Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pesky CouponDropDown


  • This topic is locked This topic is locked
24 replies to this topic

#1 Penwhale

Penwhale

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 22 December 2012 - 02:04 AM

After multiple tries at removing the adware, I have came to my wit's end.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_37
Run by User at 1:57:12 on 2012-12-22
Microsoft Windows 7 Home Premium 6.1.7601.1.932.81.1028.18.8103.2957 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ExpressGateUtil\VAWinService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\AsScrPro.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\User\AppData\Roaming\Windows Live Writer\vvinMgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\real\realplayer\update\realsched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID 登入協助程式: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [VFANzmtpAuth] "C:\Users\User\AppData\Roaming\Apple Computer\zmtpAuth.lnk"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{9C164302-9516-443E-85FD-0B4090D2B757} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{C49E3FC5-409C-4782-9AA9-32B8111F2E32} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C49E3FC5-409C-4782-9AA9-32B8111F2E32}\14C6671684F6D656 : DHCPNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{C49E3FC5-409C-4782-9AA9-32B8111F2E32}\A7F6E6965637 : DHCPNameServer = 192.168.254.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://asus.msn.com
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SynAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\27dmvlve.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\27dmvlve.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-11-19 05:29; torntv@torntv.com; C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\27dmvlve.default\extensions\torntv@torntv.com.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R0 assd;assd;C:\Windows\System32\drivers\assd.sys [2011-6-6 27264]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-6-6 25960]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0604000.009\symds64.sys [2012-10-4 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0604000.009\symefa64.sys [2012-10-4 1129120]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-12-3 1384608]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\0604000.009\ccsetx64.sys [2012-10-4 167072]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20121221.001\IDSviA64.sys [2012-12-22 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0604000.009\ironx64.sys [2012-10-4 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0604000.009\symnets.sys [2012-10-4 405624]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-6-6 377264]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe [2012-10-4 138272]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-6 2655768]
R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2011-1-12 91464]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-1-27 125416]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-1-27 385512]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-19 138912]
R3 IntcDAud;Intel® 顯示器音效;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-4-8 76912]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-8-11 44032]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-10-14 102368]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-2-3 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2009-7-30 118872]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-22 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-10-14 203104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-22 57856]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WSDScan;WSD 掃描支援 (透過 UMB);C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-12-22 04:11:40 -------- d-----w- C:\Users\User\AppData\Local\{F4BD7491-A6B0-4B8C-8C77-C79BEF86CBA3}
2012-12-21 16:11:29 -------- d-----w- C:\Users\User\AppData\Local\{AB99E3C1-ED45-4C63-8AD3-38A6B3F60C6E}
2012-12-21 08:00:37 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 08:00:37 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 08:00:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 08:00:36 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-21 04:11:05 -------- d-----w- C:\Users\User\AppData\Local\{F975098E-4019-4BEC-8F9A-F59EB2106E13}
2012-12-20 09:10:05 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes
2012-12-20 09:09:41 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-20 09:09:38 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-20 09:09:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-20 08:32:47 -------- d-----w- C:\Users\User\AppData\Local\{7E9C1871-399E-4549-9417-F795EEF69F58}
2012-12-19 20:32:36 -------- d-----w- C:\Users\User\AppData\Local\{5CD1CF58-4D5B-4507-AD20-AE7B9095415C}
2012-12-19 08:32:25 -------- d-----w- C:\Users\User\AppData\Local\{2CF0BF6A-94F6-4391-B554-2E7250093F40}
2012-12-16 14:38:18 -------- d-----w- C:\Program Files\iPod
2012-12-16 14:38:16 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-16 14:38:16 -------- d-----w- C:\Program Files\iTunes
2012-12-14 01:38:54 -------- d-----w- C:\Users\User\AppData\Local\{04DAF21E-48A5-4D51-992D-31491FF9F3AA}
2012-12-13 19:30:28 5955856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-12-12 13:37:31 -------- d-----w- C:\Users\User\AppData\Local\{EDBF1A4F-C876-46D9-8AD3-32FC61CDFC1A}
2012-12-12 08:01:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-12-12 08:01:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-12-12 08:01:59 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2012-12-12 08:01:59 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2012-12-12 01:02:54 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-12 01:02:54 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-12-07 13:34:15 -------- d-----w- C:\Users\User\AppData\Local\{B793FDE7-5CCD-4DDE-BBA6-45C54AABE246}
2012-12-06 16:07:18 -------- d-----w- C:\Users\User\AppData\Local\{019D8FFB-A4B2-44E3-A193-047AB3BB469F}
2012-12-05 14:05:00 6656 ----a-w- C:\Windows\SysWow64\kDays.dll
2012-12-04 00:12:15 -------- d-----w- C:\Users\User\AppData\Local\{DFFC3313-023B-41D7-819A-79726281E59B}
2012-12-03 12:07:49 -------- d-----w- C:\Users\User\AppData\Local\{374AD702-BA1A-4976-A533-413E4AF2FC05}
2012-12-03 00:07:38 -------- d-----w- C:\Users\User\AppData\Local\{E0FF2011-3D61-41A8-93C4-D64211060E10}
2012-12-02 12:07:28 -------- d-----w- C:\Users\User\AppData\Local\{F33D4264-D95D-49DF-9FF4-CB3FD7EFAD25}
2012-12-02 00:07:17 -------- d-----w- C:\Users\User\AppData\Local\{41A3A47F-66F4-47E9-9E71-422DBF8320DF}
2012-12-01 12:07:06 -------- d-----w- C:\Users\User\AppData\Local\{112162BF-1E17-43DF-A873-E4D0D0D26DC4}
2012-12-01 00:06:55 -------- d-----w- C:\Users\User\AppData\Local\{1413288A-E0DD-411F-AD38-FD91311DE21E}
2012-11-30 12:06:45 -------- d-----w- C:\Users\User\AppData\Local\{CD049AA5-2D2B-4718-A2F7-91528F6AA8C7}
2012-11-30 03:12:42 298392 ----a-w- C:\Windows\System32\WDMBL_3G1NC.dll
2012-11-30 00:06:34 -------- d-----w- C:\Users\User\AppData\Local\{9130E4D2-B6CF-4715-B91C-788583E85537}
2012-11-29 12:06:23 -------- d-----w- C:\Users\User\AppData\Local\{01C21C75-60DF-42F7-A5BC-80290F398E05}
2012-11-29 00:06:12 -------- d-----w- C:\Users\User\AppData\Local\{5192006E-38ED-4392-A3FB-BF329B8A89C7}
2012-11-28 12:06:01 -------- d-----w- C:\Users\User\AppData\Local\{F809BB6E-B6AB-4118-89DC-B0783504B887}
2012-11-28 00:05:49 -------- d-----w- C:\Users\User\AppData\Local\{33E5755E-2F8A-457C-8905-7BE1DEF2E534}
2012-11-27 12:05:39 -------- d-----w- C:\Users\User\AppData\Local\{81D8DA69-7C00-4D4D-8AE5-CF95462073D5}
2012-11-27 00:05:28 -------- d-----w- C:\Users\User\AppData\Local\{64CB6817-3276-47CA-BCFE-9F64C1D6D291}
2012-11-26 12:05:17 -------- d-----w- C:\Users\User\AppData\Local\{B9569716-775B-470E-A582-1EA3EB43D281}
2012-11-26 00:04:58 -------- d-----w- C:\Users\User\AppData\Local\{5D5E1F5A-3381-4120-A43E-A11EB53D7191}
2012-11-25 12:04:44 -------- d-----w- C:\Users\User\AppData\Local\{5ECCD581-AA90-4766-B91E-0067BAECCD67}
2012-11-24 23:59:14 -------- d-----w- C:\Users\User\AppData\Local\{EA1A7BCB-AE17-4D7F-84B1-F1CA0BEF22A2}
2012-11-24 10:05:52 -------- d-----w- C:\Users\User\AppData\Local\{B9B39D2E-B7D9-4527-88C0-DFF8F9331F70}
2012-11-23 22:05:41 -------- d-----w- C:\Users\User\AppData\Local\{51C10983-3B72-470B-BED6-03B738B7395B}
2012-11-23 10:05:31 -------- d-----w- C:\Users\User\AppData\Local\{844FA3E5-8503-49EC-9829-70BE6AD3C4AD}
2012-11-22 22:05:20 -------- d-----w- C:\Users\User\AppData\Local\{6580BE6C-6FE8-45F4-96AA-FF47A685122D}
2012-11-22 12:10:42 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-11-22 12:10:42 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-11-22 12:10:42 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-11-22 12:10:42 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-22 12:10:42 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-11-22 12:10:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-22 12:10:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-11-22 12:10:42 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-11-22 12:10:42 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2012-11-22 10:04:50 -------- d-----w- C:\Users\User\AppData\Local\{619BCB43-ED1E-4A3A-80AE-FA8F96A77C65}
.
==================== Find3M ====================
.
2012-12-21 08:18:42 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-12-11 19:06:23 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 19:06:23 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-28 16:18:02 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-09-28 16:18:02 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-24 19:32:24 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-24 19:32:20 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 1:57:49.93 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:47 PM

Posted 22 December 2012 - 02:23 AM

Hello Penwhale,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.


Do you have a USB Flash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Penwhale

Penwhale
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 22 December 2012 - 03:33 AM

I do have flash drives as well as network drives to backup data, yes.

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:47 PM

Posted 22 December 2012 - 10:24 AM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Penwhale

Penwhale
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 22 December 2012 - 11:10 AM

Log reproduced below...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-12-2012
Ran by SYSTEM at 22-12-2012 10:59:46
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-10] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2712360 2011-03-03] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-03-03] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2226280 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [371 2012-12-21] ()
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe [191304 2011-01-13] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-17] ()
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot [296096 2012-09-28] (RealNetworks, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [309688 2012-10-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
HKU\UpdatusUser\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-02-03] (Google Inc.)
HKU\UpdatusUser\...\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 [301568 2011-08-16] (Microsoft Corporation)
HKU\UpdatusUser\...\Policies\system: [LogonHoursAction] 2
HKU\UpdatusUser\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\User\...\Run: [VFANzmtpAuth] "C:\Users\User\AppData\Roaming\Apple Computer\zmtpAuth.lnk" [x]
HKU\User\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [966072 2012-10-11] (Samsung)
HKU\User\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [580096 2012-10-09] (Samsung Electronics)
HKU\User\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [842680 2012-10-11] (Samsung)
HKU\User\...\Policies\system: [LogonHoursAction] 2
HKU\User\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()

==================== Services (Whitelisted) ===================

2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com)
2 N360; "C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] ()
2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-01-12] ()

