08-09 17:47 . 2012-08-09 17:47 -------- d-----w- c:\program files (x86)\AnvSoft
2012-08-02 07:40 . 2007-02-01 07:40 16 ----a-w- c:\windows\SysWow64\22AS6EJH.dll
2012-08-02 07:32 . 2012-08-02 07:41 -------- d-----w- c:\program files (x86)\蜓樅毞狟5
2012-07-31 23:32 . 2012-08-01 00:14 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-07-31 17:50 . 2012-08-01 00:11 -------- d-----w- c:\program files\T-TIME
2012-07-30 10:28 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-30 10:28 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 11:34 . 2011-10-08 12:28 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-15 10:01 . 2011-02-21 08:06 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-04 10:48 . 2011-03-14 07:53 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-21 09:10 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-09 05:43 . 2012-07-11 11:22 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 03:59 . 2012-06-07 03:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 11:22 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 11:22 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 11:22 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 11:22 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 11:22 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 11:22 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 02:48 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 02:48 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 02:48 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 02:48 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 02:48 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 02:48 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 02:48 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 02:48 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 02:48 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:50 . 2012-07-11 11:22 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 11:22 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 11:22 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 11:22 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 11:22 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 11:22 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 11:22 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 11:22 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 11:22 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-24_20.34.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-20 10:30 . 2012-08-24 20:35 44220 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2011-02-20 10:43 . 2012-08-24 20:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-20 10:43 . 2012-08-24 20:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-20 10:43 . 2012-08-24 20:36 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-20 10:43 . 2012-08-24 20:21 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-20 10:43 . 2012-08-24 20:21 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-20 10:43 . 2012-08-24 20:36 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-20 11:02 . 2012-08-26 17:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-20 11:02 . 2012-08-24 20:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-20 11:02 . 2012-08-26 17:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-20 11:02 . 2012-08-24 20:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43BEAFD9-E005-483D-A367-146BA6C8A32E}]
c:\program files (x86)\Tudou\?速Tudou\tudouDetector.dll [?]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"BitComet"="c:\program files (x86)\BitComet\BitComet.exe" [2011-09-23 11515184]
"PPS Accelerator"="c:\pps.tv\PPStream\ppsap.exe" [2010-02-24 214408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"BiosNotice"="c:\program files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe" [2010-06-15 994304]
"PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2009-05-27 315392]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
"YMailAdvisor"="c:\program files (x86)\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"Antiphishing Domain Advisor"="c:\programdata\Antiphishing Domain Advisor\vmn3_5dn.exe" [2010-11-12 221144]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576]
"IME14 CHT Uninstall"="c:\program files (x86)\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE" [2010-01-21 80240]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2010-07-08 47104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BIO-Remote.lnk - c:\program files (x86)\BIOSTAR\BIO-Remote\BIO_Remote.exe [2011-2-20 687616]
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-7-31 2680160]
NETGEAR WN121T Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN121T\wn121t.exe [2008-3-17 2498560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-08 197976]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 ALSysIO;ALSysIO;c:\users\ROYYIP~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 BthAvrcp;Bluetooth AVRCP 組態檔;c:\windows\system32\DRIVERS\BthAvrcp.sys [2008-07-11 21504]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-07 35840]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-08 230488]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-08 230488]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-08 1445976]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-08 95320]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-08 95320]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-08 1612888]
R3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);c:\windows\system32\DRIVERS\WN111x.sys [2007-10-29 340480]
R3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\DRIVERS\mrv64drv.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-01-12 35112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-21 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2010-01-19 234040]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2010-01-15 14136]
S1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2c64.sys [2010-05-18 15408]
S1 BS_TPIO;BS_TPIO;c:\windows\system32\drivers\BS_TPIO64.sys [2009-04-29 13360]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-18 279616]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-09-01 131320]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-09 974944]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-20 386344]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
S2 WDFMEService;WDFME;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
S2 WDRulesService;WDRules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-11-10 341856]
S3 LVUVC64;QuickCam Pro for Notebooks(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-11-10 4162784]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
‘計劃任務’ 文件夾 裡的內容
.
2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 14:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-01 10806816]
"CheckIt Diagnostics 8"="c:\program files\Smith Micro\CheckIt Diagnostics 8\cd8ctf.exe" [2010-05-11 54088]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-09 4036176]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"WD Quick View"="c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe" [2011-12-15 4244888]
.
------- 而外的掃描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com.hk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: &使用BitComet下載 - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &使用BitComet下載全部連結 - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: 傳送至 OneNote(&N) - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - (no file)
AddRemove-?速土豆 - c:\program files (x86)\Tudou\?速Tudou\uninst.exe
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_?\00?\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~?\00?\00\00\00w\00\00\00\00\00\00\00\00 "
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,51,bc,9c,25,2a,53,46,8d,00,68,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,51,bc,9c,25,2a,53,46,8d,00,68,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,51,bc,9c,25,2a,53,46,8d,00,68,\
.
[HKEY_USERS\S-1-5-21-1801686883-3928919087-1312348882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*vi.bc%21]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1801686883-3928919087-1312348882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*vi.bc%21\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1801686883-3928919087-1312348882-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*vi.bc%21]
@Allowed: (Read) (RestrictedCode)
"0"=hex:45,3a,5c,e5,90,89,e6,b2,a2,e6,98,8e,e6,ad,a9,e3,81,ae,e9,a8,8e,e4,b9,
97,e4,bd,8d,e7,8b,82,5c,53,4f,45,2d,36,30,31,2e,61,76,69,2e,62,63,21,00,38,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-1801686883-3928919087-1312348882-1000\Software\SecuROM\License information*]
"datasecu"=hex:f0,b9,bd,72,39,e8,3b,8b,c7,34,81,d7,c1,ed,73,28,26,3d,66,6c,cd,
88,37,ed,82,64,08,83,42,0a,e4,aa,a7,e4,6d,d7,7e,49,be,b6,29,97,9f,91,fb,7c,\
"rkeysecu"=hex:43,ea,53,ad,d3,f3,48,db,5b,63,23,0f,b1,c5,0f,53
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Unimodem\DeviceSpecific\j *3*3*6*0*0* *b*p*s* *xe焺_j:*:*(*jxe焺_j^?W)*:*:*M*I*c*r*o*s*o*f*t*\Responses]
"<cr>"=hex:01,00,00,00,00,00,00,00,00,00
"<lf>"=hex:01,00,00,00,00,00,00,00,00,00
"<cr><lf>OK<cr><lf>"=hex:00,00,00,00,00,00,00,00,00,00
"<cr><lf>RING<cr><lf>"=hex:08,00,00,00,00,00,00,00,00,00
"<cr><lf>NO CARRIER<cr><lf>"=hex:04,00,00,00,00,00,00,00,00,00
"<cr><lf>ERROR<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
"<cr><lf>NO DIALTONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
"<cr><lf>BUSY<cr><lf>"=hex:06,00,00,00,00,00,00,00,00,00
"<cr><lf>NO ANSWER<cr><lf>"=hex:07,00,00,00,00,00,00,00,00,00
"<cr><lf>CONNECT<cr><lf>"=hex:02,00,00,00,00,00,00,00,00,00
"0<cr>"=hex:00,00,00,00,00,00,00,00,00,00
"2<cr>"=hex:08,00,00,00,00,00,00,00,00,00
"3<cr>"=hex:04,00,00,00,00,00,00,00,00,00
"4<cr>"=hex:03,00,00,00,00,00,00,00,00,00
"6<cr>"=hex:05,00,00,00,00,00,00,00,00,00
"7<cr>"=hex:06,00,00,00,00,00,00,00,00,00
"8<cr>"=hex:07,00,00,00,00,00,00,00,00,00
"OK"=hex:00,00,00,00,00,00,00,00,00,00
"RING"=hex:08,00,00,00,00,00,00,00,00,00
"NO CARRIER"=hex:04,00,00,00,00,00,00,00,00,00
"ERROR"=hex:03,00,00,00,00,00,00,00,00,00
"NO DIALTONE"=hex:05,00,00,00,00,00,00,00,00,00
"NO DIAL TONE"=hex:05,00,00,00,00,00,00,00,00,00
"BUSY"=hex:06,00,00,00,00,00,00,00,00,00
"NO ANSWER"=hex:07,00,00,00,00,00,00,00,00,00
"FAX"=hex:03,00,00,00,00,00,00,00,00,00
"DATA"=hex:03,00,00,00,00,00,00,00,00,00
"VOICE"=hex:03,00,00,00,00,00,00,00,00,00
"RINGING"=hex:01,00,00,00,00,00,00,00,00,00
"DIALING"=hex:01,00,00,00,00,00,00,00,00,00
"RRING"=hex:01,00,00,00,00,00,00,00,00,00
"DELAYED"=hex:1d,00,00,00,00,00,00,00,00,00
"BLACKLISTED"=hex:1c,00,00,00,00,00,00,00,00,00
"+FCERROR"=hex:03,00,00,00,00,00,00,00,00,00
"CONNECT"=hex:02,00,00,00,00,00,00,00,00,00
"CONNECT/ARQ"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/REL"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/MNP"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/LAP-M"=hex:02,02,00,00,00,00,00,00,00,00
"CONNECT/V42BIS"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT/V42b"=hex:02,03,00,00,00,00,00,00,00,00
"CONNECT 300"=hex:02,00,2c,01,00,00,00,00,00,00
"CONNECT 300/ARQ"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/REL"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/MNP"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/LAP-M"=hex:02,02,2c,01,00,00,00,00,00,00
"CONNECT 300/V42BIS"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 300/V42b"=hex:02,03,2c,01,00,00,00,00,00,00
"CONNECT 600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600"=hex:02,00,58,02,00,00,00,00,00,00
"CONNECT 0600/ARQ"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/REL"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/MNP"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/LAP-M"=hex:02,02,58,02,00,00,00,00,00,00
"CONNECT 0600/V42BIS"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 0600/V42b"=hex:02,03,58,02,00,00,00,00,00,00
"CONNECT 1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200/75/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 1200TX/75RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75/1200/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX"=hex:02,00,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/ARQ"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/REL"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/MNP"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/LAP-M"=hex:02,02,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42BIS"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 75TX/1200RX/V42b"=hex:02,03,b0,04,00,00,00,00,00,00
"CONNECT 2400"=hex:02,00,60,09,00,00,00,00,00,00
"CONNECT 2400/ARQ"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/REL"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/MNP"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/LAP-M"=hex:02,02,60,09,00,00,00,00,00,00
"CONNECT 2400/V42BIS"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 2400/V42b"=hex:02,03,60,09,00,00,00,00,00,00
"CONNECT 4800"=hex:02,00,c0,12,00,00,00,00,00,00
"CONNECT 4800/ARQ"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/REL"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/MNP"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/LAP-M"=hex:02,02,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42BIS"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 4800/V42b"=hex:02,03,c0,12,00,00,00,00,00,00
"CONNECT 7200"=hex:02,00,20,1c,00,00,00,00,00,00
"CONNECT 7200/ARQ"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/REL"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/MNP"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/LAP-M"=hex:02,02,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42BIS"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 7200/V42b"=hex:02,03,20,1c,00,00,00,00,00,00
"CONNECT 9600"=hex:02,00,80,25,00,00,00,00,00,00
"CONNECT 9600/ARQ"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/REL"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/MNP"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/LAP-M"=hex:02,02,80,25,00,00,00,00,00,00
"CONNECT 9600/V42BIS"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 9600/V42b"=hex:02,03,80,25,00,00,00,00,00,00
"CONNECT 12000"=hex:02,00,e0,2e,00,00,00,00,00,00
"CONNECT 12000/ARQ"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/REL"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/MNP"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/LAP-M"=hex:02,02,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42BIS"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 12000/V42b"=hex:02,03,e0,2e,00,00,00,00,00,00
"CONNECT 14400"=hex:02,00,40,38,00,00,00,00,00,00
"CONNECT 14400/ARQ"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/REL"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/MNP"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/LAP-M"=hex:02,02,40,38,00,00,00,00,00,00
"CONNECT 14400/V42BIS"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 14400/V42b"=hex:02,03,40,38,00,00,00,00,00,00
"CONNECT 16800"=hex:02,00,a0,41,00,00,00,00,00,00
"CONNECT 16800/ARQ"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/REL"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/MNP"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/LAP-M"=hex:02,02,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42BIS"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 16800/V42b"=hex:02,03,a0,41,00,00,00,00,00,00
"CONNECT 19200"=hex:02,00,00,4b,00,00,00,00,00,00
"CONNECT 19200/ARQ"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/REL"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/MNP"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/LAP-M"=hex:02,02,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42BIS"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 19200/V42b"=hex:02,03,00,4b,00,00,00,00,00,00
"CONNECT 21600"=hex:02,00,60,54,00,00,00,00,00,00
"CONNECT 21600/ARQ"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/REL"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/MNP"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/LAP-M"=hex:02,02,60,54,00,00,00,00,00,00
"CONNECT 21600/V42BIS"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 21600/V42b"=hex:02,03,60,54,00,00,00,00,00,00
"CONNECT 24000"=hex:02,00,c0,5d,00,00,00,00,00,00
"CONNECT 24000/ARQ"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/REL"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/MNP"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/LAP-M"=hex:02,02,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42BIS"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 24000/V42b"=hex:02,03,c0,5d,00,00,00,00,00,00
"CONNECT 26400"=hex:02,00,20,67,00,00,00,00,00,00
"CONNECT 26400/ARQ"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/REL"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/MNP"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/LAP-M"=hex:02,02,20,67,00,00,00,00,00,00
"CONNECT 26400/V42BIS"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 26400/V42b"=hex:02,03,20,67,00,00,00,00,00,00
"CONNECT 28800"=hex:02,00,80,70,00,00,00,00,00,00
"CONNECT 28800/ARQ"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/REL"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/MNP"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/LAP-M"=hex:02,02,80,70,00,00,00,00,00,00
"CONNECT 28800/V42BIS"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 28800/V42b"=hex:02,03,80,70,00,00,00,00,00,00
"CONNECT 38400"=hex:02,00,00,00,00,00,00,96,00,00
"CONNECT 38400/ARQ"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/REL"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/MNP"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/LAP-M"=hex:02,02,00,00,00,00,00,96,00,00
"CONNECT 38400/V42BIS"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 38400/V42b"=hex:02,03,00,00,00,00,00,96,00,00
"CONNECT 57600"=hex:02,00,00,00,00,00,00,e1,00,00
"CONNECT 57600/ARQ"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/REL"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/MNP"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/LAP-M"=hex:02,02,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42BIS"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 57600/V42b"=hex:02,03,00,00,00,00,00,e1,00,00
"CONNECT 115200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200"=hex:02,00,00,00,00,00,00,c2,01,00
"CONNECT 115,200/ARQ"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/REL"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/MNP"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/LAP-M"=hex:02,02,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42BIS"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 115,200/V42b"=hex:02,03,00,00,00,00,00,c2,01,00
"CONNECT 230400"=hex:02,00,00,00,00,00,00,84,03,00
"CONNECT 230400/ARQ"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/REL"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/MNP"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/LAP-M"=hex:02,02,00,00,00,00,00,84,03,00
"CONNECT 230400/V42BIS"=hex:02,03,00,00,00,00,00,84,03,00
"CONNECT 230400/V42b"=hex:02,03,00,00,00,00,00,84,03,00
"CARRIER 300"=hex:01,00,2c,01,00,00,00,00,00,00
"CARRIER 1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 1200/75"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 75/1200"=hex:01,00,b0,04,00,00,00,00,00,00
"CARRIER 2400"=hex:01,00,60,09,00,00,00,00,00,00
"CARRIER 4800"=hex:01,00,c0,12,00,00,00,00,00,00
"CARRIER 7200"=hex:01,00,20,1c,00,00,00,00,00,00
"CARRIER 9600"=hex:01,00,80,25,00,00,00,00,00,00
"CARRIER 12000"=hex:01,00,e0,2e,00,00,00,00,00,00
"CARRIER 14400"=hex:01,00,40,38,00,00,00,00,00,00
"CARRIER 16800"=hex:01,00,a0,41,00,00,00,00,00,00
"CARRIER 19200"=hex:01,00,00,4b,00,00,00,00,00,00
"CARRIER 21600"=hex:01,00,60,54,00,00,00,00,00,00
"CARRIER 24000"=hex:01,00,c0,5d,00,00,00,00,00,00
"CARRIER 26400"=hex:01,00,20,67,00,00,00,00,00,00
"CARRIER 28800"=hex:01,00,80,70,00,00,00,00,00,00
"COMPRESSION: CLASS 5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: MNP5"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: V.42 BIS"=hex:01,03,00,00,00,00,00,00,00,00
"COMPRESSION: ADC"=hex:01,01,00,00,00,00,00,00,00,00
"COMPRESSION: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: NONE"=hex:01,00,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ERROR-CONTROL/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: X.25/LAPB/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/HDX"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAPM/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: LAP-M/AFT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: ALT-CELLULAR"=hex:01,0a,00,00,00,00,00,00,00,00
"PROTOCOL: MNP"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP2"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP3"=hex:01,02,00,00,00,00,00,00,00,00
"PROTOCOL: MNP4"=hex:01,02,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 1"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 2"=hex:01,00,00,00,00,00,00,00,00,00
"AUTOSTREAM: LEVEL 3"=hex:01,00,00,00,00,00,00,00,00,00
"CARRIER 31200 V.23"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 31200/VFC"=hex:01,00,e0,79,00,00,00,00,00,00
"CARRIER 33600 V.23"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600"=hex:01,00,40,83,00,00,00,00,00,00
"CARRIER 33600/VFC"=hex:01,00,40,83,00,00,00,00,00,00
"CONNECT 31200 EC"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 EC/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/MNP5"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200 REL/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200"=hex:02,00,e0,79,00,00,00,00,00,00
"CONNECT 31200/ARQ"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/LAP-M"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM V.42 BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/REL-LAPM"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42B"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 31200/V42BIS"=hex:02,03,e0,79,00,00,00,00,00,00
"CONNECT 33600 EC"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 EC/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/MNP5"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600 REL/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600"=hex:02,00,40,83,00,00,00,00,00,00
"CONNECT 33600/ARQ"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/LAP-M"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/MNP"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM V.42 BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/REL-LAPM"=hex:02,02,40,83,00,00,00,00,00,00
"CONNECT 33600/V42B"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 33600/V42BIS"=hex:02,03,40,83,00,00,00,00,00,00
"CONNECT 31200/REL-MNP"=hex:02,02,e0,79,00,00,00,00,00,00
"CONNECT 33600/REL-MNP"=hex:02,02,40,83,00,00,00,00,00,00
"1<cr>"=hex:02,00,2c,01,00,00,00,00,00,00
"5<cr>"=hex:02,00,b0,04,00,00,00,00,00,00
"<cr><lf>NO DIAL TONE<cr><lf>"=hex:05,00,00,00,00,00,00,00,00,00
"<cr><lf>RINGING<cr><lf>"=hex:01,00,00,00,00,00,00,00,00,00
"<cr><lf>VOICE<cr><lf>"=hex:03,00,00,00,00,00,00,00,00,00
"<cr><lf>CONNECT 57333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,f5,df,00,00,00,00,00,
00
"<cr><lf>CONNECT 57333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,f5,df,00,00,00,00,
00,00
"<cr><lf>CONNECT 57333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,f5,df,00,00,00,00,
00,00
"<cr><lf>CONNECT 57333/ARQ/x2/MNP<cr><lf>"=hex:02,02,f5,df,00,00,00,00,00,00
"<cr><lf>CONNECT 57333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,f5,df,00,00,00,00,00,00
"<cr><lf>CONNECT 57333/x2/NONE<cr><lf>"=hex:02,00,f5,df,00,00,00,00,00,00
"<cr><lf>CONNECT 56000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,c0,da,00,00,00,00,00,
00
"<cr><lf>CONNECT 56000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,c0,da,00,00,00,00,
00,00
"<cr><lf>CONNECT 56000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,c0,da,00,00,00,00,
00,00
"<cr><lf>CONNECT 56000/ARQ/x2/MNP<cr><lf>"=hex:02,02,c0,da,00,00,00,00,00,00
"<cr><lf>CONNECT 56000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,c0,da,00,00,00,00,00,00
"<cr><lf>CONNECT 56000/x2/NONE<cr><lf>"=hex:02,00,c0,da,00,00,00,00,00,00
"<cr><lf>CONNECT 54666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,00,
00
"<cr><lf>CONNECT 54666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,
00,00
"<cr><lf>CONNECT 54666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,8a,d5,00,00,00,00,
00,00
"<cr><lf>CONNECT 54666/ARQ/x2/MNP<cr><lf>"=hex:02,02,8a,d5,00,00,00,00,00,00
"<cr><lf>CONNECT 54666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,8a,d5,00,00,00,00,00,00
"<cr><lf>CONNECT 54666/x2/NONE<cr><lf>"=hex:02,00,8a,d5,00,00,00,00,00,00
"<cr><lf>CONNECT 53333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,55,d0,00,00,00,00,00,
00
"<cr><lf>CONNECT 53333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,55,d0,00,00,00,00,
00,00
"<cr><lf>CONNECT 53333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,55,d0,00,00,00,00,
00,00
"<cr><lf>CONNECT 53333/ARQ/x2/MNP<cr><lf>"=hex:02,02,55,d0,00,00,00,00,00,00
"<cr><lf>CONNECT 53333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,55,d0,00,00,00,00,00,00
"<cr><lf>CONNECT 53333/x2/NONE<cr><lf>"=hex:02,00,55,d0,00,00,00,00,00,00
"<cr><lf>CONNECT 52000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,20,cb,00,00,00,00,00,
00
"<cr><lf>CONNECT 52000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,20,cb,00,00,00,00,
00,00
"<cr><lf>CONNECT 52000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,20,cb,00,00,00,00,
00,00
"<cr><lf>CONNECT 52000/ARQ/x2/MNP<cr><lf>"=hex:02,02,20,cb,00,00,00,00,00,00
"<cr><lf>CONNECT 52000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,20,cb,00,00,00,00,00,00
"<cr><lf>CONNECT 52000/x2/NONE<cr><lf>"=hex:02,00,20,cb,00,00,00,00,00,00
"<cr><lf>CONNECT 50666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,00,
00
"<cr><lf>CONNECT 50666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,
00,00
"<cr><lf>CONNECT 50666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,ea,c5,00,00,00,00,
00,00
"<cr><lf>CONNECT 50666/ARQ/x2/MNP<cr><lf>"=hex:02,02,ea,c5,00,00,00,00,00,00
"<cr><lf>CONNECT 50666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,ea,c5,00,00,00,00,00,00
"<cr><lf>CONNECT 50666/x2/NONE<cr><lf>"=hex:02,00,ea,c5,00,00,00,00,00,00
"<cr><lf>CONNECT 49333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,00,
00
"<cr><lf>CONNECT 49333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,
00,00
"<cr><lf>CONNECT 49333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,b5,c0,00,00,00,00,
00,00
"<cr><lf>CONNECT 49333/ARQ/x2/MNP<cr><lf>"=hex:02,02,b5,c0,00,00,00,00,00,00
"<cr><lf>CONNECT 49333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,b5,c0,00,00,00,00,00,00
"<cr><lf>CONNECT 49333/x2/NONE<cr><lf>"=hex:02,00,b5,c0,00,00,00,00,00,00
"<cr><lf>CONNECT 48000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,80,bb,00,00,00,00,00,
00
"<cr><lf>CONNECT 48000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,80,bb,00,00,00,00,
00,00
"<cr><lf>CONNECT 48000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,80,bb,00,00,00,00,
00,00
"<cr><lf>CONNECT 48000/ARQ/x2/MNP<cr><lf>"=hex:02,02,80,bb,00,00,00,00,00,00
"<cr><lf>CONNECT 48000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,80,bb,00,00,00,00,00,00
"<cr><lf>CONNECT 48000/x2/NONE<cr><lf>"=hex:02,00,80,bb,00,00,00,00,00,00
"<cr><lf>CONNECT 46666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,00,
00
"<cr><lf>CONNECT 46666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,
00,00
"<cr><lf>CONNECT 46666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,4a,b6,00,00,00,00,
00,00
"<cr><lf>CONNECT 46666/ARQ/x2/MNP<cr><lf>"=hex:02,02,4a,b6,00,00,00,00,00,00
"<cr><lf>CONNECT 46666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,4a,b6,00,00,00,00,00,00
"<cr><lf>CONNECT 46666/x2/NONE<cr><lf>"=hex:02,00,4a,b6,00,00,00,00,00,00
"<cr><lf>CONNECT 45333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,15,b1,00,00,00,00,00,
00
"<cr><lf>CONNECT 45333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,15,b1,00,00,00,00,
00,00
"<cr><lf>CONNECT 45333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,15,b1,00,00,00,00,
00,00
"<cr><lf>CONNECT 45333/ARQ/x2/MNP<cr><lf>"=hex:02,02,15,b1,00,00,00,00,00,00
"<cr><lf>CONNECT 45333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,15,b1,00,00,00,00,00,00
"<cr><lf>CONNECT 45333/x2/NONE<cr><lf>"=hex:02,00,15,b1,00,00,00,00,00,00
"<cr><lf>CONNECT 44000/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,00,
00
"<cr><lf>CONNECT 44000/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,
00,00
"<cr><lf>CONNECT 44000/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,e0,ab,00,00,00,00,
00,00
"<cr><lf>CONNECT 44000/ARQ/x2/MNP<cr><lf>"=hex:02,02,e0,ab,00,00,00,00,00,00
"<cr><lf>CONNECT 44000/ARQ/x2/LAPM<cr><lf>"=hex:02,02,e0,ab,00,00,00,00,00,00
"<cr><lf>CONNECT 44000/x2/NONE<cr><lf>"=hex:02,00,e0,ab,00,00,00,00,00,00
"<cr><lf>CONNECT 42666/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,00,
00
"<cr><lf>CONNECT 42666/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,
00,00
"<cr><lf>CONNECT 42666/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,aa,a6,00,00,00,00,
00,00
"<cr><lf>CONNECT 42666/ARQ/x2/MNP<cr><lf>"=hex:02,02,aa,a6,00,00,00,00,00,00
"<cr><lf>CONNECT 42666/ARQ/x2/LAPM<cr><lf>"=hex:02,02,aa,a6,00,00,00,00,00,00
"<cr><lf>CONNECT 42666/x2/NONE<cr><lf>"=hex:02,00,aa,a6,00,00,00,00,00,00
"<cr><lf>CONNECT 41333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,75,a1,00,00,00,00,00,
00
"<cr><lf>CONNECT 41333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,75,a1,00,00,00,00,
00,00
"<cr><lf>CONNECT 41333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,75,a1,00,00,00,00,
00,00
"<cr><lf>CONNECT 41333/ARQ/x2/MNP<cr><lf>"=hex:02,02,75,a1,00,00,00,00,00,00
"<cr><lf>CONNECT 41333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,75,a1,00,00,00,00,00,00
"<cr><lf>CONNECT 41333/x2/NONE<cr><lf>"=hex:02,00,75,a1,00,00,00,00,00,00
"<cr><lf>CONNECT 37333/ARQ/x2/MNP/MNP5<cr><lf>"=hex:02,03,d5,91,00,00,00,00,00,
00
"<cr><lf>CONNECT 37333/ARQ/x2/LAPM/V42BIS<cr><lf>"=hex:02,03,d5,91,00,00,00,00,
00,00
"<cr><lf>CONNECT 37333/ARQ/x2/LAPM/MNP5<cr><lf>"=hex:02,03,d5,91,00,00,00,00,
00,00
"<cr><lf>CONNECT 37333/ARQ/x2/MNP<cr><lf>"=hex:02,02,d5,91,00,00,00,00,00,00
"<cr><lf>CONNECT 37333/ARQ/x2/LAPM<cr><lf>"=hex:02,02,d5,91,00,00,00,00,00,00
"<cr><lf>CONNECT 37333/x2/NONE<cr><lf>"=hex:02,00,d5,91,00,00,00,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成時間: 2012-08-26 11:02:19
ComboFix-quarantined-files.txt 2012-08-26 18:02
ComboFix2.txt 2012-08-24 20:35
.
Pre-Run: 67,338,436,608 bytes free
Post-Run: 67,075,502,080 位元組可用
.
- - End Of File - - 615F957A095AD6D1338DE1E01B752138