==================== Drivers (Whitelisted) =====================

0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)
1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [1384608 2012-10-23] (Symantec Corporation)
1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2009-12-18] ()
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-19] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-19] (Symantec Corporation)
3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [118872 2009-07-30] (QUALCOMM Incorporated)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20121221.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20121221.024\ENG64.SYS [126112 2012-12-22] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20121221.024\EX64.SYS [2084000 2012-12-22] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0604000.009\SYMDS64.SYS [451192 2012-01-17] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0604000.009\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-05] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [190072 2012-01-17] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [405624 2012-01-17] (Symantec Corporation)
3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-22 10:59 - 2012-12-22 10:59 - 00000000 ____D C:\FRST
2012-12-22 07:57 - 2012-12-22 07:57 - 00001078 ____A C:\Users\User\Documents\Haganai.txt
2012-12-21 22:57 - 2012-12-21 22:57 - 00035557 ____A C:\Users\User\Desktop\dds.txt
2012-12-21 22:57 - 2012-12-21 22:57 - 00009782 ____A C:\Users\User\Desktop\attach.txt
2012-12-21 22:56 - 2012-12-21 22:56 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.com
2012-12-21 20:11 - 2012-12-21 20:11 - 00000000 ____D C:\Users\User\AppData\Local\{F4BD7491-A6B0-4B8C-8C77-C79BEF86CBA3}
2012-12-21 19:25 - 2012-12-21 19:25 - 00000372 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_User.job
2012-12-21 19:25 - 2012-12-21 19:25 - 00000366 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_User.job
2012-12-21 19:25 - 2012-12-21 19:25 - 00000362 ____A C:\Windows\Tasks\ReclaimerUpdateXML_User.job
2012-12-21 08:11 - 2012-12-21 08:11 - 00000000 ____D C:\Users\User\AppData\Local\{AB99E3C1-ED45-4C63-8AD3-38A6B3F60C6E}
2012-12-21 00:00 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-21 00:00 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-21 00:00 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-21 00:00 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-20 20:11 - 2012-12-20 20:11 - 00000000 ____D C:\Users\User\AppData\Local\{F975098E-4019-4BEC-8F9A-F59EB2106E13}
2012-12-20 01:10 - 2012-12-20 01:10 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2012-12-20 01:09 - 2012-12-20 01:09 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-20 01:09 - 2012-12-20 01:09 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-20 01:09 - 2012-12-20 01:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-20 01:09 - 2012-09-29 16:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-12-20 01:08 - 2012-12-20 01:08 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-1.65.1.1000.exe
2012-12-20 00:32 - 2012-12-20 00:32 - 00000000 ____D C:\Users\User\AppData\Local\{7E9C1871-399E-4549-9417-F795EEF69F58}
2012-12-19 12:32 - 2012-12-19 12:32 - 00000000 ____D C:\Users\User\AppData\Local\{5CD1CF58-4D5B-4507-AD20-AE7B9095415C}
2012-12-19 00:32 - 2012-12-19 00:32 - 00000000 ____D C:\Users\User\AppData\Local\{2CF0BF6A-94F6-4391-B554-2E7250093F40}
2012-12-16 06:39 - 2012-12-16 06:39 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-16 06:38 - 2012-12-16 06:39 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-16 06:38 - 2012-12-16 06:39 - 00000000 ____D C:\Program Files\iTunes
2012-12-16 06:38 - 2012-12-16 06:38 - 00000000 ____D C:\Program Files\iPod
2012-12-15 07:41 - 2012-12-15 07:53 - 00001981 ____A C:\Users\User\Documents\TSP-LP4.ltx
2012-12-13 17:38 - 2012-12-16 05:41 - 00000000 ____D C:\Users\User\AppData\Local\{04DAF21E-48A5-4D51-992D-31491FF9F3AA}
2012-12-13 10:37 - 2012-12-13 10:37 - 00000572 ____A C:\Users\User\Desktop\????????.lnk
2012-12-13 10:37 - 2012-12-13 10:37 - 00000572 ____A C:\Users\UpdatusUser\Desktop\????????.lnk
2012-12-12 11:26 - 2012-12-12 12:28 - 554143835 ____A C:\Users\User\Downloads\Layers Cute Hard Arisa.part2.rar
2012-12-12 05:37 - 2012-12-13 05:38 - 00000000 ____D C:\Users\User\AppData\Local\{EDBF1A4F-C876-46D9-8AD3-32FC61CDFC1A}
2012-12-12 02:55 - 2012-12-12 03:34 - 00002169 ____A C:\Users\User\Documents\TSP-LP3.ltx
2012-12-12 01:50 - 2012-12-12 02:11 - 00001278 ____A C:\Users\User\Documents\TSP-LP2.ltx
2012-12-12 00:02 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-12 00:02 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-12 00:02 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-12 00:02 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-12 00:02 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-12 00:02 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-12 00:02 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-12 00:02 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-12 00:02 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-12 00:02 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-12 00:02 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-12 00:02 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-12 00:02 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-12 00:02 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-12 00:02 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-12 00:02 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-12 00:02 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-12 00:02 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-12 00:02 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-12 00:02 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-12 00:02 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-12 00:02 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-12 00:02 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-12 00:02 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-12 00:02 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-12 00:01 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-12 00:01 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-12 00:01 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-12 00:01 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-12 00:01 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-12 00:01 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-12 00:01 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-11 23:09 - 2012-12-12 03:05 - 00001450 ____A C:\Users\User\Documents\TSP-LP.ltx
2012-12-11 19:54 - 2012-12-11 21:15 - 629145600 ____A C:\Users\User\Downloads\Layers Cute Hard Arisa.part1.rar
2012-12-11 19:47 - 2012-12-16 10:46 - 00010277 ____A C:\Users\User\Documents\TSP.xlsx
2012-12-11 19:47 - 2012-12-11 19:47 - 00062389 ____A C:\Users\User\Documents\TSP.ltx
2012-12-11 19:47 - 2012-12-11 19:47 - 00001140 ____A C:\Users\User\Documents\TSP-LP
2012-12-11 19:47 - 2012-12-11 19:47 - 00000331 ____A C:\Users\User\Documents\TSP.txt
2012-12-11 17:03 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-11 17:03 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-11 17:03 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-11 17:03 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-11 17:03 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-11 17:03 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-11 17:03 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-11 17:03 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-11 17:03 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-11 17:03 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-11 17:03 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-11 17:03 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-11 17:03 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-11 17:03 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-11 17:03 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-11 17:03 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-11 17:03 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-11 17:03 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-11 17:02 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-11 17:02 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-07 05:34 - 2012-12-11 17:37 - 00000000 ____D C:\Users\User\AppData\Local\{B793FDE7-5CCD-4DDE-BBA6-45C54AABE246}
2012-12-06 08:07 - 2012-12-06 08:07 - 00000000 ____D C:\Users\User\AppData\Local\{019D8FFB-A4B2-44E3-A193-047AB3BB469F}
2012-12-05 06:05 - 2012-07-27 17:32 - 00006656 ____A (Azure[LCG/kDays]) C:\Windows\SysWOW64\kDays.dll
2012-12-05 05:46 - 2012-12-05 05:46 - 05524976 ____N C:\Users\User\Desktop\[NoDVD・・隱崎ィシ・?驕ソ] (荳?・ャ・イ・シ・) [120727] [Key] Rewrite Harvest festa・・-・ェ・ゥ・、・? .bin
2012-12-04 21:43 - 2012-12-04 21:43 - 00000675 ____A C:\Users\User\Desktop\Rewrite Harvest festa!.lnk
2012-12-03 16:12 - 2012-12-03 16:12 - 00000000 ____D C:\Users\User\AppData\Local\{DFFC3313-023B-41D7-819A-79726281E59B}
2012-12-03 04:07 - 2012-12-03 04:07 - 00000000 ____D C:\Users\User\AppData\Local\{374AD702-BA1A-4976-A533-413E4AF2FC05}
2012-12-02 16:07 - 2012-12-02 16:07 - 00000000 ____D C:\Users\User\AppData\Local\{E0FF2011-3D61-41A8-93C4-D64211060E10}
2012-12-02 04:07 - 2012-12-02 04:07 - 00000000 ____D C:\Users\User\AppData\Local\{F33D4264-D95D-49DF-9FF4-CB3FD7EFAD25}
2012-12-01 22:10 - 2012-12-03 13:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-01 16:07 - 2012-12-01 16:07 - 00000000 ____D C:\Users\User\AppData\Local\{41A3A47F-66F4-47E9-9E71-422DBF8320DF}
2012-12-01 04:07 - 2012-12-01 04:07 - 00000000 ____D C:\Users\User\AppData\Local\{112162BF-1E17-43DF-A873-E4D0D0D26DC4}
2012-11-30 16:06 - 2012-11-30 16:07 - 00000000 ____D C:\Users\User\AppData\Local\{1413288A-E0DD-411F-AD38-FD91311DE21E}
2012-11-30 04:06 - 2012-11-30 04:06 - 00000000 ____D C:\Users\User\AppData\Local\{CD049AA5-2D2B-4718-A2F7-91528F6AA8C7}
2012-11-29 19:12 - 2012-11-29 19:12 - 00298392 ____A (Western Digital) C:\Windows\System32\WDMBL_3G1NC.dll
2012-11-29 16:06 - 2012-11-29 16:06 - 00000000 ____D C:\Users\User\AppData\Local\{9130E4D2-B6CF-4715-B91C-788583E85537}
2012-11-29 04:06 - 2012-11-29 04:06 - 00000000 ____D C:\Users\User\AppData\Local\{01C21C75-60DF-42F7-A5BC-80290F398E05}
2012-11-28 16:06 - 2012-11-28 16:06 - 00000000 ____D C:\Users\User\AppData\Local\{5192006E-38ED-4392-A3FB-BF329B8A89C7}
2012-11-28 04:06 - 2012-11-28 04:06 - 00000000 ____D C:\Users\User\AppData\Local\{F809BB6E-B6AB-4118-89DC-B0783504B887}
2012-11-27 16:05 - 2012-11-27 16:06 - 00000000 ____D C:\Users\User\AppData\Local\{33E5755E-2F8A-457C-8905-7BE1DEF2E534}
2012-11-27 06:45 - 2012-11-27 09:53 - 124403923 ____A C:\Users\User\Downloads\????16.rar
2012-11-27 04:05 - 2012-11-27 04:05 - 00000000 ____D C:\Users\User\AppData\Local\{81D8DA69-7C00-4D4D-8AE5-CF95462073D5}
2012-11-26 16:05 - 2012-11-26 16:05 - 00000000 ____D C:\Users\User\AppData\Local\{64CB6817-3276-47CA-BCFE-9F64C1D6D291}
2012-11-26 04:05 - 2012-11-26 04:05 - 00000000 ____D C:\Users\User\AppData\Local\{B9569716-775B-470E-A582-1EA3EB43D281}
2012-11-25 16:04 - 2012-11-25 16:05 - 00000000 ____D C:\Users\User\AppData\Local\{5D5E1F5A-3381-4120-A43E-A11EB53D7191}
2012-11-25 04:04 - 2012-11-25 04:04 - 00000000 ____D C:\Users\User\AppData\Local\{5ECCD581-AA90-4766-B91E-0067BAECCD67}
2012-11-25 03:22 - 2012-11-28 22:14 - 00000743 ____A C:\Windows\GMUD32.INI
2012-11-25 03:22 - 2012-11-28 22:14 - 00000000 ____D C:\Users\User\Documents\gmd3219b
2012-11-24 15:59 - 2012-11-24 15:59 - 00000000 ____D C:\Users\User\AppData\Local\{EA1A7BCB-AE17-4D7F-84B1-F1CA0BEF22A2}
2012-11-24 02:05 - 2012-11-24 02:06 - 00000000 ____D C:\Users\User\AppData\Local\{B9B39D2E-B7D9-4527-88C0-DFF8F9331F70}
2012-11-23 14:05 - 2012-11-23 14:05 - 00000000 ____D C:\Users\User\AppData\Local\{51C10983-3B72-470B-BED6-03B738B7395B}
2012-11-23 02:05 - 2012-11-23 02:05 - 00000000 ____D C:\Users\User\AppData\Local\{844FA3E5-8503-49EC-9829-70BE6AD3C4AD}
2012-11-22 14:05 - 2012-11-22 14:05 - 00000000 ____D C:\Users\User\AppData\Local\{6580BE6C-6FE8-45F4-96AA-FF47A685122D}
2012-11-22 04:16 - 2012-08-23 06:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2012-11-22 04:16 - 2012-08-23 06:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2012-11-22 04:16 - 2012-08-23 06:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2012-11-22 04:16 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2012-11-22 04:16 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2012-11-22 04:16 - 2012-08-23 05:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-22 04:16 - 2012-08-23 05:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-22 04:16 - 2012-08-23 05:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-11-22 04:16 - 2012-08-23 05:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2012-11-22 04:16 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2012-11-22 04:16 - 2012-08-23 05:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2012-11-22 04:16 - 2012-08-23 05:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-11-22 04:16 - 2012-08-23 04:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2012-11-22 04:16 - 2012-08-23 03:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2012-11-22 04:16 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2012-11-22 04:16 - 2012-08-23 03:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2012-11-22 04:16 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2012-11-22 04:16 - 2012-08-23 02:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2012-11-22 04:16 - 2012-08-23 02:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2012-11-22 04:16 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2012-11-22 04:16 - 2012-08-23 02:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-11-22 04:16 - 2012-08-23 01:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-11-22 04:16 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2012-11-22 04:16 - 2012-08-23 00:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-11-22 04:10 - 2012-08-24 10:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-11-22 04:10 - 2012-08-24 10:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-11-22 04:10 - 2012-08-24 10:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-11-22 04:10 - 2012-08-24 10:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-11-22 04:10 - 2012-08-24 10:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-11-22 04:10 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-11-22 04:10 - 2012-08-24 08:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-11-22 04:10 - 2012-08-24 08:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-11-22 04:10 - 2012-08-24 08:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-11-22 04:06 - 2012-11-22 04:06 - 00015236 ____A C:\Users\User\Downloads\ExtremeErrLogTool.zip
2012-11-22 02:04 - 2012-11-22 02:05 - 00000000 ____D C:\Users\User\AppData\Local\{619BCB43-ED1E-4A3A-80AE-FA8F96A77C65}