 

[roy392003]

# AdwCleaner v1.801 - Logfile created 08/26/2012 at 11:06:24
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Roy Yip - ROYYIP-PC
# Boot Mode : Normal
# Running from : C:\Users\Roy Yip\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****
Folder Found : C:\Users\Roy Yip\AppData\Roaming\Complitly
Folder Found : C:\ProgramData\boost_interprocess
File Found : C:\Users\Public\Desktop\QuickStores.url
***** [Registry] *****
Key Found : HKCU\Software\Complitly
Key Found : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
[x64] Key Found : HKCU\Software\Complitly
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [2423 octets] - [26/08/2012 11:06:24]
########## EOF - C:\AdwCleaner[R1].txt - [2551 octets] ##########

 

[Jay Pfoutz]

Remove the Adware.

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with OK.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the log.

Please run the F-Secure Online Scanner

• Accept the License Agreement and check the box. Then click on Run Check.
• 
• It will ask you to Run the Java plugin. Please confirm.
• Once the download completes, the window for the scanner will launch.
• Please confirm anymore prompts, and then select Full Scan.
• The scan will take some time to finish, so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
• It will run its cleaning.
• Click the Full report button and Copy & Paste the entire report (except the bold text at the foot of the page) in your next reply. Once that's done, click the Close button on the scan window.