==================== One Month Modified Files and Folders =======

2012-12-22 07:58 - 2011-06-06 09:20 - 01775228 ____A C:\Windows\WindowsUpdate.log
2012-12-22 07:57 - 2012-12-22 07:57 - 00001078 ____A C:\Users\User\Documents\Haganai.txt
2012-12-22 07:46 - 2011-08-13 00:07 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2012-12-22 07:43 - 2011-02-03 05:57 - 00000556 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-22 07:06 - 2012-04-13 19:33 - 00000526 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-21 22:57 - 2012-12-21 22:57 - 00035557 ____A C:\Users\User\Desktop\dds.txt
2012-12-21 22:57 - 2012-12-21 22:57 - 00009782 ____A C:\Users\User\Desktop\attach.txt
2012-12-21 22:56 - 2012-12-21 22:56 - 00688992 ____R (Swearware) C:\Users\User\Downloads\dds.com
2012-12-21 22:43 - 2011-02-03 05:57 - 00000552 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-21 20:11 - 2012-12-21 20:11 - 00000000 ____D C:\Users\User\AppData\Local\{F4BD7491-A6B0-4B8C-8C77-C79BEF86CBA3}
2012-12-21 19:25 - 2012-12-21 19:25 - 00000372 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_User.job
2012-12-21 19:25 - 2012-12-21 19:25 - 00000366 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_User.job
2012-12-21 19:25 - 2012-12-21 19:25 - 00000362 ____A C:\Windows\Tasks\ReclaimerUpdateXML_User.job
2012-12-21 08:21 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-21 08:21 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-21 08:11 - 2012-12-21 08:11 - 00000000 ____D C:\Users\User\AppData\Local\{AB99E3C1-ED45-4C63-8AD3-38A6B3F60C6E}
2012-12-21 00:23 - 2009-08-03 22:25 - 00390430 ____A C:\Windows\System32\prfh0404.dat
2012-12-21 00:23 - 2009-08-03 22:25 - 00104412 ____A C:\Windows\System32\prfc0404.dat
2012-12-21 00:23 - 2009-07-13 21:13 - 01238070 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-21 00:19 - 2011-11-25 20:33 - 00000000 ____D C:\Users\User\AppData\Local\Htc
2012-12-21 00:19 - 2011-08-05 03:28 - 00000000 ____D C:\Users\User\Documents\Bluetooth Folder
2012-12-21 00:18 - 2011-08-05 03:27 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-12-21 00:17 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-21 00:17 - 2009-07-13 20:51 - 00078654 ____A C:\Windows\setupact.log
2012-12-21 00:17 - 2009-07-13 20:45 - 00309952 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-20 20:11 - 2012-12-20 20:11 - 00000000 ____D C:\Users\User\AppData\Local\{F975098E-4019-4BEC-8F9A-F59EB2106E13}
2012-12-20 19:23 - 2011-08-17 01:00 - 00000000 ____D C:\Program Files (x86)\Steam
2012-12-20 02:49 - 2011-06-06 09:16 - 00663226 ____A C:\Windows\PFRO.log
2012-12-20 02:47 - 2011-08-14 04:17 - 00000000 ____D C:\Users\User\AppData\Local\Apple Computer
2012-12-20 01:10 - 2012-12-20 01:10 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2012-12-20 01:09 - 2012-12-20 01:09 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-20 01:09 - 2012-12-20 01:09 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-12-20 01:09 - 2012-12-20 01:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-20 01:08 - 2012-12-20 01:08 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-1.65.1.1000.exe
2012-12-20 00:32 - 2012-12-20 00:32 - 00000000 ____D C:\Users\User\AppData\Local\{7E9C1871-399E-4549-9417-F795EEF69F58}
2012-12-19 12:32 - 2012-12-19 12:32 - 00000000 ____D C:\Users\User\AppData\Local\{5CD1CF58-4D5B-4507-AD20-AE7B9095415C}
2012-12-19 07:49 - 2011-08-13 00:07 - 00000000 ____D C:\Users\All Users\Skype
2012-12-19 00:32 - 2012-12-19 00:32 - 00000000 ____D C:\Users\User\AppData\Local\{2CF0BF6A-94F6-4391-B554-2E7250093F40}
2012-12-16 10:46 - 2012-12-11 19:47 - 00010277 ____A C:\Users\User\Documents\TSP.xlsx
2012-12-16 09:11 - 2012-12-21 00:00 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 06:45 - 2012-12-21 00:00 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 06:39 - 2012-12-16 06:39 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-16 06:39 - 2012-12-16 06:38 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-16 06:39 - 2012-12-16 06:38 - 00000000 ____D C:\Program Files\iTunes
2012-12-16 06:39 - 2012-06-04 20:13 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-12-16 06:38 - 2012-12-16 06:38 - 00000000 ____D C:\Program Files\iPod
2012-12-16 06:13 - 2012-12-21 00:00 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-16 06:13 - 2012-12-21 00:00 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-16 05:41 - 2012-12-13 17:38 - 00000000 ____D C:\Users\User\AppData\Local\{04DAF21E-48A5-4D51-992D-31491FF9F3AA}
2012-12-15 07:53 - 2012-12-15 07:41 - 00001981 ____A C:\Users\User\Documents\TSP-LP4.ltx
2012-12-13 10:37 - 2012-12-13 10:37 - 00000572 ____A C:\Users\User\Desktop\????????.lnk
2012-12-13 10:37 - 2012-12-13 10:37 - 00000572 ____A C:\Users\UpdatusUser\Desktop\????????.lnk
2012-12-13 05:38 - 2012-12-12 05:37 - 00000000 ____D C:\Users\User\AppData\Local\{EDBF1A4F-C876-46D9-8AD3-32FC61CDFC1A}
2012-12-12 12:28 - 2012-12-12 11:26 - 554143835 ____A C:\Users\User\Downloads\Layers Cute Hard Arisa.part2.rar
2012-12-12 03:34 - 2012-12-12 02:55 - 00002169 ____A C:\Users\User\Documents\TSP-LP3.ltx
2012-12-12 03:05 - 2012-12-11 23:09 - 00001450 ____A C:\Users\User\Documents\TSP-LP.ltx
2012-12-12 02:11 - 2012-12-12 01:50 - 00001278 ____A C:\Users\User\Documents\TSP-LP2.ltx
2012-12-12 02:11 - 2012-02-04 13:53 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2012-12-12 00:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-12 00:03 - 2011-08-12 14:24 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-12 00:01 - 2011-08-13 20:42 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-11 21:15 - 2012-12-11 19:54 - 629145600 ____A C:\Users\User\Downloads\Layers Cute Hard Arisa.part1.rar
2012-12-11 19:47 - 2012-12-11 19:47 - 00062389 ____A C:\Users\User\Documents\TSP.ltx
2012-12-11 19:47 - 2012-12-11 19:47 - 00001140 ____A C:\Users\User\Documents\TSP-LP
2012-12-11 19:47 - 2012-12-11 19:47 - 00000331 ____A C:\Users\User\Documents\TSP.txt
2012-12-11 17:37 - 2012-12-07 05:34 - 00000000 ____D C:\Users\User\AppData\Local\{B793FDE7-5CCD-4DDE-BBA6-45C54AABE246}
2012-12-11 11:06 - 2012-04-13 19:32 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-11 11:06 - 2011-08-13 00:15 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-07 02:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-12-06 08:07 - 2012-12-06 08:07 - 00000000 ____D C:\Users\User\AppData\Local\{019D8FFB-A4B2-44E3-A193-047AB3BB469F}
2012-12-05 05:46 - 2012-12-05 05:46 - 05524976 ____N C:\Users\User\Desktop\[NoDVD・・隱崎ィシ・?驕ソ] (荳?・ャ・イ・シ・) [120727] [Key] Rewrite Harvest festa・・-・ェ・ゥ・、・? .bin
2012-12-05 05:43 - 2011-12-15 05:05 - 00000000 ____D C:\Users\User\Documents\Key
2012-12-05 05:43 - 2011-12-15 04:54 - 00000000 ____D C:\Users\All Users\ASign
2012-12-05 05:39 - 2012-06-14 15:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-04 21:43 - 2012-12-04 21:43 - 00000675 ____A C:\Users\User\Desktop\Rewrite Harvest festa!.lnk
2012-12-03 16:12 - 2012-12-03 16:12 - 00000000 ____D C:\Users\User\AppData\Local\{DFFC3313-023B-41D7-819A-79726281E59B}
2012-12-03 13:31 - 2012-12-01 22:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-12-03 04:07 - 2012-12-03 04:07 - 00000000 ____D C:\Users\User\AppData\Local\{374AD702-BA1A-4976-A533-413E4AF2FC05}
2012-12-02 16:07 - 2012-12-02 16:07 - 00000000 ____D C:\Users\User\AppData\Local\{E0FF2011-3D61-41A8-93C4-D64211060E10}
2012-12-02 04:07 - 2012-12-02 04:07 - 00000000 ____D C:\Users\User\AppData\Local\{F33D4264-D95D-49DF-9FF4-CB3FD7EFAD25}
2012-12-01 16:07 - 2012-12-01 16:07 - 00000000 ____D C:\Users\User\AppData\Local\{41A3A47F-66F4-47E9-9E71-422DBF8320DF}
2012-12-01 04:07 - 2012-12-01 04:07 - 00000000 ____D C:\Users\User\AppData\Local\{112162BF-1E17-43DF-A873-E4D0D0D26DC4}
2012-11-30 16:07 - 2012-11-30 16:06 - 00000000 ____D C:\Users\User\AppData\Local\{1413288A-E0DD-411F-AD38-FD91311DE21E}
2012-11-30 04:06 - 2012-11-30 04:06 - 00000000 ____D C:\Users\User\AppData\Local\{CD049AA5-2D2B-4718-A2F7-91528F6AA8C7}
2012-11-29 19:12 - 2012-11-29 19:12 - 00298392 ____A (Western Digital) C:\Windows\System32\WDMBL_3G1NC.dll
2012-11-29 16:06 - 2012-11-29 16:06 - 00000000 ____D C:\Users\User\AppData\Local\{9130E4D2-B6CF-4715-B91C-788583E85537}
2012-11-29 04:06 - 2012-11-29 04:06 - 00000000 ____D C:\Users\User\AppData\Local\{01C21C75-60DF-42F7-A5BC-80290F398E05}
2012-11-28 22:14 - 2012-11-25 03:22 - 00000743 ____A C:\Windows\GMUD32.INI
2012-11-28 22:14 - 2012-11-25 03:22 - 00000000 ____D C:\Users\User\Documents\gmd3219b
2012-11-28 16:06 - 2012-11-28 16:06 - 00000000 ____D C:\Users\User\AppData\Local\{5192006E-38ED-4392-A3FB-BF329B8A89C7}
2012-11-28 04:06 - 2012-11-28 04:06 - 00000000 ____D C:\Users\User\AppData\Local\{F809BB6E-B6AB-4118-89DC-B0783504B887}
2012-11-27 16:06 - 2012-11-27 16:05 - 00000000 ____D C:\Users\User\AppData\Local\{33E5755E-2F8A-457C-8905-7BE1DEF2E534}
2012-11-27 09:53 - 2012-11-27 06:45 - 124403923 ____A C:\Users\User\Downloads\????16.rar
2012-11-27 04:05 - 2012-11-27 04:05 - 00000000 ____D C:\Users\User\AppData\Local\{81D8DA69-7C00-4D4D-8AE5-CF95462073D5}
2012-11-26 16:05 - 2012-11-26 16:05 - 00000000 ____D C:\Users\User\AppData\Local\{64CB6817-3276-47CA-BCFE-9F64C1D6D291}
2012-11-26 04:05 - 2012-11-26 04:05 - 00000000 ____D C:\Users\User\AppData\Local\{B9569716-775B-470E-A582-1EA3EB43D281}
2012-11-25 16:05 - 2012-11-25 16:04 - 00000000 ____D C:\Users\User\AppData\Local\{5D5E1F5A-3381-4120-A43E-A11EB53D7191}
2012-11-25 04:04 - 2012-11-25 04:04 - 00000000 ____D C:\Users\User\AppData\Local\{5ECCD581-AA90-4766-B91E-0067BAECCD67}
2012-11-24 17:31 - 2011-08-13 00:07 - 00002507 ____A C:\Users\Public\Desktop\Skype.lnk
2012-11-24 17:31 - 2011-08-13 00:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-11-24 15:59 - 2012-11-24 15:59 - 00000000 ____D C:\Users\User\AppData\Local\{EA1A7BCB-AE17-4D7F-84B1-F1CA0BEF22A2}
2012-11-24 02:06 - 2012-11-24 02:05 - 00000000 ____D C:\Users\User\AppData\Local\{B9B39D2E-B7D9-4527-88C0-DFF8F9331F70}
2012-11-23 14:05 - 2012-11-23 14:05 - 00000000 ____D C:\Users\User\AppData\Local\{51C10983-3B72-470B-BED6-03B738B7395B}
2012-11-23 02:05 - 2012-11-23 02:05 - 00000000 ____D C:\Users\User\AppData\Local\{844FA3E5-8503-49EC-9829-70BE6AD3C4AD}
2012-11-22 14:05 - 2012-11-22 14:05 - 00000000 ____D C:\Users\User\AppData\Local\{6580BE6C-6FE8-45F4-96AA-FF47A685122D}
2012-11-22 07:23 - 2011-06-06 09:48 - 00001437 ____A C:\Windows\System32\ServiceFilter.ini
2012-11-22 04:20 - 2011-06-06 09:38 - 00000000 ____D C:\Windows\SysWOW64\NV
2012-11-22 04:20 - 2011-06-06 09:38 - 00000000 ____D C:\Windows\System32\NV
2012-11-22 04:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-22 04:16 - 2011-06-06 09:31 - 00000000 ____D C:\Program Files (x86)\Intel
2012-11-22 04:06 - 2012-11-22 04:06 - 00015236 ____A C:\Users\User\Downloads\ExtremeErrLogTool.zip
2012-11-22 02:59 - 2011-11-03 01:55 - 00000000 ____D C:\Users\User\AppData\Roaming\BitComet
2012-11-22 02:05 - 2012-11-22 02:04 - 00000000 ____D C:\Users\User\AppData\Local\{619BCB43-ED1E-4A3A-80AE-FA8F96A77C65}