 

[roy392003]

# AdwCleaner v1.801 - Logfile created 08/27/2012 at 04:07:27
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Roy Yip - ROYYIP-PC
# Boot Mode : Normal
# Running from : C:\Users\Roy Yip\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\Users\Roy Yip\AppData\Roaming\Complitly
Folder Deleted : C:\ProgramData\boost_interprocess
File Deleted : C:\Users\Public\Desktop\QuickStores.url
***** [Registry] *****
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [2534 octets] - [26/08/2012 11:06:24]
AdwCleaner[S1].txt - [1986 octets] - [27/08/2012 04:07:27]
########## EOF - C:\AdwCleaner[S1].txt - [2114 octets] ##########

 

[roy392003]

[FONT=Verdana] [/FONT]
[FONT=Arial]Scanning Report[/FONT]

[FONT=Arial]Monday, August 27, 2012 04:17:08 - 10:37:35[/FONT]

Computer name: ROYYIP-PC
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ E:\ G:\ H:\ I:\ K:\ L:\
[FONT=Arial]29 malware found[/FONT]

[FONT=Verdana]TrackingCookie.Questionmarket[/FONT][FONT=Verdana] (spyware) [/FONT]

• System (Disinfected)

TrackingCookie.Adinterax (spyware)

• System (Disinfected)

TrackingCookie.2o7 (spyware)

• System (Disinfected)

TrackingCookie.Advertising (spyware)

• System (Disinfected)

TrackingCookie.Atdmt (spyware)

• System (Disinfected)

TrackingCookie.Adtech (spyware)

• System (Disinfected)

TrackingCookie.Adform (spyware)

• System (Disinfected)

TrackingCookie.Doubleclick (spyware)

• System (Disinfected)

TrackingCookie.Revsci (spyware)

• System (Disinfected)

Trojan.Generic.KDV (spyware)

• System (Disinfected)

TrackingCookie.WebTrendsLive (spyware)

• System (Disinfected)

TrackingCookie.Clickbank (spyware)

• System (Disinfected)

TrackingCookie.Zanox (spyware)

• System (Disinfected)

TrackingCookie.Fastclick (spyware)

• System (Disinfected)

TrackingCookie.Adbrite (spyware)

• System (Disinfected)

TrackingCookie.Xiti (spyware)

• System (Disinfected)

TrackingCookie.Webtrends (spyware)

• System (Disinfected)

TrackingCookie.Mediaplex (spyware)

• System (Disinfected)

TrackingCookie.Liveperson (spyware)

• System (Disinfected)

TrackingCookie.Tradedoubler (spyware)

• System (Disinfected)

TrackingCookie.Statcounter (spyware)

• System (Disinfected)

TrackingCookie.Atwola (spyware)

• System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

• System (Disinfected)

Trojan.Generic.KDV.690061 (virus)

• C:\USERS\ROY YIP\DESKTOP\3\TEKNOR6VEGAS2.EXE (Not cleaned)

Trojan.Generic.KDV.690061 (virus)

• C:\PROGRAM FILES (X86)\UBISOFT\TOM CLANCY'S RAINBOW SIX VEGAS 2\TEKNOR6VEGAS2.EXE (Renamed & Submitted)

Trojan.Generic.KDV.690061 (virus)

• C:\PROGRAM FILES (X86)\UBISOFT\TOM CLANCY'S RAINBOW SIX VEGAS 2\BINARIES\TEKNOR6VEGAS2.EXE (Renamed & Submitted)

Trojan.Generic.6852895 (virus)

• C:\PROGRAM FILES (X86)\METEOR\AI306\PKAIMK.EXE (Renamed & Submitted)

Suspicious:W32/Malware!Gemini (virus)

• C:\PROGRAM FILES (X86)\METEOR\METEOR.EXE (Not cleaned & Submitted)

Gen:Variant.Kazy.68159 (virus)

• C:\PPS.TV\PPSTREAM\UPDATE.EXE (Renamed & Submitted)

[FONT=Arial]Statistics[/FONT]

Scanned:

• Files: 85392
• System: 6666
• Not scanned: 267

Actions:

• Disinfected: 23
• Renamed: 4
• Deleted: 0
• Not cleaned: 2
• Submitted: 5

Files not scanned:

• C:\HIBERFIL.SYS
• C:\PAGEFILE.SYS
• C:\WINDOWS\TEMP\ETILQS_5UJOP9DCSOMX0HQDMAW3
• C:\WINDOWS\TEMP\ETILQS_5WTSFHQ2ZV01CB3RLRQU
• C:\WINDOWS\TEMP\ETILQS_AB79TQ5HMLYV232QHL8R
• C:\WINDOWS\TEMP\ETILQS_AXVJ3OEQ0QZDSZUCA0I7
• C:\WINDOWS\TEMP\ETILQS_ELS0LMRSIWYWF3K6UIDX
• C:\WINDOWS\TEMP\ETILQS_NXZPXOFZL7VZOJEWFQTO
• C:\WINDOWS\TEMP\ETILQS_PURHNTONFXCMU7RKHL0Z
• C:\WINDOWS\TEMP\HSPERFDATA_ROYYIP-PC$\3668
• C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
• C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
• C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
• C:\WINDOWS\SYSTEM32\CONFIG\SAM
• C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
• C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
• C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
• C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
• C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
• C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
• C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
• C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
• C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
• C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
• C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\~DF10F18BB8538E4E29.TMP
• C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\~DF19B67FA3495E7DC1.TMP
• C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\~DF1AC2D0B219708944.TMP
• C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\~DF350A4DBEAEFF7244.TMP
• C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\~DF43FB465A64EB8AD4.TMP
• C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\~DF71E82E246DDF1E71.TMP
• C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\~DF72F95DCFE9986EDE.TMP
• C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\~DF7ED4B51FF11EE91B.TMP
• C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\~DFC067940B2102D7A3.TMP
• C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\HSPERFDATA_ROY YIP\5188
• C:\USERS\ROY YIP\APPDATA\LOCAL\TEMP\HSPERFDATA_ROY YIP\5984
• C:\SYSTEM VOLUME INFORMATION\{21000954-DDBE-11E1-ADEB-00306783B0E5}{3808876B-C176-4E48-B7AE-04046E6CC752}
• C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
• C:\SYSTEM VOLUME INFORMATION\{569465E6-EC8B-11E1-97C2-00306783B0E5}{3808876B-C176-4E48-B7AE-04046E6CC752}
• C:\SYSTEM VOLUME INFORMATION\{6602CA26-E242-11E1-819D-00306783B0E5}{3808876B-C176-4E48-B7AE-04046E6CC752}
• C:\SYSTEM VOLUME INFORMATION\{6602CAF6-E242-11E1-819D-00306783B0E5}{3808876B-C176-4E48-B7AE-04046E6CC752}
• C:\SYSTEM VOLUME INFORMATION\{72EE2BFD-E60D-11E1-B137-00306783B0E5}{3808876B-C176-4E48-B7AE-04046E6CC752}
• C:\SYSTEM VOLUME INFORMATION\{7E93201E-E618-11E1-9760-00306783B0E5}{3808876B-C176-4E48-B7AE-04046E6CC752}
• C:\SYSTEM VOLUME INFORMATION\{A8937742-E609-11E1-BF4B-00306783B0E5}{3808876B-C176-4E48-B7AE-04046E6CC752}
• C:\SYSTEM VOLUME INFORMATION\{A8937752-E609-11E1-BF4B-00306783B0E5}{3808876B-C176-4E48-B7AE-04046E6CC752}
• C:\SYSTEM VOLUME INFORMATION\{F5BBBA73-E5FE-11E1-B1F0-00306783B0E5}{3808876B-C176-4E48-B7AE-04046E6CC752}
• C:\PROGRAMDATA\MICROSOFT\WINDOWS\DRM\CACHE\INDIV01.TMP
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\00B66CDC448A3FF9443E225A65AE2616_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0233D6D2742295155676D68B950BB091_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\042133DF7F0A02BDAEAC242B0020CCAD_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\052E926CC9779860D8D184492BCA1E9B_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\069B9DBF2B9F7A27E5593227AB456618_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\05F83BA7E9815EB43E9A4323B229DE58_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0870A64D20D365F597B85D2B6858D6D4_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08BFB24ABBC68E11E644299E47C0ECD3_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0B940D2F2AF66D1595ECA3CB2EEC1670_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C331D49C2D8FAFA279292DA16526DA5_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0C3C94A6DF8CD9BE9C37ABAD7BF1E118_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0DD71634A6C5F0035CE03CBE8D5EBA80_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0E680576BDDB66586697846609D08E3F_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\12B47D0210C28778DD4DCBCC7B14F529_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1444B3E912FCA46FADD1110A9183B11E_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1897929E08C2AC6D5F76594970C479EC_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19E87295126A4E362AE71EDFB4D6163E_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A03B3F045C9909AE7B1AA7CBD210680_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A6CCE4206FCA26660AE18C73898C6BF_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C7A4D5B20E1166EB2A0D4936ED245B1_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1DD7152393BE7AFCAA91C9EF30DFB190_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E266F1B1DEEC71140C9E8E6A718788C_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E57D5C32CDA53D3F1C9F388BD2DBAF4_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\20276785BE000FCA65DC1E9454792815_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\20AE8C601D029098AEE5C01CCD6EC0CE_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\211EC6CCE911E89DFF3EBC22ECC81F8C_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\22097022F3B19D062BEEFFA3801E90DC_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\224F876CC2A0755DE624EE0845805EB9_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\226E918CB9B3B67BC7CC3B3D8199D458_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25ABC3D7AF1611EBB8C579F869511C9C_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\25CBDC39C97708A2EF58E995C557D572_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\26756D1174D8CDC8DE66C5AC112951C0_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\281FF9B0C3C15DC8B4EC992F5AF6430A_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\28621BEE574981F83B1399DFEDCD6F15_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B1D44452FB381523968717DDC595B86_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B87CF1A6F55826705504A0EECA7B8B2_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2BEC82F1AA3E9B64A8501B484BF71031_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DC9D01A15F38743808851A8D6C965A1_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2FFDC0BE62C049D1E304F226932FBD3E_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\329BEAC322263D9EFDAA2AE49B4A4864_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\32CC9EA695E5DA37590BEEFCA8584D3F_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\348DB4844D19C7155A82A50DA097CDDF_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3893EB9E8F3E51AD33EF44D6CBDE2DB0_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\39D4A322052C6E1A61499521E15ACF90_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3A067ECED4154F8A011D53493B08517C_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\39E5B6F4470D3EF2093C2A6440F37481_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3B6F771D33BEB362EDFC055C2C9564B0_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3B74A1EAD258EC53F84B295EDF560214_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E3221FC795FB9710CAEE51930968A71_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EB137F3E14AEF665B33D4752FE00ACB_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3F7F2B744944FBAF05E30F9A5115F49F_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42A06C0C18D1188BC53677E725268566_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43D117948535957015E654C8A3F98F3F_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42B9D875B603E1739088BF657671BE74_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4344DA1997F0A1DC2D54450BFD3F52FE_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4420069078C7543E4DF64686E2713ED6_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\443AA28F2B7246D80E7F91462986726D_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\46FEB9390BA0678EF4DE410E8A80EEFC_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\478EDDC663F2A905A0EA5F4839C3CC07_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\448C9EB1B53EF565039AF9DF9F5A0D0F_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\47B3B7E5CB3C6B217ECF728E9BA53F32_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D51533F3E68345DB27ECB67FD8DABB8_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4A632BAF764A9F376FAE1DA6FA0B0B2E_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4B4FD122C45B24397022F42DDD59AF33_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50C8005DC453D6BF5412B64C708A37D8_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5326181D38179D54644BA0F5A8306622_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\56F0F23EC9757ED8B97F2DD4750EEB16_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5719287186CE4CEC335176A75303FD9C_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\55B68389C48B509B69A1195F33091E62_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\573D2B58B4CABB1B79877CF05374433F_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5AFAF5E2909ADD6C9AED2250FB24B1C4_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5B62A52BF2C7BF77E2D2B9A042E4E8D4_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5788330123D5CC6C883112281861B4B9_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5CF73218FD91716E82C383963A874223_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6057CE5A0D808EFCC186E8FF2BEAF58A_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6121D5446813CA48E000629B843BF16E_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D56645A90831A0E3CC7B55628DE1C73_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\62989C9F3230D1A13FA4244F76199816_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\62D7516994930A50DE97FB8FDE56AA04_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63132FB716F2EBD3917D91CF6EFFFEB6_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6429965FA0AAABFCA0E38B943EED06E4_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\673975BD02E07F765EE54F54C62BC463_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68C74B7CDF34D9A1211D1F93A1888DAD_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\674D78E808352F94F8F5B3AF35AB8284_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\69988E054A509B0707AD9DE490B88864_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6B8DFDA171363BB7ACD00E6A49E1116A_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E45ABA1DABD605344256DFF9D352320_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\70CC0EF9AC13718045AF1FF208D71EDF_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7273915D901F4A18591DF3BE53170D36_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FFE0BF90680A21082657195D1B23FFC_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\727B452B0B8BEF79E4D1D082438FE184_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\744E4B7860B69A864CF39D046F7B07D4_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\734CD2BE3CB4E61F11C4EA9076986B2B_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\75D7BC6818E84ECC7622049E96BF32FA_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\761B660BD3DE12BBBC3CEBFA9F35F8A3_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\774BC224E5282B1AD4A6DA6234D19CD8_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\782353EC3FC9AA46FEF2A2646F3CA0EC_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\77C8DA9ED63D69CC63A71FE4D51AC868_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D0E63AC742C674C5886A3642E2B5BDB_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D2DDB6B852EA1D556EB0528E367567E_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D3FF503169B9C96B7107DF11D185BC7_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7FB23693EF1678327809F427FD414A4F_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\808470EF6EFBE4C68AEE0B9FD36ADDF2_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8102D23AB16A189AA3B674BC3B79307E_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\83802C8064DAB9FA0CB206256DF998D8_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\84873A9A408E957E6C025425D0C49D74_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8177EEE76B577E73D9E7520BB35E25D9_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\854874B3908D97F80CA02B81C2A0429E_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\86171B48031BD1B6A571682F1293CAF5_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8576FD000AADC9CBB4AAE4E51709A9E3_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\87373271DEF8C8E9982199555396AF4A_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\882E72C3DD7B41DB44D22162E64B5995_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8B3725D31C52960EDF13F41DF008D657_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8C24EEF4A3A672B366EC01BEC2E6765C_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\885FCBBA5FB7344E91F43DBF580C427C_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8DC5285EA359AD0872DC8EF8BC825DF8_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8E41261BA3D25171DFBA614038BB10E3_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F04DB2643337C6330609027D1AFB789_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F489D7C45C6050426671C05C930CC89_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9050C937D8455DBA02A23A78C741C147_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\922225B26620D901A486BB03097584C0_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9377CBF77DFB169D083648419E8F3CFA_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\928B146EED7C3540F38550ADA01F7AA8_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\93C28145270B404D035B1B1C9B5F6707_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9440506DE7F99154E140BA0C5DAEF722_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9590655D2DA203DDD3729CC3B432FFC7_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\97A7F15F212EA21385482701373EBE6A_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\98C85174B6E6C78179E701E3B541BFEB_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\99DDD47B4D97F27A560A3A533D05D425_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9CBC4C5D900EC9A634FAB54992D8384E_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9D16B07497DF1ED5EF925CC649CD1C44_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A01DC43D75AF725FA8CF6A0FD8E7E03D_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A11779FDB16EAB0D63AA69E91B7980B6_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A15E4671868B50AA994DBCCA52D62089_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A184161B3677198483EED8C33A958A6F_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1BD2F4C0E1845377ACA0BB50ABD2521_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A1EBB99EE4F8B85E1A97A80039D915BE_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A2A198980C2C32DD59BA3ADC497AC0BE_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A27C84C3D0326D534462AE6559092526_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A55D5CBE1BA405E33755C29805E86AE5_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A2EB268E93C8255986E206DEF2AFD61D_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A5BE1C48503D35A7E1BAB1662EAB7F93_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A62F90BB80D75AF5FB588CA1EADD140E_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A7AC03753966A5D8793BDE4ADCFE4CEB_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A9FC32729200F074ED619919852C0BD5_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A8501E55ABFFFEE3BA46D5FD6D55EDB5_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AE3A59C64327416BEF25BF64FAB223AE_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF46246D04922DCCE8923FD1E25B7DAD_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ACECD32E3261C7C6B6CA98FB91F7AEF8_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF60236EB28F6C2BDE002FB0286C6671_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0AE8D449287A2AEC9D16A7FEB1A9E51_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B0E65F32C7246FD35DFFDB976FDFB0EC_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B038B7550398E42AD279F506A0790A52_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B1429A56D1F743B06DE190EBC6033729_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B23A38ED66F05E3B06C040C1DFB24CA1_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B363749AF9CED049748BEC953B16E97B_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4F3D392620404EC38FA8FD6635CF018_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B7228CC87EA5BA9E9791517459B13210_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6EEBD6CF291F51589EEBAC8D17F55F6_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B6085C316CE7F27D61CD3D4774C3A5A6_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B852DC9A4F43C7474BD677230C7FBEA0_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B97AE9BFA83818F1DAFB6E755DB248C8_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA4D03545494A8773D64D9B4C224387E_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC7D2C099ECDF0DE85CE6760C3ECC7C0_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BFEC5C50A62F3A0099B7C29E4BE1041E_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BE1EBF1E1FD729ECEF23C1A801217EE2_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C0A3697ACCB4C994C75D7DFCD214FF1F_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C17D0BCE1D489EBD014FD69BD0B11FCF_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2F794D71597E9EDD798BCB68900ED21_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C33CC62CDB67C584D1F3C575F0F41954_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4D3164208098F5C2637DAC0258170E1_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C4F88B87A1A68AE90BFE8B4BA7C2A4EB_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C60926E949A7B0324F54E96B505FB526_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C606B0E26E2E5C5C1CBCD99D7AC2969C_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C709E228F7EC2F37E75E5888D174F6AC_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7A8E66371A542F91DD3480445CC017C_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C7C9306629B2F6EF0FAC8664AE723E26_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C857EB6C713864B0021ABAC4A3B71D89_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C90E68314E0282F6C54E5EB4048E6D97_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8E6442D70B5C9F38D76ECE040BFAEC7_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C9EC86BA46425378057AB3EAD0600063_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD081E40965BCC61AFEA3E8FF804520A_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CD992AB89FB0E5F6126D2DBE12019A67_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CFDB5CF0778736A952C2814A1DBDC3D6_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D952C01C2AE12A9D280D61D3D571D310_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D0FF6B5E3009A5870CD9BB3ABFB494E4_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D03408BF11EEB8595B63E308F24536FA_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D989C34888B0D4E1275397432F59F932_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DACB18839B0A72F67A7530E1EF6C2FBD_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DF2E1E9614703A72C5B4589A3E9B2CD2_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DB666FB6F2597B14D0C3386A9A85CE97_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DFA6DAA38732F02796560C14AD9DF1C4_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DF3B72DA76D62AE564762D3813C97D96_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2140F05393BD67ED91D1FEF119826E7_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E2F7DEA527015C3B02380153208CC1C9_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E3637C3D116FCC7FCC65270861B932C9_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E6FE1D78C9A2745E45C5659EBCDFBDC6_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED3F2EF1AD7A1C7CCC865856D4B171FE_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED62B3F8C2A3448ADD6EF65FBE2D7B08_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF51DDA8CDFFC6FB76086250854BA38C_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE817EAC062CC17913D83F9469F2CC21_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EF6A28386975A903E527A29878D7E3E4_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F128089467D28097EBDF24C67A4F4685_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F2ADB86F6949018C61BF13C53599397B_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F3FC02FC4A35D9D2660094D3226BE50B_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F47ECEBC6E0A013DE04684E573506EF0_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F564B2AA65B94FAFA663C119553E0755_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F656FA6DF45FC66BD957EEAED8272604_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F72C92DB2C8173585BB38DF17B219CD8_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F90B3F268096771E2E81B69EDBC1CFA2_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FACDEB3EBACD867265FE1F671BC3E041_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FADBBEB887B92064ADE81C346D03C663_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F9DCC7A914A1D550D446FBD659A75D15_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD4497EB8B580608D3FBEA97A7972DD7_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD7908C36B699A1DFC5BB17F82041B7E_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FDD1F4CF663F0558A8F592A792BD0625_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD965500809E385FEF02955F8C2560A5_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE0FC6F96BA7153C8F1549D5AF2CE385_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE6BDFDB1E81971EA12BEF3098DBE080_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FFC157A1713949CFD40A245EF2FBF1FF_8E6EEED5-9C3C-48DC-B88F-877054F98912
• C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FF3FD8779D312D80229FB692BD37E7E8_8E6EEED5-9C3C-48DC-B88F-877054F98912

[FONT=Arial]Options[/FONT]

Scanning engines:
Scanning options:

• Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TMP
• Use advanced heuristics

 

[Jay Pfoutz]

Does this game still work: TOM CLANCY'S RAINBOW SIX VEGAS 2 ?

Did you buy/obtain it legally? I want to make sure, because if not, then it needs to be cleaned.

 

[roy392003]

Yes, it work. I bought it.

ESET always block some thing from "C:\Windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U\80000000.@

"C:\Windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U\000000cb.@"

"C:\Windows\Installer\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\U\00000008.@"

The reson is ...They are Agent BA ,Conedex B and Siretet.AP.Hope it would help,thank!