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-12 00:00:45
Restore point made on: 2012-12-15 00:00:39
Restore point made on: 2012-12-16 16:45:19
Restore point made on: 2012-12-20 19:05:14
Restore point made on: 2012-12-20 19:19:25
Restore point made on: 2012-12-21 00:00:29

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8103.02 MB
Available physical RAM: 7341.05 MB
Total Pagefile: 8101.17 MB
Available Pagefile: 7331.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:58.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:254.45 GB) (Free:191.73 GB) NTFS
3 Drive e: (RewriteHf_Disc2) (CDROM) (Total:4.19 GB) (Free:0 GB) UDF
4 Drive f: () (Fixed) (Total:298.09 GB) (Free:261.54 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 298 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 25 GB 1024 KB
Partition 2 Primary 186 GB 25 GB
Partition 0 Extended 254 GB 211 GB
Partition 3 Logical 254 GB 211 GB

==================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 186 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 254 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 298 GB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F NTFS Partition 298 GB Healthy

=========================================================

Last Boot: 2012-12-15 12:37

==================== End Of Log =============================

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:47 PM

Posted 22 December 2012 - 02:28 PM

1.
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKU\User\...\Run: [VFANzmtpAuth] "C:\Users\User\AppData\Roaming\Apple Computer\zmtpAuth.lnk" [x]

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


2.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Posted Image
  • Click the Search button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

Things to include in your next reply:;
Fixlog.txt
AdwCleaner[R1].txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Penwhale

Penwhale
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 22 December 2012 - 10:10 PM

fixlist.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-12-2012
Ran by SYSTEM at 2012-12-22 22:03:22 Run:1
Running from F:\

==============================================

HKEY_USERS\User\Software\Microsoft\Windows\CurrentVersion\Run\\VFANzmtpAuth Value deleted successfully.

==== End of Fixlog ====

AdwCleaner[R1].txt:

# AdwCleaner v2.101 - Logfile created 12/22/2012 at 22:08:07
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Partner

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\SweetIM
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\Software\SweetIM
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (zh-TW)

-\\ Google Chrome v23.0.1271.97

*************************

AdwCleaner[R1].txt - [3326 octets] - [22/12/2012 22:08:07]

########## EOF - C:\AdwCleaner[R1].txt - [3386 octets] ##########

Computer is running okay (not particularly laggy).

Attached Files



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:47 PM

Posted 22 December 2012 - 11:16 PM

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Penwhale

Penwhale
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 23 December 2012 - 02:24 AM

AdwCleaner[S1].txt:

# AdwCleaner v2.101 - Logfile created 12/23/2012 at 02:09:06
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Partner

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (zh-TW)

-\\ Google Chrome v23.0.1271.97

*************************

AdwCleaner[R1].txt - [3449 octets] - [22/12/2012 22:08:07]
AdwCleaner[S1].txt - [3460 octets] - [23/12/2012 02:09:06]

########## EOF - C:\AdwCleaner[S1].txt - [3520 octets] ##########

It seems a lot of programs are executing faster and pages loading faster. However, on a browser-game forum I just loaded, the fake link is still around.

Edited by Penwhale, 23 December 2012 - 02:27 AM.


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:47 PM

Posted 23 December 2012 - 02:45 AM

1.
Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

(Java™ 6 Update 27 (64-bit)
Java™ 7 Update 2 (64-bit)
Java™ SE Development Kit 7 Update 2 (64-bit)
JavaFX 2.0.2 (64-bit)
JavaFX 2.0.2 SDK (64-bit)


Additional instructions can be found here if needed.


2.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

3.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


Things to include in your next reply:;
MBAM log
Roguekiller log
HOw is your machine running now? Can you tell me what the name of that fake icon is or take a pic of it.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Penwhale

Penwhale
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 23 December 2012 - 03:18 AM

MBAM:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.23.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

Protection: Enabled

2012/12/23 上午 03:00:54
mbam-log-2012-12-23 (03-00-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234345
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

RK:

RogueKiller V8.4.0 [Dec 20 2012] tigzy 設計製作
電子郵件 : tigzyRK<at>gmail<dot>com
意見反應 : http://www.geekstogo.com/forum/files/file/413-roguekiller/
網站 : http://tigzy.geekstogo.com/roguekiller.php
部落格 : http://tigzyrk.blogspot.com/

作業系統 : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
開始在 : 標準模式
使用者 : User [系統管理員權限]
模式 : 掃瞄 -- 日期 : 12/23/2012 03:10:11

¤¤¤ 損壞的處理程序 : 0 ¤¤¤

¤¤¤ 系統登錄項目 : 9 ¤¤¤
[RUN][SUSP PATH] HKUS\S-1-5-21-2912329888-3351577735-2583910336-1000[...]\Run : ISUSPM (C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler) -> 找到
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Nuance PDF Reader-reminder ("C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini") -> 找到
[TASK][SUSP PATH] ASUS Patch 10430002 : C:\Windows\AsPatch10430002.exe -e -> 找到
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> 找到
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> 找到
[HJ] HKLM\[...]\System : EnableLUA (0) -> 找到
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> 找到
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> 找到
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> 找到

¤¤¤ 特定檔案/資料夾: ¤¤¤

¤¤¤ 驅動程式 : [未載入] ¤¤¤

¤¤¤ HOSTS 檔: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR 檢查: ¤¤¤

+++++ PhysicalDrive0: ST9500423AS +++++
--- User ---
[MBR] 4c27515765fd5ea1fcbad4eb595830c7
[BSP] 177507aede73c8eab31fee7866ebab1f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 190776 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 443140096 | Size: 260562 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Generic External USB Device +++++
--- User ---
[MBR] 22d1e1597f6faed5a1599c115c9840d7
[BSP] 229bf3cccf8296d95196a729f176e4df : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

完成 : << RKreport[1]_S_12232012_02d0310.txt >>
RKreport[1]_S_12232012_02d0310.txt

Example of Fake Link
(Note: I had to disable Norton 360 temporarily as it was registering RK as unsafe.)
Machine is running smooth, fake links still exist, however.

Edited by Penwhale, 23 December 2012 - 03:21 AM.


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:47 PM

Posted 23 December 2012 - 12:10 PM

  • Re-Run RogueKiller
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Delete
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


Can you please tell me what the link does and where is it located? Can you take a picture of it? Which browsers is it in? What is the name of the link?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 Penwhale

Penwhale
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 23 December 2012 - 12:41 PM

RogueKiller V8.4.0 [Dec 20 2012] tigzy 設計製作
電子郵件 : tigzyRK<at>gmail<dot>com
意見反應 : http://www.geekstogo.com/forum/files/file/413-roguekiller/
網站 : http://tigzy.geekstogo.com/roguekiller.php
部落格 : http://tigzyrk.blogspot.com/

作業系統 : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
開始在 : 標準模式
使用者 : User [系統管理員權限]
模式 : Remove -- 日期 : 12/23/2012 12:23:18

損壞的處理程序 : 0

系統登錄項目 : 7
[RUN][SUSP PATH] HKUS\S-1-5-21-2912329888-3351577735-2583910336-1000[...]\Run : ISUSPM (C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler) -> 已刪除
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Nuance PDF Reader-reminder ("C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini") -> 已刪除
[TASK][SUSP PATH] ASUS Patch 10430002 : C:\Windows\AsPatch10430002.exe -e -> 已刪除
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> 已取代 (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> 已取代 (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> 已取代 (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> 已取代 (0)

特定檔案/資料夾:

驅動程式 : [未載入]

HOSTS 檔:
--> C:\Windows\system32\drivers\etc\hosts



MBR 檢查:

+++++ PhysicalDrive0: ST9500423AS +++++
--- User ---
[MBR] 4c27515765fd5ea1fcbad4eb595830c7
[BSP] 177507aede73c8eab31fee7866ebab1f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 190776 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 443140096 | Size: 260562 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Generic External USB Device +++++
--- User ---
[MBR] 22d1e1597f6faed5a1599c115c9840d7
[BSP] 229bf3cccf8296d95196a729f176e4df : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

完成 : << RKreport[4]_D_12232012_02d1223.txt >>
RKreport[1]_S_12232012_02d0310.txt ; RKreport[2]_S_12232012_02d1222.txt ; RKreport[3]_S_12232012_02d1223.txt ; RKreport[4]_D_12232012_02d1223.txt

(Apologize for the Chinese output - this laptop is running Chinese Win7) 已刪除 = Deleted, 已取代 = Replaced

Attaching 2 links to screencaps of the (still existing) CouponDropDown fake links:
Link 1, "Winning" as name
Link 2, "Healthy" as name
Note that the example page I used is http://www.animecubed.com/billy/forum/viewtopic.php?f=30&t=21651&p=366278, which is a forum post that I made. (And nothing in the original text has links.)
The screencap is from FireFox.

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:47 PM

Posted 24 December 2012 - 02:30 AM

  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Penwhale

Penwhale
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 24 December 2012 - 02:50 AM

OTL:
OTL logfile created on: 2012/12/24 、W、ネ 02:33:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000404 | Country: 台灣 | Language: CHT | Date Format: yyyy/M/d

7.91 Gb Total Physical Memory | 3.59 Gb Available Physical Memory | 45.36% Memory free
15.82 Gb Paging File | 10.99 Gb Available in Paging File | 69.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 60.25 Gb Free Space | 32.34% Space Free | Partition Type: NTFS
Drive D: | 254.45 Gb Total Space | 191.73 Gb Free Space | 75.35% Space Free | Partition Type: NTFS
Drive E: | 4.19 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 298.09 Gb Total Space | 261.54 Gb Free Space | 87.74% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/24 02:32:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/11 14:06:23 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
PRC - [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/12/02 01:10:15 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/11 08:33:58 | 000,842,680 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/10/11 08:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/10/11 08:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012/10/09 08:17:54 | 000,580,096 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/28 11:18:03 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/09/17 00:37:57 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe
PRC - [2012/05/30 12:18:07 | 004,331,392 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2012/04/17 14:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/06/06 12:48:53 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011/03/13 21:39:08 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/13 12:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/01/25 13:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011/01/13 18:09:38 | 000,191,304 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
PRC - [2011/01/12 18:22:26 | 000,091,464 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe
PRC - [2010/11/20 07:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/10/07 16:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/23 18:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010/08/17 16:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/07/10 00:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/02 17:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/07/31 12:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/06/19 12:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 12:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 19:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/13 23:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007/11/30 13:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/11 14:06:23 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012/12/04 20:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/04 20:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 20:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 20:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 20:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 20:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 20:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 20:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/12/02 01:10:14 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/11/17 03:53:18 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d525039c3027d58f26b5e8f32e7c092c\System.ServiceProcess.ni.dll
MOD - [2012/11/17 03:51:45 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\10938ef4f6026caa62988dfcffd03cef\System.Xaml.ni.dll
MOD - [2012/11/17 03:22:01 | 006,610,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\283b309e95ab7a51b0d27388cbde459e\System.Data.ni.dll
MOD - [2012/11/17 03:21:23 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/17 03:21:20 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/17 03:21:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/17 03:21:14 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/11/17 03:17:38 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8c8c72484fb7488ce257a2db60d3a0bd\PresentationFramework.ni.dll
MOD - [2012/11/17 03:17:28 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e070443c75a97620e71568e64fc996b7\PresentationCore.ni.dll
MOD - [2012/11/17 03:17:20 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\f0ab9b6e6c6473b2fae833fa62650e04\WindowsBase.ni.dll
MOD - [2012/11/17 03:11:56 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\59363433a0cb741f6214613c644c5398\System.Core.ni.dll
MOD - [2012/11/17 03:11:52 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\64e694ba4f1c37a601f88e0f09b7c623\System.Xml.ni.dll
MOD - [2012/11/17 03:11:48 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2d516f0f10d204f187b40b71612a2747\System.Configuration.ni.dll
MOD - [2012/11/17 03:11:47 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5a02fbf80526a7c567c07538aa6fc1a2\System.ni.dll
MOD - [2012/11/17 03:11:43 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\0c81a8eddaa0f18adf0b81b1ac63816f\mscorlib.ni.dll
MOD - [2012/05/30 12:11:47 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2012/04/17 14:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012/04/17 14:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012/04/17 14:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012/04/17 14:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012/04/17 14:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2012/04/17 14:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012/04/17 14:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012/04/17 14:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012/04/17 14:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/08 00:35:20 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2011/01/18 12:21:56 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
MOD - [2011/01/13 18:09:38 | 000,191,304 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
MOD - [2010/11/12 21:52:24 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_zh-CHT_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/23 18:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/11/02 17:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 17:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007/11/30 13:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Services (SafeList) ==========

SRV:64bit: - [2010/12/28 03:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV:64bit: - [2010/11/29 15:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/30 12:50:30 | 000,377,264 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/12/11 14:06:24 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/02 01:10:14 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/13 21:39:08 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/13 12:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/03/13 12:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/01/12 18:22:26 | 000,091,464 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)
SRV - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/19 23:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/09/19 23:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/05 04:35:16 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 17:46:01 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/01/17 17:45:55 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2012/01/17 17:35:24 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/10/07 10:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/08/23 05:12:58 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/13 12:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/03/13 12:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/03/13 12:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/03/13 12:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/03/13 12:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/03/13 12:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/03/13 12:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/08 00:35:22 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/03 22:42:20 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/27 12:23:38 | 000,385,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/01/27 12:23:36 | 000,125,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/29 15:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/05 10:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/24 04:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/08/11 01:11:26 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/04/28 11:59:32 | 000,027,264 | ---- | M] (ASUS Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\assd.sys -- (assd)
DRV:64bit: - [2009/07/30 19:50:24 | 000,118,872 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32)
DRV:64bit: - [2009/07/20 04:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/12/24 00:12:54 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20121223.016\ex64.sys -- (NAVEX15)
DRV - [2012/12/24 00:12:54 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20121223.016\eng64.sys -- (NAVENG)
DRV - [2012/10/23 18:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20121130.005\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/31 19:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20121221.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/19 04:26:49 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/19 04:26:49 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/26 15:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/12/18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com.tw/search?hl=zh-TW&q={searchTerms}&meta=
IE - HKCU\..\SearchScopes\{FB734C79-4745-4B1B-ACC7-F0E0B4913453}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3C53FFD9-D62C-49A8-8D46-F18DAA2B5640&apn_sauid=A37178E0-13B0-4490-9E90-2C58E9D0547A
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledAddons: flvmoviesdownloader%40rzll:1.43
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.89
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5
FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.1.1.5%20-%203
FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.5.0.11422
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2012.5.8.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPlgn\ [2012/07/08 23:51:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\coFFPlgn\ [2012/12/23 12:27:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/28 11:18:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/02 01:10:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/23 02:09:07 | 000,000,000 | ---D | M]

[2011/08/12 17:19:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012/11/20 18:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\27dmvlve.default\extensions
[2012/09/22 11:30:52 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\27dmvlve.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/08/16 00:23:04 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\27dmvlve.default\extensions\DeviceDetection@logitech.com
[2012/08/26 18:09:30 | 000,014,838 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\27dmvlve.default\extensions\flvmoviesdownloader@rzll.xpi
[2012/11/19 05:29:19 | 000,213,316 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\27dmvlve.default\extensions\torntv@torntv.com.xpi
[2012/11/20 18:55:21 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\27dmvlve.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/01/01 07:56:52 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\27dmvlve.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2012/01/03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\27dmvlve.default\searchplugins\askcom.xml
[2012/12/02 01:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/19 10:49:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/12/02 01:10:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/12/02 01:10:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/12/23 12:27:12 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\COFFPLGN
[2012/07/08 23:51:26 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\IPSFFPLGN
[2012/12/02 01:10:15 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/28 11:18:08 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/06/01 13:15:24 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\findbook-zh-TW.xml
[2012/06/01 13:15:25 | 000,001,222 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-zh-TW.xml
[2012/06/01 13:15:24 | 000,001,350 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-answer-zh-TW.xml
[2012/06/01 13:15:24 | 000,000,870 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-bid-zh-TW.xml
[2012/06/01 13:15:24 | 000,001,147 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-zh-TW.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google \u641C\u5C0B = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
CHR - Extension: Norton Identity Protection = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C164302-9516-443E-85FD-0B4090D2B757}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C49E3FC5-409C-4782-9AA9-32B8111F2E32}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/04 09:11:26 | 000,135,168 | R--- | M] (VisualArt's) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/07/28 03:29:47 | 000,000,055 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{128439c4-5ad3-11e1-b882-f46d04599f23}\Shell - "" = AutoRun
O33 - MountPoints2\{128439c4-5ad3-11e1-b882-f46d04599f23}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{c0e13d6c-60d6-11e1-93c7-742f68036d0a}\Shell - "" = AutoRun
O33 - MountPoints2\{c0e13d6c-60d6-11e1-93c7-742f68036d0a}\Shell\AutoRun\command - "" = H:\setup.exe -a
O33 - MountPoints2\{c70369ac-5843-11e1-b6f3-742f68036d0a}\Shell - "" = AutoRun
O33 - MountPoints2\{c70369ac-5843-11e1-b6f3-742f68036d0a}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{f45a6647-e964-11e1-b7cd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f45a6647-e964-11e1-b7cd-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2012/07/04 09:11:26 | 000,135,168 | R--- | M] (VisualArt's)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FE600E50-2C69-46D5-ACAA-2B617006245C} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/12/24 02:32:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/12/23 18:18:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0FC33F3C-4FB0-429C-90BD-C96D865F30BA}
[2012/12/23 12:25:35 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/12/23 05:57:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\GoforFiles
[2012/12/23 05:57:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
[2012/12/23 03:40:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2E41B349-EB34-4F47-A0C3-E6ADC7670083}
[2012/12/23 03:07:55 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RK_Quarantine
[2012/12/23 03:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/23 03:00:06 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/23 03:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/22 13:59:42 | 000,000,000 | ---D | C] -- C:\FRST
[2012/12/21 23:11:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F4BD7491-A6B0-4B8C-8C77-C79BEF86CBA3}
[2012/12/21 11:11:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AB99E3C1-ED45-4C63-8AD3-38A6B3F60C6E}
[2012/12/20 23:11:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F975098E-4019-4BEC-8F9A-F59EB2106E13}
[2012/12/20 04:10:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012/12/20 04:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/20 03:32:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7E9C1871-399E-4549-9417-F795EEF69F58}
[2012/12/19 15:32:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5CD1CF58-4D5B-4507-AD20-AE7B9095415C}
[2012/12/19 03:32:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2CF0BF6A-94F6-4391-B554-2E7250093F40}
[2012/12/16 09:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/16 09:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/16 09:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/16 09:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/13 20:38:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{04DAF21E-48A5-4D51-992D-31491FF9F3AA}
[2012/12/13 13:37:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\extreme
[2012/12/12 08:37:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EDBF1A4F-C876-46D9-8AD3-32FC61CDFC1A}
[2012/12/07 08:34:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B793FDE7-5CCD-4DDE-BBA6-45C54AABE246}
[2012/12/06 11:07:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{019D8FFB-A4B2-44E3-A193-047AB3BB469F}
[2012/12/05 09:05:00 | 000,006,656 | ---- | C] (Azure[LCG/kDays]) -- C:\Windows\SysWow64\kDays.dll
[2012/12/03 19:12:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DFFC3313-023B-41D7-819A-79726281E59B}
[2012/12/03 07:07:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{374AD702-BA1A-4976-A533-413E4AF2FC05}
[2012/12/02 19:07:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E0FF2011-3D61-41A8-93C4-D64211060E10}
[2012/12/02 07:07:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F33D4264-D95D-49DF-9FF4-CB3FD7EFAD25}
[2012/12/02 01:10:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/01 19:07:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{41A3A47F-66F4-47E9-9E71-422DBF8320DF}
[2012/12/01 07:07:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{112162BF-1E17-43DF-A873-E4D0D0D26DC4}
[2012/11/30 19:06:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1413288A-E0DD-411F-AD38-FD91311DE21E}
[2012/11/30 07:06:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CD049AA5-2D2B-4718-A2F7-91528F6AA8C7}
[2012/11/29 22:12:42 | 000,298,392 | ---- | C] (Western Digital) -- C:\Windows\SysNative\WDMBL_3G1NC.dll
[2012/11/29 19:06:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9130E4D2-B6CF-4715-B91C-788583E85537}
[2012/11/29 07:06:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{01C21C75-60DF-42F7-A5BC-80290F398E05}
[2012/11/28 19:06:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5192006E-38ED-4392-A3FB-BF329B8A89C7}
[2012/11/28 07:06:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F809BB6E-B6AB-4118-89DC-B0783504B887}
[2012/11/27 19:05:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{33E5755E-2F8A-457C-8905-7BE1DEF2E534}
[2012/11/27 07:05:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{81D8DA69-7C00-4D4D-8AE5-CF95462073D5}
[2012/11/26 19:05:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{64CB6817-3276-47CA-BCFE-9F64C1D6D291}
[2012/11/26 07:05:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B9569716-775B-470E-A582-1EA3EB43D281}
[2012/11/25 19:04:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5D5E1F5A-3381-4120-A43E-A11EB53D7191}
[2012/11/25 07:04:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5ECCD581-AA90-4766-B91E-0067BAECCD67}
[2012/11/25 06:22:08 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\gmd3219b
[2012/11/24 20:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/24 20:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/24 18:59:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EA1A7BCB-AE17-4D7F-84B1-F1CA0BEF22A2}
[2012/11/24 05:05:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B9B39D2E-B7D9-4527-88C0-DFF8F9331F70}