 

[Jay Pfoutz]

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in
  
  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  CreateRestorePoint
  %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
  %AppData%\Local\
  %systemroot%\system32\sysprep
  *.xpi /md5
  %systemroot%\Downloaded Program Files\
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\system32\drivers\*.sys /90
  %systemroot%\System32\config\*.sav
  %SYSTEMDRIVE%\*.exe /md5
  "%WinDir%\$NtUninstallKB*$." /30
  %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
  %systemroot%\*. /mp /s
  %systemroot%\*. /rp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\Installer\ /s
  %systemroot%\system32\Cache\ /s
  %systemroot%\system32\config\systemprofile\Application Data /s
  %PROGRAMFILES%\*.
  %appdata%\*.*
  /md5start
  volsnap.sys
  services.exe
  userinit.exe
  afd.sys
  tcpip.sys
  netbt.sys
  ipsec.sys
  dnsrslvr.dll
  ipnathlp.dll
  netman.dll
  WMIsvc.dll
  srsvc.dll
  sr.sys
  wscsvc.dll
  wuauserv.dll
  qmgr.dll
  es.dll
  cryptsvc.dll
  svchost.exe
  rpcss.dll
  tdx.sys
  wininit.exe
  winlogon.exe
  atapi.sys
  explorer.exe
  /md5stop
• Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

 

[roy392003]

OTL logfile created on: 30/8/2012 12:28:34 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Roy Yip\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

15.99 Gb Total Physical Memory | 13.16 Gb Available Physical Memory | 82.27% Memory free
31.98 Gb Paging File | 28.89 Gb Available in Paging File | 90.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 234.59 Gb Total Space | 61.77 Gb Free Space | 26.33% Space Free | Partition Type: NTFS
Drive E: | 698.63 Gb Total Space | 482.19 Gb Free Space | 69.02% Space Free | Partition Type: NTFS
Drive F: | 74.53 Gb Total Space | 24.42 Gb Free Space | 32.76% Space Free | Partition Type: NTFS
Drive G: | 1863.01 Gb Total Space | 1.41 Gb Free Space | 0.08% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 2.41 Gb Free Space | 0.52% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 308.91 Gb Free Space | 66.32% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 0.14 Gb Free Space | 0.03% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 0.25 Gb Free Space | 0.03% Space Free | Partition Type: NTFS

Computer Name: ROYYIP-PC | User Name: Roy Yip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/30 12:25:27 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Roy Yip\Desktop\OTL.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/19 04:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/11/10 02:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/10/01 03:56:50 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/23 00:02:58 | 011,515,184 | ---- | M] (www.BitComet.com) -- C:\Program Files (x86)\BitComet\BitComet.exe
PRC - [2011/09/09 13:43:22 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011/08/31 18:43:10 | 000,131,320 | ---- | M] (AMD) -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2011/08/31 18:43:08 | 000,147,704 | ---- | M] (AMD) -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2011/08/31 18:43:08 | 000,131,320 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2011/08/31 18:43:08 | 000,073,976 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2010/12/28 01:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) -- C:\Program Files (x86)\BitComet\tools\BitCometService.exe
PRC - [2010/11/25 21:31:10 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010/11/12 08:38:54 | 000,221,144 | ---- | M] (Visicom Media Inc.) -- C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe
PRC - [2010/11/11 03:45:20 | 006,372,656 | ---- | M] (http://www.bitcomet.com) -- C:\Program Files (x86)\BitComet\plugin_emule\plugin_eMule.exe
PRC - [2010/05/07 19:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2010/05/07 19:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 19:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 19:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/02/23 20:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- C:\PPS.tv\PPStream\PPSAP.exe
PRC - [2009/07/31 18:36:14 | 002,680,160 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/07/31 14:23:22 | 000,354,128 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe
PRC - [2009/07/20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/06/08 15:34:58 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2009/06/03 16:33:14 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009/05/27 16:08:46 | 000,868,352 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2009/05/27 16:08:36 | 000,315,392 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
PRC - [2009/05/08 03:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
PRC - [2009/04/03 19:17:42 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/24 12:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008/03/17 17:11:42 | 002,498,560 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN121T\wn121t.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/25 21:30:40 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\hydrazht.dll
MOD - [2010/11/12 10:23:44 | 000,330,584 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2010/05/07 19:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2010/05/07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 19:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/05/07 19:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2008/03/17 17:11:42 | 002,498,560 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN121T\wn121t.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/04/05 19:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/12/15 11:40:08 | 001,977,224 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV:64bit: - [2011/12/15 11:40:08 | 001,338,264 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV:64bit: - [2011/12/15 11:40:06 | 000,319,384 | R--- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2011/09/09 13:43:22 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/08/19 17:43:22 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2010/05/07 19:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/14 07:06:08 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/19 04:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/10/01 03:56:50 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/31 18:43:08 | 000,131,320 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2010/12/28 01:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Running] -- C:\Program Files (x86)\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/30 22:20:36 | 000,192,368 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/07/20 12:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/27 16:08:46 | 000,868,352 | ---- | M] (Cyber Power Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/05 22:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/05 22:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 18:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 05:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/11/18 02:19:57 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/11/17 09:36:31 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/08/09 13:57:12 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 09:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011/08/04 09:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 16:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2011/01/12 02:42:12 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/09 19:45:54 | 004,162,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2010/11/09 19:44:24 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/07/07 23:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010/07/07 23:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/07/07 23:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/07/07 23:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/07/07 23:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/07/07 23:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/07/07 23:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/07/07 23:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/07/07 23:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/07/07 23:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/07/07 23:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010/06/06 20:12:22 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/05/17 18:11:20 | 000,015,408 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BS_I2c64.sys -- (BS_I2cIo)
DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/19 23:42:38 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/22 18:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/19 11:39:04 | 000,234,040 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2010/01/15 02:57:36 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV:64bit: - [2009/10/19 15:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/28 20:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/28 18:38:00 | 000,058,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009/07/27 20:09:48 | 000,058,368 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009/07/24 11:33:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/07 21:39:08 | 000,211,432 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009/06/19 10:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/19 09:59:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/17 12:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 14:48:22 | 000,013,360 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BS_TPIO64.sys -- (BS_TPIO)
DRV:64bit: - [2008/07/10 18:20:16 | 000,021,504 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2007/10/28 21:22:32 | 000,340,480 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WN111x.sys -- (MRV6X64U)
DRV - [2010/01/15 02:57:36 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/09/11 04:23:46 | 000,018,944 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrv64drv.sys -- (Mrvleap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.hk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-hk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 38 74 59 F6 D0 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {59BDBA67-DA9B-4FD4-88DA-41D009386BEE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{59BDBA67-DA9B-4FD4-88DA-41D009386BEE}: "URL" = http://hk.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Roy Yip\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011/09/16 06:44:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/09/16 06:44:43 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/08/24 13:34:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (WebDetectorBHO Class) - {43BEAFD9-E005-483D-A367-146BA6C8A32E} - C:\Program Files (x86)\Tudou\飞速Tudou\tudouDetector.dll (土豆网)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CheckIt Diagnostics 8] C:\Program Files\Smith Micro\CheckIt Diagnostics 8\cd8ctf.exe (Smith Micro)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Antiphishing Domain Advisor] C:\ProgramData\Antiphishing Domain Advisor\vmn3_5dn.exe (Visicom Media Inc.)
O4 - HKLM..\Run: [BiosNotice] C:\Program Files (x86)\BIOSTAR\BiosNotice\BiosNotice.exe ()
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe (Cyber Power Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [BitComet] C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [PPS Accelerator] C:\PPS.tv\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\启动飞速土豆.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 [2012/08/27 10:37:15 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &使用BitComet下載 - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &使用BitComet下載全部連結 - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: 傳送至 OneNote(&N) - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &使用BitComet下載 - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &使用BitComet下載全部連結 - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: 傳送至 OneNote(&N) - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm ()
O9 - Extra Button: Reg Error: Key error. - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (裝置偵測)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09C5506C-D5CF-4F35-BCFC-9607CEEA793C}: DhcpNameServer = 71.9.127.107 68.190.192.35 68.116.46.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8BC4DE1-5F10-49D7-91BA-A70F9A1960B4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/02 14:32:34 | 000,000,000 | R--D | M] - G:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4BD491C7-2222-1504-DC0C-A8CED9560C83} - DirectX
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {60F214E7-55D8-FF34-B7EF-8F4A2E7F8695} - Java (Sun)
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FE600E50-2C69-46D5-ACAA-2B617006245C} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.tscc - C:\Program Files (x86)\MpcStar\Codecs\tscc\tsccvid.dll (TechSmith Corporation)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

 

[roy392003]