========== Files - Modified Within 30 Days ==========

[2012/12/24 02:32:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012/12/24 02:06:00 | 000,000,526 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/24 01:43:00 | 000,000,556 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/24 01:43:00 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/23 22:27:00 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_User.job
[2012/12/23 21:26:01 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_User.job
[2012/12/23 12:32:34 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/23 12:32:34 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/23 12:31:37 | 001,238,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/23 12:31:37 | 000,629,742 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/23 12:31:37 | 000,390,430 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2012/12/23 12:31:37 | 000,111,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/23 12:31:37 | 000,104,412 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2012/12/23 12:25:27 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/12/23 12:25:24 | 000,001,463 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/12/23 12:25:21 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_User.job
[2012/12/23 12:24:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/23 12:24:29 | 2077,503,487 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/23 12:21:46 | 000,756,224 | ---- | M] () -- C:\roguekiller.exe
[2012/12/23 03:00:07 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/21 03:17:45 | 000,309,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/16 09:39:15 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/15 10:53:41 | 000,001,981 | ---- | M] () -- C:\Users\User\Documents\TSP-LP4.ltx
[2012/12/13 13:37:34 | 000,000,572 | ---- | M] () -- C:\Users\User\Desktop\桃色大戦ぱいろん.lnk
[2012/12/12 06:34:15 | 000,002,169 | ---- | M] () -- C:\Users\User\Documents\TSP-LP3.ltx
[2012/12/12 06:05:06 | 000,001,450 | ---- | M] () -- C:\Users\User\Documents\TSP-LP.ltx
[2012/12/12 05:11:43 | 000,001,278 | ---- | M] () -- C:\Users\User\Documents\TSP-LP2.ltx
[2012/12/11 22:47:13 | 000,001,140 | ---- | M] () -- C:\Users\User\Documents\TSP-LP
[2012/12/11 22:47:01 | 000,062,389 | ---- | M] () -- C:\Users\User\Documents\TSP.ltx
[2012/12/05 00:43:40 | 000,000,675 | ---- | M] () -- C:\Users\User\Desktop\Rewrite Harvest festa!.lnk
[2012/11/29 22:12:42 | 000,298,392 | ---- | M] (Western Digital) -- C:\Windows\SysNative\WDMBL_3G1NC.dll
[2012/11/29 01:14:29 | 000,000,743 | ---- | M] () -- C:\Windows\GMUD32.INI
[2012/11/24 20:31:01 | 000,002,507 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2012/12/23 12:21:46 | 000,756,224 | ---- | C] () -- C:\roguekiller.exe
[2012/12/23 03:00:07 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/21 22:25:00 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_User.job
[2012/12/21 22:25:00 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_User.job
[2012/12/21 22:25:00 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_User.job
[2012/12/16 09:39:15 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/15 10:41:20 | 000,001,981 | ---- | C] () -- C:\Users\User\Documents\TSP-LP4.ltx
[2012/12/13 13:37:34 | 000,000,572 | ---- | C] () -- C:\Users\User\Desktop\桃色大戦ぱいろん.lnk
[2012/12/12 05:55:33 | 000,002,169 | ---- | C] () -- C:\Users\User\Documents\TSP-LP3.ltx
[2012/12/12 04:50:50 | 000,001,278 | ---- | C] () -- C:\Users\User\Documents\TSP-LP2.ltx
[2012/12/12 02:09:10 | 000,001,450 | ---- | C] () -- C:\Users\User\Documents\TSP-LP.ltx
[2012/12/11 22:47:13 | 000,001,140 | ---- | C] () -- C:\Users\User\Documents\TSP-LP
[2012/12/11 22:47:01 | 000,062,389 | ---- | C] () -- C:\Users\User\Documents\TSP.ltx
[2012/12/05 00:43:40 | 000,000,675 | ---- | C] () -- C:\Users\User\Desktop\Rewrite Harvest festa!.lnk
[2012/11/25 06:22:11 | 000,000,743 | ---- | C] () -- C:\Windows\GMUD32.INI
[2012/10/10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/09/26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/09/26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/09/26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/09/26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/09/26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/01/10 11:02:23 | 000,127,096 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/10/21 09:27:54 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/14 02:58:05 | 000,000,584 | RHS- | C] () -- C:\Users\User\ntuser.pol
[2011/08/12 17:19:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/06 12:38:47 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/06/06 12:31:06 | 000,154,240 | ---- | C] () -- C:\Windows\AsPatch10430002.exe
[2011/04/08 07:14:15 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/04/08 07:10:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/03/26 00:16:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/08/14 03:47:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\acccore
[2011/08/13 23:43:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Asus WebStorage
[2012/12/23 09:29:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitComet
[2012/08/22 00:35:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DeepBurner
[2012/12/23 05:57:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GoforFiles
[2011/08/19 09:59:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Gyazo
[2012/01/18 16:47:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HTC
[2011/11/25 23:41:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/02/09 22:42:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iolo
[2011/08/25 09:41:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nuance
[2012/10/30 15:55:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin
[2012/10/12 21:42:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2011/11/23 23:41:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SystemRequirementsLab
[2011/12/24 08:14:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer
[2011/08/14 17:10:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Zeon

========== Purity Check ==========



========== Custom Scans ==========

< c:\windows\*. /SL >
[2009/07/14 00:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 00:08:49 | 000,032,646 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/03 08:57:53 | 000,000,552 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/02/03 08:57:59 | 000,000,556 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/04/13 22:33:14 | 000,000,526 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/12/21 22:25:00 | 000,000,362 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateXML_User.job
[2012/12/21 22:25:00 | 000,000,366 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateFiles_User.job
[2012/12/21 22:25:00 | 000,000,372 | ---- | C] () -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_User.job

< c:\windows\*. /RP >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011/08/14 03:47:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\acccore
[2011/11/25 23:31:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Adobe
[2012/01/23 14:45:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Apple Computer
[2011/08/13 23:43:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Asus WebStorage
[2012/12/23 09:29:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitComet
[2012/08/22 00:35:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DeepBurner
[2011/08/25 09:41:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FLEXnet
[2012/12/23 05:57:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GoforFiles
[2011/08/19 09:59:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Gyazo
[2012/01/18 16:47:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HTC
[2011/11/25 23:41:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/02/17 01:41:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Identities
[2011/11/30 21:39:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\InstallShield
[2012/02/09 22:42:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iolo
[2011/08/12 17:01:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Macromedia
[2012/12/20 04:10:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2009/07/14 02:44:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Media Center Programs
[2012/06/12 21:13:07 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\Microsoft
[2011/08/12 17:19:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla
[2011/08/25 09:41:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nuance
[2012/10/30 15:55:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin
[2012/05/28 14:45:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Real
[2012/10/12 21:42:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2012/12/24 02:27:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Skype
[2011/11/23 23:41:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SystemRequirementsLab
[2011/11/11 02:02:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\vlc
[2011/12/24 08:14:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Windows Live Writer
[2011/11/03 04:53:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinRAR
[2011/09/30 12:55:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Yahoo!
[2011/08/14 17:10:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Zeon

< %APPDATA%\*.exe /s >
[2011/08/14 06:42:28 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Users\User\AppData\Roaming\Identities\vercheck.exe
[2011/12/20 11:39:31 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\User\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011/11/02 21:05:37 | 000,017,542 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{002A6960-6C36-4A6B-B593-386A4D6BE48F}\_3963240c.exe
[2011/11/02 21:05:37 | 000,017,542 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{002A6960-6C36-4A6B-B593-386A4D6BE48F}\_5dc52ba1.exe
[2012/10/24 14:47:24 | 000,010,134 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{C19796D5-E477-40A1-8C78-DF2EB439D99B}\ARPPRODUCTICON.exe
[2012/10/24 14:47:24 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{C19796D5-E477-40A1-8C78-DF2EB439D99B}\NewShortcut1_C19796D5E47740A18C78DF2EB439D99B.exe
[2012/10/24 14:47:25 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{C19796D5-E477-40A1-8C78-DF2EB439D99B}\NewShortcut2_C19796D5E47740A18C78DF2EB439D99B.exe
[2012/09/22 04:23:49 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Users\User\AppData\Roaming\Real\Update\temp\~Upg0\rnupgagent.exe
[2012/12/21 19:24:02 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Users\User\AppData\Roaming\Real\Update\temp\~Upg1\rnupgagent.exe
[2012/12/21 19:24:02 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Users\User\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe
[2012/12/21 22:25:48 | 039,447,008 | ---- | M] (RealNetworks, Inc.) -- C:\Users\User\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\stub_data\RealPlayer.exe
[2012/12/21 22:25:02 | 000,765,248 | ---- | M] (RealNetworks, Inc.) -- C:\Users\User\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\stub_exe\RealPlayer.exe
[2009/07/13 20:14:49 | 000,141,824 | ---- | M] (Microsoft Corporation) -- C:\Users\User\AppData\Roaming\Windows Live Writer\vvinMgr.exe

< %SYSTEMDRIVE%\*.exe >
[2012/12/23 12:21:46 | 000,756,224 | ---- | M] () -- C:\roguekiller.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2011/08/14 06:42:28 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011/08/14 06:42:28 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2012/11/13 21:14:59 | 009,738,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[2011/08/14 06:42:28 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll
[2010/11/20 07:21:37 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

========== Files - Unicode (All) ==========
[2012/12/05 08:46:58 | 005,524,976 | ---- | C] ()(C:\Users\User\Desktop\[NoDVDi?\ea?e?a??e??] (a,€e?¬a?2a??a??) [120727] [Key] Rewrite Harvest festai?? -a?aa?ca??a?? .bin) -- C:\Users\User\Desktop\[NoDVD・認証›ž避] (€ˆ‚ƒƒ) [120727] [Key] Rewrite Harvest festa! -ƒƒ‚ƒˆ .bin
[2012/12/05 08:46:06 | 005,524,976 | ---- | M] ()(C:\Users\User\Desktop\[NoDVDi?\ea?e?a??e??] (a,€e?¬a?2a??a??) [120727] [Key] Rewrite Harvest festai?? -a?aa?ca??a?? .bin) -- C:\Users\User\Desktop\[NoDVD・認証›ž避] (€ˆ‚ƒƒ) [120727] [Key] Rewrite Harvest festa! -ƒƒ‚ƒˆ .bin
[2011/12/15 04:29:07 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w??`w?videace) -- C:\Windows\SysWow64\l蜣w砫琋`wvideace
[2011/12/15 04:29:07 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w??`w?videace) -- C:\Windows\SysWow64\l蜣w砫琋`wvideace
[2011/12/07 21:45:07 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w??`w苒videace) -- C:\Windows\SysWow64\l蜛w砫煂`w苒videace
[2011/12/07 21:45:07 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w??`w苒videace) -- C:\Windows\SysWow64\l蜛w砫煂`w苒videace
[2011/12/01 02:44:51 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w??`w?videace) -- C:\Windows\SysWow64\l蜺w砫瞝`wvideace
[2011/12/01 02:44:51 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w??`w?videace) -- C:\Windows\SysWow64\l蜺w砫瞝`wvideace
[2011/11/17 01:14:17 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w??`w?videace) -- C:\Windows\SysWow64\l蒠w砫盱`w柦videace
[2011/11/17 01:14:17 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w??`w?videace) -- C:\Windows\SysWow64\l蒠w砫盱`w柦videace
[2011/11/16 18:42:18 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w?hw`w?videace) -- C:\Windows\SysWow64\l緀w砫hw`w塿videace
[2011/11/16 18:42:18 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w?hw`w?videace) -- C:\Windows\SysWow64\l緀w砫hw`w塿videace
[2011/11/16 17:29:36 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w?德`w愧videace) -- C:\Windows\SysWow64\l蒱w砫德`w愧videace
[2011/11/16 17:29:36 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w?德`w愧videace) -- C:\Windows\SysWow64\l蒱w砫德`w愧videace
[2011/11/14 04:15:00 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w?Lw`w暝videace) -- C:\Windows\SysWow64\l窬w砫Lw`w暝videace
[2011/11/14 04:15:00 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w?Lw`w暝videace) -- C:\Windows\SysWow64\l窬w砫Lw`w暝videace
[2011/11/13 21:48:13 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w?莇`w璞videace) -- C:\Windows\SysWow64\l蜨w砫莇`w璞videace
[2011/11/13 21:48:13 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w?莇`w璞videace) -- C:\Windows\SysWow64\l蜨w砫莇`w璞videace
[2011/11/12 10:56:03 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l綣w?ew`w?videace) -- C:\Windows\SysWow64\l綣w砫ew`w尐videace
[2011/11/12 10:56:03 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l綣w?ew`w?videace) -- C:\Windows\SysWow64\l綣w砫ew`w尐videace
[2011/11/11 21:35:26 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w?莇`w跚videace) -- C:\Windows\SysWow64\l蜨w砫莇`w跚videace
[2011/11/11 21:35:26 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w?莇`w跚videace) -- C:\Windows\SysWow64\l蜨w砫莇`w跚videace
[2011/11/10 03:18:48 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w?Ew`w?videace) -- C:\Windows\SysWow64\l穊w砫Ew`w惝videace
[2011/11/10 03:18:48 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w?Ew`w?videace) -- C:\Windows\SysWow64\l穊w砫Ew`w惝videace
[2011/11/07 21:46:16 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l綯w?pw`w珮videace) -- C:\Windows\SysWow64\l綯w砫pw`w珮videace
[2011/11/07 21:46:16 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l綯w?pw`w珮videace) -- C:\Windows\SysWow64\l綯w砫pw`w珮videace
[2011/11/05 18:52:34 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?v??`w?videace) -- C:\Windows\SysWow64\l裧v砫饘`w坼videace
[2011/11/05 18:52:34 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?v??`w?videace) -- C:\Windows\SysWow64\l裧v砫饘`w坼videace
[2011/11/02 16:38:46 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l箍w?Tw`w?videace) -- C:\Windows\SysWow64\l箍w砫Tw`w坼videace
[2011/11/02 16:38:46 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l箍w?Tw`w?videace) -- C:\Windows\SysWow64\l箍w砫Tw`w坼videace
[2011/10/29 14:31:41 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l箍w?Twpw孀videace) -- C:\Windows\SysWow64\l箍w砫Twpw孀videace
[2011/10/29 14:31:41 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l箍w?Twpw孀videace) -- C:\Windows\SysWow64\l箍w砫Twpw孀videace
[2011/10/28 23:17:48 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w?owpw?videace) -- C:\Windows\SysWow64\l緌w砫owpw閱videace
[2011/10/28 23:17:48 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w?owpw?videace) -- C:\Windows\SysWow64\l緌w砫owpw閱videace
[2011/10/26 00:20:38 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w??pw?videace) -- C:\Windows\SysWow64\l蒯w砫pw岤videace
[2011/10/26 00:20:38 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w??pw?videace) -- C:\Windows\SysWow64\l蒯w砫pw岤videace
[2011/10/19 16:20:57 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w?hwpw?videace) -- C:\Windows\SysWow64\l緀w砫hwpw垥videace
[2011/10/19 16:20:57 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w?hwpw?videace) -- C:\Windows\SysWow64\l緀w砫hwpw垥videace
[2011/10/17 19:05:20 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w?Vwpw?videace) -- C:\Windows\SysWow64\l箛w砫Vwpwvideace
[2011/10/17 19:05:20 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w?Vwpw?videace) -- C:\Windows\SysWow64\l箛w砫Vwpwvideace
[2011/10/10 20:46:02 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?v??pw歿videace) -- C:\Windows\SysWow64\l蜦v砫襒pw歿videace
[2011/10/10 20:46:02 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?v??pw歿videace) -- C:\Windows\SysWow64\l蜦v砫襒pw歿videace
[2011/10/10 14:47:58 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w??pw跚videace) -- C:\Windows\SysWow64\l聜w砫ㄈpw跚videace
[2011/10/10 14:47:58 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w??pw跚videace) -- C:\Windows\SysWow64\l聜w砫ㄈpw跚videace
[2011/09/30 02:26:52 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w?_wpw槙videace) -- C:\Windows\SysWow64\l粿w砫_wpw槙videace
[2011/09/30 02:26:52 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w?_wpw槙videace) -- C:\Windows\SysWow64\l粿w砫_wpw槙videace
[2011/09/25 12:54:07 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w??pw?videace) -- C:\Windows\SysWow64\l蜣w砫琋pw娖videace
[2011/09/25 12:54:07 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w??pw?videace) -- C:\Windows\SysWow64\l蜣w砫琋pw娖videace
[2011/09/24 18:32:51 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w?Kwpw擺videace) -- C:\Windows\SysWow64\l窫w砫Kwpw擺videace
[2011/09/24 18:32:51 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w?Kwpw擺videace) -- C:\Windows\SysWow64\l窫w砫Kwpw擺videace
[2011/09/17 15:19:22 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w???吭videace) -- C:\Windows\SysWow64\l蜭w砫蓹吭videace
[2011/09/17 15:19:22 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w???吭videace) -- C:\Windows\SysWow64\l蜭w砫蓹吭videace
[2011/09/10 17:41:11 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w?─?璞videace) -- C:\Windows\SysWow64\l聝w砫─璞videace
[2011/09/10 17:41:11 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w?─?璞videace) -- C:\Windows\SysWow64\l聝w砫─璞videace
[2011/09/03 19:43:58 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l箘w?Yw??videace) -- C:\Windows\SysWow64\l箘w砫Yw鄃videace
[2011/09/03 19:43:58 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l箘w?Yw??videace) -- C:\Windows\SysWow64\l箘w砫Yw鄃videace
[2011/08/31 14:40:57 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w?Hw??videace) -- C:\Windows\SysWow64\l稨w砫Hw﹏videace
[2011/08/31 14:40:57 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w?Hw??videace) -- C:\Windows\SysWow64\l稨w砫Hw﹏videace
[2011/08/30 20:44:11 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w???吭videace) -- C:\Windows\SysWow64\l膇w砫囪吭videace
[2011/08/30 20:44:11 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w???吭videace) -- C:\Windows\SysWow64\l膇w砫囪吭videace
[2011/08/28 11:05:12 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w?Dw?歿videace) -- C:\Windows\SysWow64\l稫w砫Dw歿videace
[2011/08/28 11:05:12 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w?Dw?歿videace) -- C:\Windows\SysWow64\l稫w砫Dw歿videace
[2011/08/25 21:06:47 | 000,000,000 | ---D | M](C:\Users\User\Documents\我已接收的?案) -- C:\Users\User\Documents\我已接收的檔案
[2011/08/25 21:06:47 | 000,000,000 | ---D | C](C:\Users\User\Documents\我已接收的?案) -- C:\Users\User\Documents\我已接收的檔案
[2011/08/25 20:38:22 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w?ow?歿videace) -- C:\Windows\SysWow64\l緌w砫ow歿videace
[2011/08/25 20:38:22 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w?ow?歿videace) -- C:\Windows\SysWow64\l緌w砫ow歿videace
[2011/08/25 11:37:13 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w????videace) -- C:\Windows\SysWow64\l蝁w砫嫬莍videace
[2011/08/25 11:37:13 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w????videace) -- C:\Windows\SysWow64\l蝁w砫嫬莍videace
[2011/08/17 05:04:07 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w?德?穀videace) -- C:\Windows\SysWow64\l蒱w砫德穀videace
[2011/08/17 05:04:07 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w?德?穀videace) -- C:\Windows\SysWow64\l蒱w砫德穀videace
[2011/08/16 11:16:12 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l蜑v????videace) -- C:\Windows\SysWow64\l蜑v砫矏videace
[2011/08/16 11:16:12 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l蜑v????videace) -- C:\Windows\SysWow64\l蜑v砫矏videace
[2011/08/16 11:08:24 | 000,000,000 | ---D | M](C:\Windows\SysWow64\l?w?]w??videace) -- C:\Windows\SysWow64\l箂w砫]w坼videace
[2011/08/16 11:08:24 | 000,000,000 | ---D | C](C:\Windows\SysWow64\l?w?]w??videace) -- C:\Windows\SysWow64\l箂w砫]w坼videace
[2011/08/14 07:11:49 | 000,000,000 | ---D | M](C:\Windows\SysWow64\?3w?3w??videace) -- C:\Windows\SysWow64\3w蠉3w娖videace
[2011/08/14 07:11:49 | 000,000,000 | ---D | C](C:\Windows\SysWow64\?3w?3w??videace) -- C:\Windows\SysWow64\3w蠉3w娖videace
[2011/08/12 23:09:19 | 000,000,000 | ---D | M](C:\Windows\SysWow64\?膿?膿€t?videace) -- C:\Windows\SysWow64\膿蠉膿€t娖videace
[2011/08/12 23:09:19 | 000,000,000 | ---D | C](C:\Windows\SysWow64\?膿?膿€t?videace) -- C:\Windows\SysWow64\膿蠉膿€t娖videace
[2011/08/12 19:05:27 | 000,000,000 | ---D | M](C:\Windows\SysWow64\?]w?]w€t?videace) -- C:\Windows\SysWow64\]w蠉]w€tvideace
[2011/08/12 19:05:27 | 000,000,000 | ---D | C](C:\Windows\SysWow64\?]w?]w€t?videace) -- C:\Windows\SysWow64\]w蠉]w€tvideace
[2011/08/05 06:33:29 | 000,000,000 | ---D | M](C:\Windows\SysWow64\?lw2?w€t?videace) -- C:\Windows\SysWow64\枑lw2羦w€t蔌videace
[2011/08/05 06:33:29 | 000,000,000 | ---D | C](C:\Windows\SysWow64\?lw2?w€t?videace) -- C:\Windows\SysWow64\枑lw2羦w€t蔌videace
[2011/08/05 06:31:27 | 000,000,000 | ---D | M](C:\Windows\SysWow64\?nw2?w€t?videace) -- C:\Windows\SysWow64\枑nw2羧w€t塿videace
[2011/08/05 06:31:27 | 000,000,000 | ---D | C](C:\Windows\SysWow64\?nw2?w€t?videace) -- C:\Windows\SysWow64\枑nw2羧w€t塿videace
[2011/08/05 06:26:58 | 000,000,000 | ---D | M](C:\Windows\SysWow64\?}w2?w€t餐videace) -- C:\Windows\SysWow64\枑}w2腧w€t餐videace
[2011/08/05 06:26:58 | 000,000,000 | ---D | C](C:\Windows\SysWow64\?}w2?w€t餐videace) -- C:\Windows\SysWow64\枑}w2腧w€t餐videace

< End of report >


EXTRA:
OTL Extras logfile created on: 2012/12/24 、W、ネ 02:33:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000404 | Country: 台灣 | Language: CHT | Date Format: yyyy/M/d