========== Files/Folders - Created Within 30 Days ==========

[2012/08/30 12:25:27 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Roy Yip\Desktop\OTL.exe
[2012/08/27 04:17:08 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Roaming\f-secure
[2012/08/27 04:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/08/27 04:10:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/27 04:10:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\update
[2012/08/24 13:24:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/24 13:24:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/24 13:24:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/24 13:11:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/24 13:11:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/24 13:10:11 | 004,737,458 | R--- | C] (Swearware) -- C:\Users\Roy Yip\Desktop\ComboFix.exe
[2012/08/24 05:08:43 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{1876BEDB-37D1-4B4C-82C0-BFD822DD4B98}
[2012/08/23 17:08:31 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{70AC10F9-5A03-4EE0-887C-2CB6FC4934F5}
[2012/08/23 05:08:18 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{02F3329C-6BCF-447C-B40E-B91BED3AF3F8}
[2012/08/22 17:07:56 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{461B2F03-1D60-4BEB-807B-C8D6317979CA}
[2012/08/22 11:28:16 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/22 08:20:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Roaming\Malwarebytes
[2012/08/22 08:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/22 08:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/22 08:19:53 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/22 08:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/22 05:07:31 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{ACF9169F-1CD1-476B-9C0E-F80B8C97D048}
[2012/08/21 17:07:06 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{63490997-CB3E-4E78-B163-C32B984496FE}
[2012/08/21 05:06:42 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{83052195-C2E3-4AB4-A076-15CB0473D700}
[2012/08/21 01:48:42 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rise of the Witch King Unofficial Patch 2.02
[2012/08/20 17:06:29 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{199F1084-1D5D-4D1E-931F-9911B7D1F2C5}
[2012/08/20 16:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\《星海爭霸 II》
[2012/08/20 16:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/08/20 15:59:23 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/08/20 15:54:55 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II.temp
[2012/08/20 15:45:04 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\Documents\StarCraft II
[2012/08/20 15:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2012/08/20 15:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/08/20 15:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012/08/20 05:06:17 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{9E110453-E715-4C7B-B6FF-A76CF897764D}
[2012/08/19 17:06:04 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{B6761FC3-3DEB-4381-8A9A-EEDE0D5154DA}
[2012/08/19 05:05:52 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{DA031531-C94A-442D-A360-264AF0A932A3}
[2012/08/18 17:05:39 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{0AA137AD-C40A-4AD5-8CA5-050F9B248690}
[2012/08/18 05:05:27 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{3BFA2964-9DED-4BBB-8054-50E500CC4866}
[2012/08/17 17:04:46 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{6690BC6B-96EE-4ED1-B71D-CFDDC28F1C28}
[2012/08/17 02:30:35 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{9EC34FF4-CB67-49EB-86D0-93088119888F}
[2012/08/17 02:30:23 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{AFC381E6-0279-4172-8FA5-302343002404}
[2012/08/16 14:31:09 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{8DFE87C6-74F4-4C6B-B097-4E01745909D0}
[2012/08/16 02:30:45 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{468A4D13-AFF7-4F7F-A100-1A0B899CE983}
[2012/08/16 02:30:23 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{4E723BBE-562C-40B8-B5D8-3A3A5335A358}
[2012/08/15 14:29:46 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{5D26C4F5-5E5C-4B72-B10B-A6F240D84A6C}
[2012/08/15 14:29:19 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{C49B059A-BAF3-41AD-838C-4D7971C2C11B}
[2012/08/15 01:33:48 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 01:33:46 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 01:33:46 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 01:33:46 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 01:33:46 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 01:33:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 01:33:45 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/08/15 01:33:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 01:33:44 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 01:33:44 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 01:33:32 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/08/15 01:33:31 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 01:33:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 01:33:31 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 01:33:31 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 01:33:31 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 01:33:30 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 01:33:25 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/15 00:42:42 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/08/14 17:58:46 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{C4A47706-2335-4471-9710-0753847B01CB}
[2012/08/14 17:58:34 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{4A27EC3B-2E2F-4BC0-858F-6E7571AB69A3}
[2012/08/14 07:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2012/08/14 07:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2012/08/14 07:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/08/14 07:06:07 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/14 07:06:07 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/14 05:57:58 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{7EAFAAB3-37CF-49BB-B510-BBAFB926ACBD}
[2012/08/14 05:57:30 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{F33E184B-C00A-4875-9CAB-7D7197DD62C4}
[2012/08/14 04:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/08/13 22:53:24 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{BF2D6CD0-83AA-46A6-9C0C-66309842971D}
[2012/08/13 22:53:01 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{53C15148-8777-419E-A8D3-08647DDA1DEA}
[2012/08/13 10:52:28 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{5383E5EE-88AA-4D0D-864D-7A109AF2E69D}
[2012/08/13 10:52:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{580633FE-07B6-4841-9D18-529FC6B6A7F4}
[2012/08/12 22:51:37 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{12FC1627-06B6-4C4A-8C08-A4E9546F69F0}
[2012/08/12 22:51:14 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{24C18583-5591-4F08-AF95-D24028FFC043}
[2012/08/12 10:50:46 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{4FB48938-E7F4-4F39-A448-F2A041A1F02C}
[2012/08/12 10:50:24 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{211A0E65-9125-40B9-81D1-FF4F68D152A2}
[2012/08/11 22:49:58 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{19EACD02-E456-41CF-B96C-811BB1DBBDF5}
[2012/08/11 22:49:35 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{3114121F-4A21-4368-AEA9-B67C8105F564}
[2012/08/11 10:49:09 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{46DF1A1A-9B4E-4681-BDF9-738B987FD84D}
[2012/08/11 10:48:47 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{1A14E8CC-B835-4B80-A133-BBA51EFB1305}
[2012/08/11 00:11:10 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/08/10 22:48:22 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{EE29170B-8606-48CF-9926-EFC984798AA6}
[2012/08/10 22:47:59 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{26410040-5714-4C5B-86B7-A802FF2CB2D0}
[2012/08/10 10:47:35 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{5E19881C-8065-47AF-8B0F-3147ABA31138}
[2012/08/10 10:47:12 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{320ECA2D-FB29-4252-9B96-F3377F1C788D}
[2012/08/09 22:46:49 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{D86488D1-47DC-4E59-9AA0-3FE52B3FABE1}
[2012/08/09 22:46:26 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{CA0DFE5D-7F60-43F5-90EE-42EC7486DC1A}
[2012/08/09 10:47:58 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\Documents\Any Video Converter
[2012/08/09 10:47:57 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Roaming\AnvSoft
[2012/08/09 10:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2012/08/09 10:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2012/08/09 10:46:03 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{6A4FA2EE-F8A2-44D4-891D-4756A76FF8AB}
[2012/08/09 10:45:41 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{AD756DD4-7AFC-4B05-B980-F38C3A4DEB8E}
[2012/08/08 22:45:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{15D45FC8-F6DC-4196-AB70-512D77539EF5}
[2012/08/08 22:44:42 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{A269BFEE-57F6-4269-AFDF-0A430673BF67}
[2012/08/08 10:44:18 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{A6C94227-D5B3-4BD5-A427-63648313CA94}
[2012/08/08 10:43:56 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{4C4041AA-ABB4-4B51-BC9C-DF420C34A27A}
[2012/08/07 22:43:33 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{B8102E89-BE15-4671-A263-347286D8A655}
[2012/08/07 22:43:07 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{6DC7EB9B-2BAE-4CF9-803A-F98D119E27CE}
[2012/08/07 10:42:44 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{B69473C5-54E4-4B0A-A0E2-2036816D061C}
[2012/08/07 10:42:22 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{B3276097-62A5-458C-9187-C5839BAE7C65}
[2012/08/06 22:41:55 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{6A1EA3BD-AECC-41DB-8BC6-B05D98064C65}
[2012/08/06 22:41:43 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{B35F87F6-1FFB-48AE-809D-572CBF197ED6}
[2012/08/06 10:41:28 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{34AC9246-9773-45A0-BAFB-A3999F28D6CF}
[2012/08/06 10:41:16 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{814BCCB6-CFD9-4DCC-B42A-E3F07CC21300}
[2012/08/05 22:40:51 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{482494B0-E705-4609-B3ED-F93B07AB8570}
[2012/08/05 22:40:29 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{2804BC33-900A-49BA-BBEC-F014668D588F}
[2012/08/05 10:40:05 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{24E514C4-1A8C-4F61-9EEC-BE763A1ECF14}
[2012/08/05 10:39:42 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{611EE387-9777-47E3-8B65-0C1FB26A9911}
[2012/08/04 22:39:19 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{9AEF48F7-ADA8-44EB-8FA4-CE58C82CD304}
[2012/08/04 22:38:57 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{79BDF927-A1DA-47F9-B3F6-F8EF0A07ACCC}
[2012/08/04 10:38:33 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{696929C8-C2E0-408D-9F4C-DE90B77B0FFD}
[2012/08/04 10:38:11 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{D6AC97F9-A5E7-428F-AE59-4BC1B95B3FF5}
[2012/08/03 22:37:48 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{3E8E3C9F-4D2D-46B1-B3A1-4F259644D1DA}
[2012/08/03 22:37:26 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{A214482A-860D-4A06-8437-663F11A57B5D}
[2012/08/03 10:36:50 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{BCD290C9-9AFB-4F3E-9DDE-CCB5CF8E348C}
[2012/08/03 10:36:27 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{EB935108-B16E-4FEF-A7F8-3EC0EC2427DC}
[2012/08/02 22:36:04 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{E2933D49-5F64-494A-962C-1169877C9BCC}
[2012/08/02 22:35:42 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{8E29FA66-D960-4A1C-983C-DDF2694D8CD3}
[2012/08/02 10:35:19 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{2A82CBA1-64BA-4BC1-B6A6-B0BEC808F496}
[2012/08/02 10:34:56 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{7DDF60BB-3401-416F-918D-81C5C0C7A0AF}
[2012/08/02 00:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[BTBBT]蜓樅毞狟5楛极笢恅賤唳
[2012/08/02 00:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\蜓樅毞狟5
[2012/08/02 00:09:41 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\Desktop\新增資料夾 (12)
[2012/08/01 22:34:20 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{F398C358-0CA3-4F9E-8A96-CE37D8AAC168}
[2012/08/01 22:33:57 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{041500D4-9675-448F-863E-0DC5EAE31C8F}
[2012/08/01 10:33:34 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{1F7DD50A-71DF-4B38-918B-AB4BD2B28B7A}
[2012/08/01 10:33:11 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{2D52F759-7164-442B-B2E7-63F92CCC44DF}
[2012/07/31 22:32:49 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{6740FF7B-AE98-46BA-94EC-1184549B6D87}
[2012/07/31 22:32:27 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Local\{4C8788E9-7913-4654-9110-517BB270DE8A}
[2012/07/31 17:13:11 | 000,000,000 | ---D | C] -- C:\Users\Roy Yip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\T-TIME
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 

[roy392003]