7.91 Gb Total Physical Memory | 3.59 Gb Available Physical Memory | 45.36% Memory free
15.82 Gb Paging File | 10.99 Gb Available in Paging File | 69.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 60.25 Gb Free Space | 32.34% Space Free | Partition Type: NTFS
Drive D: | 254.45 Gb Total Space | 191.73 Gb Free Space | 75.35% Space Free | Partition Type: NTFS
Drive E: | 4.19 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 298.09 Gb Total Space | 261.54 Gb Free Space | 87.74% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B39B20-32AE-4C33-B4AC-918232FD07A4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1FDC9F3F-D562-4815-9566-9934B652CB40}" = lport=8182 | protocol=6 | dir=in | name=java™ platform se binary |
"{2986D522-BD60-411A-AE98-8210BE5D1751}" = lport=137 | protocol=17 | dir=in | app=system |
"{2CC108E1-7101-436A-AE33-FEB8C9C36AC5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35F57FB7-9C89-4E63-8BE3-49E96F9C62CA}" = lport=139 | protocol=6 | dir=in | app=system |
"{381C9B9F-772A-4887-B02A-F5A966BED808}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4A250C63-837C-434E-8613-20C56152CB82}" = rport=139 | protocol=6 | dir=out | app=system |
"{4B841C02-6376-4759-B0A2-0B7112758AC6}" = lport=19802 | protocol=6 | dir=in | name=bitcomet 19802 tcp |
"{51D80663-EFA1-4798-AE25-0B7FA3D96EEB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A657558-6A5D-4D1C-B185-156FCCA29D8E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5A7293EF-0FEE-4325-9DD7-5CB0896CCFAB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5D4EB0D0-4A16-488D-82AC-DBE0DE7BA720}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5E28864A-7C42-4959-8DEE-5C2F1A82B38B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B817A62-EA8E-47D7-974D-EC8D5EB69F3D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6E52444B-6FD3-4061-80AF-C39EA23E9DEB}" = rport=137 | protocol=17 | dir=out | app=system |
"{79186F06-1F74-4273-A8E8-95C6D2BE88BA}" = lport=138 | protocol=17 | dir=in | app=system |
"{81477D84-8724-4CD5-9FD9-D91978D8E0F3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{81F4863C-09F5-4BD9-80D3-93692B190101}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91EEA083-424A-4635-AB80-4A8A5AD452BE}" = lport=445 | protocol=6 | dir=in | app=system |
"{96728641-CB6E-4B68-A471-F96942C527D1}" = rport=138 | protocol=17 | dir=out | app=system |
"{967408E5-9500-4537-97A6-79D2686F53A8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB142803-41F5-4E88-8050-9C56E2B76F11}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D54505E8-4134-4251-BB8E-EA9C441932F3}" = rport=445 | protocol=6 | dir=out | app=system |
"{D820BC09-AA01-4656-81D8-FA169BBDCC59}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F55B0E11-C4F3-49D5-88AE-2A343441F617}" = lport=19802 | protocol=17 | dir=in | name=bitcomet 19802 udp |
"{F5F92506-4554-4AB7-9780-48BB97389725}" = lport=5353 | protocol=17 | dir=in | name=java™ platform se binary |
"{FDC0586C-F63A-4633-A65D-E0B86B6908E4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AE22311-A565-477E-9B07-56A9C22D4F4A}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{0CD45630-2949-41D4-91EA-D759A815CA14}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{19E4EFC1-8A6C-4AEE-97E2-E4B7DF1AB500}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{1DDDB135-CB96-4236-9BF3-7558A88C8A37}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{21BA05F4-86AC-4B2A-9D38-723CF9E300A3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{238E606E-95FD-4FF2-BD65-BFA0F7D8C150}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{260BEE00-E5A2-4528-938C-ED70C7378150}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2C2BC1F5-86AE-4785-91EA-0D94BDF5F928}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3DC39E89-CFAC-4976-8592-6ACB0D926D47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{42087A9B-5082-4C77-8FD2-361E02AA7C3F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4CBB3B94-B844-4A29-881E-8350EFE7FEAD}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{5C0B0122-BFD3-42EC-A5A8-E42C533AD6C2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6343D4ED-301F-4A8A-9BA1-46A7C747CA57}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{635B9FEA-35BA-4EB3-BFF4-0F4AD639AE93}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{644DF85B-A2F6-4FD0-AEF6-DF9FD66C0731}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{64E3E319-6A98-4F6C-A26C-BEDB0BD9DC16}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{656E98E6-D534-4D90-A7AE-9C1933D9EDE9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{706DC5DE-FD74-4374-B05F-41056C7D7735}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{763C4418-ABB8-4196-A744-EBE4685B16C8}" = protocol=6 | dir=out | app=system |
"{79AA71C4-1C08-46DD-8957-498C78804FFC}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{7C414DB8-8172-4DC4-AC4A-21C9AC513BA3}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{83EF2F1E-5E1D-45B6-BC7C-021BA1D13067}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{84DA6CCA-426D-448A-AE30-0329D972CB00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{86200F2A-A116-4006-B506-84D690E71472}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8FC05134-70C7-4EFC-BE01-2DAF6A484647}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{903EF892-260C-4C6D-98B7-D2152239B541}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{99272D9D-C4BC-4CAD-A32F-BAC012427386}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CA53D22-3D08-4DD6-9228-3581C6C68AEF}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{9CD54CEA-3785-454F-AFD5-BF7C6BC68D95}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A629F8B3-095E-441E-A3DA-B8065EDF050B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A897C515-6B3C-420D-8610-BAC325DF885E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ABE36AB5-7C72-4395-AF31-B436919E0FA9}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{B5D43432-12E9-4396-9BBC-3B450398AAFA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C1912587-14BB-4423-8B21-69BB21D65490}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C925C2ED-6DCF-47F5-B3C4-FA0371B0B096}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D1E4C210-998E-405B-8CE1-04B6F95495E0}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{D2E2D6FA-EBFC-473F-A765-02E7CBDCB1B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D98AB889-3483-4789-A7AA-77A0F61C43F0}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{DD23FA8F-F769-4613-89CB-1C81E337844C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DD38945F-1A15-4F4E-A55E-AFC60B735357}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9033056-31C7-4E74-9AE6-326E909C22DE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F000C54C-0F70-475C-B712-6FBAAA76098C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0784EA1-D672-4B80-990A-A7CE84EC6191}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{F148684E-C35D-4736-819C-41F2EF9C4942}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F154F17B-D74F-49FB-90BE-37852DA112A0}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{FB33CC14-169E-4969-BF02-CC9C5D45D74A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FD23310E-A99C-443E-A575-735BE5489DDF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{ABC9EAF7-A918-42AB-87C6-6A68E54067A2}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{C71317DC-8D07-4033-B640-916A06CD6A19}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety
"{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{749BE6FF-815E-4F36-901B-7AC301B50330}" = Windows Live Family Safety
"{75C8188C-883C-310E-BB83-E7EA3023FCB1}" = Microsoft .NET Framework 4 Client Profile CHT Language Pack
"{761C6783-D3BC-48AB-8E7C-61CE918A8436}" = ASUS Secure Delete
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® 渦輪加速技術監視器 2.0
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CHT Language Pack" = Microsoft .NET Framework 4 Client Profile 繁體中文語言套件
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.10 beta 2 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{002A6960-6C36-4A6B-B593-386A4D6BE48F}" = オンライン対戦麻雀 天鳳 Ver1.2
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 37
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.1
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5172E572-C175-4F80-A6D5-5CB45826AD61}" = SceneSwitch
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect 3
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrle ActiveX Windows Live Mesh pour connexions distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.0
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complment Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{C19796D5-E477-40A1-8C78-DF2EB439D99B}" = LINDO 6.1
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple 應用程式支援
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galera fotogrfica de Windows Live
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"Android SDK Tools" = Android SDK Tools
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AsusScr_U Series_ENG" = AsusScr_U Series_ENG
"BitComet_x64" = BitComet(比特彗星) 1.29 64-bit
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 zh-TW)" = Mozilla Firefox 17.0.1 (x86 zh-TW)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Origin" = Origin
"RealPlayer 15.0" = RealPlayer
"Rocket Division Software Grab & Burn_is1" = Grab & Burn, Version 4.0.1 ( Build 2005-09-21, Win32, CSS )
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live 程式集
"Yahoo!奇摩即時通" = Yahoo!奇摩即時通

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2012/10/30 、U、ネ 11:49:55 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2012/10/30 、U、ネ 11:49:55 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1377801

Error - 2012/10/30 、U、ネ 11:49:55 | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1377801

Error - 2012/11/12 、U、ネ 03:26:37 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = 失敗的應用程式名稱: plugin-container.exe,版本: 16.0.2.4680,時間戳記: 0x50882817 失敗的模組名稱:
unknown,版本: 0.0.0.0,時間戳記: 0x00000000 例外?況碼: 0xc0000005 錯誤位移: 0x03b4bdd0 失敗的處理程序識別碼:
0xbdb40 失敗的應用程式開始時間: 0x01cdc0b38fe134e0 失敗的應用程式路徑: C:\Program Files (x86)\Mozilla
Firefox\plugin-container.exe 失敗的模組路徑: unknown 報告識別碼: dfe39e7a-2cfe-11e2-900a-742f68036d0a

Error - 2012/11/16 、U、ネ 09:49:28 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = 失敗的應用程式名稱: msnmsgr.exe,版本: 15.4.3538.513,時間戳記: 0x4dcdb2b3 失敗的模組名稱:
unknown,版本: 0.0.0.0,時間戳記: 0x00000000 例外?況碼: 0xc0000005 錯誤位移: 0x11612a86 失敗的處理程序識別碼:
0x1bd0 失敗的應用程式開始時間: 0x01cdb96ff65ff009 失敗的應用程式路徑: C:\Program Files (x86)\Windows
Live\Messenger\msnmsgr.exe 失敗的模組路徑: unknown 報告識別碼: 05267f30-3059-11e2-900a-742f68036d0a

Error - 2012/11/17 、W、ネ 04:04:49 | Computer Name = User-PC | Source = Windows Search Service | ID = 3007
Description =

Error - 2012/11/17 、W、ネ 04:21:01 | Computer Name = User-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =

Error - 2012/11/17 、W、ネ 04:21:01 | Computer Name = User-PC | Source = .NET Runtime Optimization Service | ID = 1107
Description =

Error - 2012/11/20 、U、ネ 01:41:12 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = 失敗的應用程式名稱: msnmsgr.exe,版本: 15.4.3538.513,時間戳記: 0x4dcdb2b3 失敗的模組名稱:
unknown,版本: 0.0.0.0,時間戳記: 0x00000000 例外?況碼: 0xc000041d 錯誤位移: 0x740e4f0d 失敗的處理程序識別碼:
0x2ef6c 失敗的應用程式開始時間: 0x01cdc70648b5489f 失敗的應用程式路徑: C:\Program Files (x86)\Windows
Live\Messenger\msnmsgr.exe 失敗的模組路徑: unknown 報告識別碼: 78fcf7b8-3339-11e2-9eae-742f68036d0a

Error - 2012/11/21 、W、ネ 02:19:03 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = 失敗的應用程式名稱: iexplore.exe,版本: 9.0.8112.16455,時間戳記: 0x507284ba 失敗的模組名稱:
Flash32_11_4_402_287.ocx,版本: 11.4.402.287,時間戳記: 0x5066dd49 例外?況碼: 0xc0000005 錯誤位移:
0x004a76b9 失敗的處理程序識別碼: 0xe40c 失敗的應用程式開始時間: 0x01cdc63e22d7b2ff 失敗的應用程式路徑: C:\Program
Files (x86)\Internet Explorer\iexplore.exe 失敗的模組路徑: C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_4_402_287.ocx
報告識別碼:
58241364-33a3-11e2-9eae-742f68036d0a

[ Media Center Events ]
Error - 2011/12/23 、U、ネ 07:03:42 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 下午 06:03:42 - 連線到網際網路時發生錯誤。 下午 06:03:42 - 無法連絡伺服器。.

Error - 2011/12/23 、U、ネ 07:04:15 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 下午 06:04:12 - 連線到網際網路時發生錯誤。 下午 06:04:12 - 無法連絡伺服器。.

Error - 2011/12/25 、U、ネ 07:16:57 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 下午 06:16:57 - 無法抓取 Directory (錯誤: Invalid security token.)

Error - 2012/1/15 、U、ネ 07:26:40 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 下午 06:26:30 - 無法抓取 MCEClientUX (錯誤: 無法連接至遠端伺服器)

Error - 2012/2/6 、W、ネ 04:57:14 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 上午 03:57:13 - 連線到網際網路時發生錯誤。 上午 03:57:13 - 無法連絡伺服器。.

Error - 2012/2/6 、W、ネ 05:59:00 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 上午 04:59:00 - 連線到網際網路時發生錯誤。 上午 04:59:00 - 無法連絡伺服器。.

Error - 2012/2/6 、W、ネ 06:59:06 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 上午 05:59:05 - 連線到網際網路時發生錯誤。 上午 05:59:05 - 無法連絡伺服器。.

Error - 2012/2/6 、W、ネ 07:59:10 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 上午 06:59:10 - 連線到網際網路時發生錯誤。 上午 06:59:10 - 無法連絡伺服器。.

Error - 2012/2/15 、U、ネ 10:18:56 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 下午 09:18:56 - 連線到網際網路時發生錯誤。 下午 09:18:56 - 無法連絡伺服器。.

Error - 2012/2/15 、U、ネ 10:19:05 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = 下午 09:19:01 - 連線到網際網路時發生錯誤。 下午 09:19:01 - 無法連絡伺服器。.

[ OSession Events ]
Error - 2011/10/3 、U、ネ 04:40:31 | Computer Name = User-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2504
seconds with 2460 seconds of active time. This session ended with a crash.

Error - 2011/10/3 、U、ネ 04:40:42 | Computer Name = User-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2011/10/3 、U、ネ 04:41:01 | Computer Name = User-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2012/2/23 、U、ネ 02:58:17 | Computer Name = User-PC | Source = BTHUSB | ID = 327697
Description = 本機 Bluetooth 介面?在無法斷定的情況下將無法使用。已解除載入驅動程式。

Error - 2012/2/24 、W、ネ 01:08:01 | Computer Name = User-PC | Source = BTHUSB | ID = 327697
Description = 本機 Bluetooth 介面?在無法斷定的情況下將無法使用。已解除載入驅動程式。

Error - 2012/2/27 、U、ネ 09:52:41 | Computer Name = User-PC | Source = BTHUSB | ID = 327697
Description = 本機 Bluetooth 介面?在無法斷定的情況下將無法使用。已解除載入驅動程式。

Error - 2012/2/29 、W、ネ 12:28:05 | Computer Name = User-PC | Source = BTHUSB | ID = 327697
Description = 本機 Bluetooth 介面?在無法斷定的情況下將無法使用。已解除載入驅動程式。

Error - 2012/3/7 、W、ネ 04:02:34 | Computer Name = User-PC | Source = Service Control Manager | ID = 7009
Description = 等候 Windows Search 服務連線時發生逾時 (30000 毫秒)。

Error - 2012/3/7 、W、ネ 04:02:34 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = Windows Search 服務無法?動,因為下列錯誤: %%1053

Error - 2012/3/10 、W、ネ 12:34:42 | Computer Name = User-PC | Source = Service Control Manager | ID = 7031
Description = Apple Mobile Device 服務意外終止,服務曾完成這項動作 1 次。以下的修正操作將在 60000 毫秒?執行: 重新?動服務。

Error - 2012/3/13 、U、ネ 04:26:39 | Computer Name = User-PC | Source = DCOM | ID = 10010
Description =

Error - 2012/3/15 、U、ネ 01:07:48 | Computer Name = User-PC | Source = BTHUSB | ID = 327697
Description = 本機 Bluetooth 介面?在無法斷定的情況下將無法使用。已解除載入驅動程式。

Error - 2012/3/15 、U、ネ 01:23:46 | Computer Name = User-PC | Source = EventLog | ID = 6008
Description = ?2012/?3/?15 上 下午 01:16:44 的系統上次發生意外的關機。


< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users