========== Files - Modified Within 30 Days ==========

[2012/08/30 12:25:27 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Roy Yip\Desktop\OTL.exe
[2012/08/30 12:23:00 | 000,000,526 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/30 02:40:08 | 001,286,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/30 02:40:08 | 001,043,536 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2012/08/30 02:40:08 | 000,740,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/30 02:40:08 | 000,733,674 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2012/08/30 02:40:08 | 000,005,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/27 21:07:42 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/27 21:07:42 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/27 04:09:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/27 04:09:37 | 4288,581,630 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/26 10:47:26 | 000,618,227 | ---- | M] () -- C:\Users\Roy Yip\Desktop\adwcleaner.exe
[2012/08/24 13:34:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/24 13:09:49 | 004,737,458 | R--- | M] (Swearware) -- C:\Users\Roy Yip\Desktop\ComboFix.exe
[2012/08/22 08:40:06 | 000,302,592 | ---- | M] () -- C:\Users\Roy Yip\Desktop\rpb7un5o.exe
[2012/08/22 08:19:54 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 01:48:42 | 000,002,203 | ---- | M] () -- C:\Users\Roy Yip\Desktop\Unofficial 2.02 Patch Launcher.lnk
[2012/08/20 16:02:59 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\《星海爭霸 II》.lnk
[2012/08/20 04:34:04 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/18 01:10:11 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/08/18 01:09:40 | 000,555,042 | ---- | M] () -- C:\Users\Roy Yip\Desktop\2012-08-18 01.08.50.jpg
[2012/08/17 02:31:50 | 000,030,720 | ---- | M] () -- C:\Users\Roy Yip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/16 05:41:49 | 000,053,715 | ---- | M] () -- C:\Users\Roy Yip\Desktop\hk-travel_hk_gotrip_com_20120815095247328.jpg
[2012/08/16 02:47:04 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012/08/16 02:42:51 | 000,028,356 | ---- | M] () -- C:\Users\Roy Yip\Desktop\xxxxxx2.jpg
[2012/08/16 02:36:51 | 000,048,169 | ---- | M] () -- C:\Users\Roy Yip\Desktop\xxxxx.jpg
[2012/08/15 14:28:47 | 000,428,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/14 08:14:23 | 000,000,875 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2012/08/14 07:06:07 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/14 07:06:07 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/09 10:47:47 | 000,001,200 | ---- | M] () -- C:\Users\Roy Yip\Desktop\Any Video Converter.lnk
[2012/08/09 09:51:12 | 1199,097,052 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/09 03:27:57 | 000,070,099 | ---- | M] () -- C:\Users\Roy Yip\Desktop\Joker.jpg
[2012/08/09 03:18:26 | 000,374,438 | ---- | M] () -- C:\Users\Roy Yip\Desktop\2012-08-09 03.17.18.jpg
[2012/08/04 03:48:56 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/07/31 17:17:31 | 000,000,945 | ---- | M] () -- C:\Users\Roy Yip\Desktop\富甲天下四.lnk
[2012/07/31 17:14:09 | 000,043,520 | ---- | M] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/26 10:47:21 | 000,618,227 | ---- | C] () -- C:\Users\Roy Yip\Desktop\adwcleaner.exe
[2012/08/24 13:24:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/24 13:24:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/24 13:24:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/24 13:24:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/24 13:24:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/22 08:40:04 | 000,302,592 | ---- | C] () -- C:\Users\Roy Yip\Desktop\rpb7un5o.exe
[2012/08/22 08:19:54 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 01:48:42 | 000,002,203 | ---- | C] () -- C:\Users\Roy Yip\Desktop\Unofficial 2.02 Patch Launcher.lnk
[2012/08/20 15:45:04 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\《星海爭霸 II》.lnk
[2012/08/18 01:09:02 | 000,555,042 | ---- | C] () -- C:\Users\Roy Yip\Desktop\2012-08-18 01.08.50.jpg
[2012/08/16 06:34:04 | 000,053,715 | ---- | C] () -- C:\Users\Roy Yip\Desktop\hk-travel_hk_gotrip_com_20120815095247328.jpg
[2012/08/16 02:42:50 | 000,028,356 | ---- | C] () -- C:\Users\Roy Yip\Desktop\xxxxxx2.jpg
[2012/08/16 02:36:51 | 000,048,169 | ---- | C] () -- C:\Users\Roy Yip\Desktop\xxxxx.jpg
[2012/08/14 07:18:30 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012/08/14 07:08:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/08/14 07:06:08 | 000,000,526 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/09 10:47:47 | 000,001,200 | ---- | C] () -- C:\Users\Roy Yip\Desktop\Any Video Converter.lnk
[2012/08/09 03:27:57 | 000,070,099 | ---- | C] () -- C:\Users\Roy Yip\Desktop\Joker.jpg
[2012/08/09 03:18:23 | 000,374,438 | ---- | C] () -- C:\Users\Roy Yip\Desktop\2012-08-09 03.17.18.jpg
[2012/08/02 00:40:55 | 000,000,017 | ---- | C] () -- C:\Windows\tg0157c.ini
[2012/08/02 00:40:55 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\tg0157b.ini
[2012/08/02 00:40:55 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\tg0157a.ini
[2012/08/02 00:40:55 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\22AS6EJH.dll
[2012/07/31 17:13:11 | 000,000,945 | ---- | C] () -- C:\Users\Roy Yip\Desktop\富甲天下四.lnk
[2012/07/31 16:32:24 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012/03/28 16:16:10 | 000,000,095 | ---- | C] () -- C:\Users\Roy Yip\AppData\Local\fusioncache.dat
[2012/03/28 13:45:57 | 000,005,788 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/08 21:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/08 21:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/29 12:15:59 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\BeepApp.exe
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/10 19:14:40 | 000,002,048 | -HS- | C] () -- C:\Users\Roy Yip\AppData\Local\{05e0d007-0ba5-6505-bd5f-380e814a59a0}\@
[2011/10/08 05:28:07 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/21 04:18:33 | 000,000,398 | ---- | C] () -- C:\Windows\AudioConverter.INI
[2011/04/16 01:50:42 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2011/03/29 09:20:34 | 000,000,017 | ---- | C] () -- C:\Users\Roy Yip\AppData\Local\resmon.resmoncfg
[2011/03/14 00:53:13 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/03/06 01:24:24 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/03/06 01:24:24 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/03/05 01:57:03 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2011/03/05 01:24:51 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2011/03/05 01:24:28 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFICHT.DLL
[2011/02/24 01:55:34 | 000,000,171 | ---- | C] () -- C:\Users\Roy Yip\AppData\Roaming\default.rss
[2011/02/22 13:34:56 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/02/22 06:36:31 | 000,030,720 | ---- | C] () -- C:\Users\Roy Yip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/20 03:59:09 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\CNMVS53.DLL
[2011/02/19 11:11:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/09 19:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/11/09 19:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2010/11/09 19:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2009/11/23 12:42:14 | 016,834,517 | ---- | C] () -- C:\Program Files\CheckIt Diagnostics.pdf

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 05:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 05:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 05:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 05:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2010/11/20 05:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 18:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 05:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2010/11/20 05:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2012/06/26 22:50:43 | 011,020,800 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

 

[roy392003]

< %PROGRAMFILES%\*. >
[2011/03/02 15:53:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\7-Zip
[2012/02/29 11:20:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\A bootable USB
[2012/08/14 07:08:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2012/08/14 05:55:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies
[2011/02/20 04:05:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ahead
[2011/02/22 05:43:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Alcohol Soft
[2011/03/17 03:54:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\All Video Fixer
[2011/06/26 02:14:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Amazon
[2012/08/14 05:55:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD
[2012/08/14 05:55:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD APP
[2012/08/14 05:55:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD AVT
[2012/08/09 10:47:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AnvSoft
[2012/06/13 03:21:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2012/08/14 05:55:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2011/10/17 01:05:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Battlelog Web Plugins
[2012/02/09 08:16:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BIOSTAR
[2011/05/12 02:07:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitComet
[2011/02/22 05:18:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CA Yahoo! Anti-Spy
[2011/05/19 02:49:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\chartertoolbar
[2012/08/26 10:58:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/02/21 01:41:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Convar
[2011/04/16 01:59:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
[2011/04/16 01:37:31 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Creative Installation Information
[2012/06/13 03:20:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cyberlink
[2012/08/30 00:00:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
[2011/11/18 02:19:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/09/11 08:11:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EA GAMES
[2011/05/21 04:14:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EaseAudioConverter
[2011/02/20 03:25:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\eHOT Line
[2012/05/22 23:17:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
[2011/10/20 03:05:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free YouTube Downloader
[2012/08/14 05:55:53 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/08/15 03:20:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/10/20 01:58:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/03/09 05:05:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JDownloader
[2011/02/20 04:20:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Logitech
[2012/08/22 08:19:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/23 17:02:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Medieval II Total War - Kingdoms
[2011/07/14 12:32:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Meteor
[2012/06/21 02:12:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/02/21 04:01:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2012/08/15 14:31:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/05/10 03:01:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/02/24 01:40:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/10/11 14:05:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011/10/11 14:04:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/10/17 01:59:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2011/10/11 14:05:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011/02/22 06:56:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mp3DirectCut
[2011/02/20 05:38:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MpcStar
[2011/10/11 14:05:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/02/21 01:52:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011/02/20 04:11:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
[2011/02/20 03:40:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NETGEAR
[2012/05/12 01:11:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NTI
[2011/03/05 01:25:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenAL
[2011/10/01 03:02:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Origin
[2011/10/01 03:16:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Origin Games
[2012/06/13 03:21:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2012/08/14 05:55:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/05/21 02:56:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
[2012/04/01 17:17:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SEGA
[2012/06/13 03:21:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SmartSound Software
[2012/02/01 00:57:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SpeedFan
[2012/08/20 16:14:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarCraft II
[2012/02/11 02:06:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TeamViewer
[2012/08/14 05:25:14 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2012/03/13 16:02:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\THQ
[2011/11/28 01:05:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Toshiba
[2012/07/30 03:10:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tseries BIOS Update
[2011/02/22 04:38:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tudou
[2011/03/14 00:45:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ubisoft
[2009/07/13 21:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2012/06/13 02:30:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Video Converter
[2011/03/17 17:15:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\videofixer
[2011/02/22 05:09:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2009/08/28 21:17:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2012/06/21 02:11:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/02/27 00:56:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live Safety Center
[2011/06/29 00:29:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/06/29 00:29:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 22:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/06/29 00:29:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/06/29 00:29:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/06/29 00:29:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2012/02/23 04:19:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Xenocode
[2011/02/20 05:29:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!
[2011/02/28 20:09:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\YouKu
[2011/04/30 13:35:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Zombie Driver
[2011/11/28 02:07:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\玩轉手機
[2012/08/02 00:41:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\蜓樅毞狟5

 

[roy392003]

< %appdata%\*.* >
[2011/03/07 03:58:18 | 000,000,171 | ---- | M] () -- C:\Users\Roy Yip\AppData\Roaming\default.rss

< MD5 for: AFD.SYS >
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 20:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 21:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 19:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 16:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/27 21:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 02:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 19:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 20:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 20:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 19:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\erdnt\cache86\cryptsvc.dll
[2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\SysWOW64\cryptsvc.dll
[2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2010/11/20 06:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2012/04/23 21:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/04/23 22:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\erdnt\cache64\cryptsvc.dll
[2012/04/23 22:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\SysNative\cryptsvc.dll
[2012/04/23 22:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2012/04/23 21:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2009/07/13 18:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/13 18:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 05:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/23 22:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[2012/04/23 22:36:46 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=CE8BF1423AEE47DA5275FBC8AD3BD642 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll
[2012/04/23 22:59:45 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=F02786B66375292E58C8777082D4396D -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll
[2012/04/23 21:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
[2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
[2009/07/13 18:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=676108C4E3AA6F6B34633748BD0BEBD9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsrslvr.dll
[2011/03/02 23:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=85CF424C74A1D5EC33533E1DBFF9920A -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsrslvr.dll
[2011/03/02 23:12:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
[2010/11/20 06:26:07 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll
[2011/03/02 23:23:37 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=D8065FA366D28746EE3D75F08ED6B2FE -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsrslvr.dll

< MD5 for: ES.DLL >
[2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\erdnt\cache64\es.dll
[2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
[2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\erdnt\cache86\es.dll
[2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
[2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
[2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 02:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 02:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[2009/07/13 16:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\erdnt\cache64\netman.dll
[2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
[2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

< MD5 for: QMGR.DLL >
[2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\erdnt\cache64\qmgr.dll
[2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 18:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\erdnt\cache64\rpcss.dll
[2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2009/07/13 18:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe