Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Netcheck and Webcheck


  • This topic is locked This topic is locked
27 replies to this topic

#1 Mythilas

Mythilas

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:08:52 PM

Posted 12 April 2013 - 11:01 PM

I have had Netcheck.exe and Webcheck.exe on my computer for a while now. I've scanned my computer with both Microsoft Security Essentials and Malwarebytes Anti-Malware but both don't detect anything. I have tried many other ways to remove them but they keep reappearing in my processes. I do not know how to remove them.

 

I've posted in here for help and I've been told to post in this forum now.

 

DDS.txt

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.17.2
Run by Emma at 13:49:47 on 2013-04-13
Microsoft Windows 7 Ultimate   6.1.7601.1.936.86.1033.18.8191.5560 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Audio_Air\Audio_Air.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DWeather\dwthsvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Ku6_Booster\Ku6_Booster.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\SdDUpdService\SdDUpdService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\svchost.exe -k tbService
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\360\360Desktop\Bin\360AppCore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\ProgramData\AAShell\NetCheck.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
mWinlogon: Userinit = userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - <orphaned>
EB: {68FF3266-B53C-4E47-AAB1-A472E3020228} - <orphaned>
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin
dRun: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: 添加网址到360安全桌面 - C:\Program Files (x86)\360\360Desktop\Bin\addapp.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{082DCC5A-6D01-4008-A969-0D96171DA284} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{76F7B7DD-CA22-4B2A-8F00-F65978E2B917} : DHCPNameServer = 211.29.132.12 61.88.88.88
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R?2 DWeather 天气预报服务;DWeather 天气预报服务;C:\Program Files (x86)\DWeather\dwthsvc.exe [2012-11-6 321632]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 AudioAir;先进音频框架服务;C:\Program Files (x86)\Audio_Air\Audio_Air.exe [2012-8-16 58776]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R2 KU6媒体加速服务;KU6媒体加速服务;C:\Program Files (x86)\Ku6_Booster\Ku6_Booster.exe [2012-5-23 57808]
R2 KuaiZipDrive;KuaiZipDrive;C:\Windows\System32\drivers\KuaiZipDrive.sys [2012-10-15 92976]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-16 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-16 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
R2 SdDUpdService;盛大在线自动更新服务;C:\Program Files (x86)\SdDUpdService\SdDUpdService.exe [2013-3-1 356176]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-3-19 3289208]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2011-1-2 11576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 tbService;tbService;C:\Windows\System32\svchost.exe -k tbService [2009-7-14 27136]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-2-26 619904]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-11 57344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-16 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-1-2 1250816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SDBaseSvc;SDBaseSvc;C:\Windows\System32\svchost.exe -k SDBaseSvc [2009-7-14 27136]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-23 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-2-26 13728]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-30 19456]
S3 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2011-1-2 166704]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-30 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-2-26 81824]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-2-26 15776]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-2 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-12 07:16:50 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4999DA9-C9DB-465C-B78F-30A856F85045}\mpengine.dll
2013-04-11 08:08:00 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-11 08:08:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-11 06:42:13 9311288 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-10 08:18:02 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-10 08:17:06 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 07:59:14 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-10 07:59:07 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 07:59:07 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 07:59:07 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 07:59:06 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-10 07:59:06 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-10 07:59:06 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-07 06:35:41 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2013-04-04 06:54:04 -------- d-----w- C:\ProgramData\{8201D5FC-F086-4EE3-8441-4FAFB61B7583}
2013-04-02 05:21:09 -------- d-----w- C:\Windows\ERUNT
2013-03-30 03:08:20 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-03-30 03:08:20 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-03-30 03:08:20 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-03-30 03:08:20 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-03-30 03:08:20 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-03-30 03:08:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-03-30 03:08:19 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-03-30 03:08:11 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-03-30 03:08:11 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-03-30 02:56:39 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-30 02:56:33 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-30 00:04:24 208216 ----a-w- C:\Windows\System32\drivers\98808878.sys
2013-03-29 23:45:07 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-03-29 23:45:03 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7078E18A-0AE4-4FC8-9016-C9549E8893B7}\mpengine.dll
2013-03-29 11:40:51 -------- d-----w- C:\Windows\pss
2013-03-29 05:05:43 -------- d-----r- C:\Program Files (x86)\Skype
2013-03-28 23:26:01 -------- d-----w- C:\Program Files (x86)\PPStream
2013-03-28 23:25:59 -------- d-----w- C:\Users\Emma\AppData\Roaming\PPStream
2013-03-23 21:38:16 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9402C181-536E-4472-A2EE-354C4ECD4BF6}\gapaengine.dll
2013-03-23 05:18:29 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
.
==================== Find3M  ====================
.
2013-04-05 23:51:23 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-05 23:51:23 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-04 04:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-30 02:56:23 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-25 13:32:44 25256224 ----a-w- C:\Windows\System32\nvcompiler.dll
2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-01-29 08:15:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2013-01-29 08:15:06 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2013-01-29 08:15:06 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2013-01-29 08:15:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2013-01-29 08:15:06 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2013-01-29 08:15:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2013-01-29 08:15:04 50800 ----a-w- C:\Windows\System32\drivers\point64.sys
2013-01-29 08:15:04 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
2013-01-23 23:32:08 2177648 ----a-w- C:\Windows\System32\coin93.dll
2013-01-20 04:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 04:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-18 15:00:28 6390048 ----a-w- C:\Windows\System32\nvcpl.dll
2013-01-18 15:00:28 3460896 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-01-18 15:00:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-01-18 15:00:11 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-01-18 15:00:11 2558240 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-01-18 15:00:11 118560 ----a-w- C:\Windows\System32\nvmctray.dll
2013-01-17 21:15:24 550176 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
.
============= FINISH: 13:50:28.36 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,840 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:52 AM

Posted 14 April 2013 - 04:25 AM

Hello Mythilas and welcome back to Bleeping Computer.

 

My name is Satchfan and I would be glad to help you with your computer problem.

 

Please read the following guidelines which will help to make cleaning your machine easier:

 

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

 

IMPORTANT:

 

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested.

 

I am looking at your logs now and will reply with instructions shortly.

 

Satchfan


Edited by satchfan, 14 April 2013 - 04:26 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 satchfan

satchfan

  • Malware Response Team
  • 2,840 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:52 AM

Posted 14 April 2013 - 05:39 AM

Hello again.

I see you have run quite a few scans so hopefully we’ll find out soon where this problem lies.

Run aswMBR
 

  • download aswMBR.exe to your desktop.
  • double click aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet.

===================================================

Please download SystemLook from one of the links below and save it to your Desktop.

SystemLook (32-bit)
SystemLook (64-bit)

 

  • double-click SystemLook.exe to run it.
  • copy the content of the following codebox into the main textfield - please make sure you include the colon, (:), at the beginning.:

     

    :file
    *Netcheck*
    *Webcheck*
    
    :reg
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

     

  • click the Look button to start the scan.
  • when finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Please include the following in your next post :

aswMBR log
SystemLook.txt


Thanks

Satchfan

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#4 Mythilas

Mythilas
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:08:52 PM

Posted 14 April 2013 - 06:14 PM

Hi Satchfan :D Thanks for helping me!

 

aswMBR log

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-15 09:08:31
-----------------------------
09:08:31.183    OS Version: Windows x64 6.1.7601 Service Pack 1
09:08:31.183    Number of processors: 2 586 0x403
09:08:31.184    ComputerName: EMMA-PC  UserName: Emma
09:08:32.814    Initialize success
09:08:36.431    AVAST engine download error: 0
09:08:49.809    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:08:49.815    Disk 0 Vendor: ST3500418AS CC46 Size: 476940MB BusType: 3
09:08:49.884    Disk 0 MBR read successfully
09:08:49.891    Disk 0 MBR scan
09:08:49.896    Disk 0 Windows 7 default MBR code
09:08:49.906    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
09:08:49.918    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       234319 MB offset 206848
09:08:49.944    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       242519 MB offset 480092160
09:08:49.971    Disk 0 scanning C:\Windows\system32\drivers
09:08:57.821    Service scanning
09:09:12.077    Modules scanning
09:09:12.095    Disk 0 trace - called modules:
09:09:12.125    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
09:09:12.481    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078e6060]
09:09:12.490    3 CLASSPNP.SYS[fffff880018a943f] -> nt!IofCallDriver -> [0xfffffa8007524790]
09:09:12.494    5 ACPI.sys[fffff88000ee07a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80078e4060]
09:09:12.500    Scan finished successfully
09:09:23.382    Disk 0 MBR has been saved successfully to "C:\Users\Emma\Desktop\MBR.dat"
09:09:23.386    The log file has been saved successfully to "C:\Users\Emma\Desktop\aswMBR.txt"
 aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-15 09:10:03
-----------------------------
09:10:03.113    OS Version: Windows x64 6.1.7601 Service Pack 1
09:10:03.113    Number of processors: 2 586 0x403
09:10:03.113    ComputerName: EMMA-PC  UserName: Emma
09:10:07.140    Initialize success
09:10:09.140    AVAST engine download error: 0
09:10:15.738    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:10:15.743    Disk 0 Vendor: ST3500418AS CC46 Size: 476940MB BusType: 3
09:10:15.825    Disk 0 MBR read successfully
09:10:15.830    Disk 0 MBR scan
09:10:15.836    Disk 0 Windows 7 default MBR code
09:10:15.847    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
09:10:15.859    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       234319 MB offset 206848
09:10:15.885    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       242519 MB offset 480092160
09:10:15.901    Disk 0 scanning C:\Windows\system32\drivers
09:10:24.327    Service scanning
09:10:38.180    Modules scanning
09:10:38.198    Disk 0 trace - called modules:
09:10:38.224    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
09:10:38.238    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078e6060]
09:10:38.250    3 CLASSPNP.SYS[fffff880018a943f] -> nt!IofCallDriver -> [0xfffffa8007524790]
09:10:38.259    5 ACPI.sys[fffff88000ee07a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80078e4060]
09:10:38.264    Scan finished successfully
09:10:45.705    Disk 0 MBR has been saved successfully to "C:\Users\Emma\Desktop\MBR.dat"
09:10:45.709    The log file has been saved successfully to "C:\Users\Emma\Desktop\aswMBR.txt"
 
SystemLook.txt
 
SystemLook 30.07.11 by jpshortstuff
Log created at 09:13 on 15/04/2013 by Emma
Administrator - Elevation successful
 
========== file ==========
 
*Netcheck* - Unable to find/read file.
 
*Webcheck* - Unable to find/read file.
 
========== reg ==========
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=""C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey"
 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
(No values found)
 
 
-= EOF =-


#5 satchfan

satchfan

  • Malware Response Team
  • 2,840 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:52 AM

Posted 15 April 2013 - 04:03 AM

Can you tell me how long you’ve had this problem and if you can remember installing anything or making any changes to your computer at that time.


P2P - I see you have P2P software, (uTorrent), installed on your machine.

 

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

 

If your computer is infected, it almost certainly contributed to your current situation.

 

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

 

Please see this topic for more information: Perils of P2P File Sharing.

 

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

 

Should you decide to keep it, please don’t use it until we have finished up here.

 

===================================================

 

Download and run OTL

 

  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT

     
  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy [b](Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.


Can you also tell me what SdDUpdService is.
 

Satchfan


Edited by satchfan, 15 April 2013 - 04:18 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 Mythilas

Mythilas
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:08:52 PM

Posted 15 April 2013 - 08:26 PM

I'm not sure if I got this problem about four months ago, or I just started noticing it because MBAM started blocking it. I don't think I installed anything other than updates.

 

Also, this computer is shared occasionally and I think uTorrent has contributed to the problem. I'll uninstall it.

 

I'd searched online and found that SdDUpdService is annoying Chinese adware. I'm not entirely sure but I think it was installed as a part of a bundled Chinese Anti-Virus and Anti-Malware program. I've uninstalled the program. 

 

http://translate.google.com.au/translate?hl=en&sl=zh-CN&tl=en&u=http%3A%2F%2Fwww.360.cn%2F - That's the website for it.

 

OTL.txt

 

 

OTL logfile created on: 16/04/2013 11:05:25 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Emma\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
8.00 Gb Total Physical Memory | 5.36 Gb Available Physical Memory | 67.00% Memory free
16.00 Gb Paging File | 13.40 Gb Available in Paging File | 83.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228.83 Gb Total Space | 25.55 Gb Free Space | 11.16% Space Free | Partition Type: NTFS
Drive D: | 236.83 Gb Total Space | 236.48 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
 
Computer Name: EMMA-PC | User Name: Emma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/16 10:47:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Emma\Downloads\OTL.exe
PRC - [2013/04/09 18:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/30 05:53:56 | 001,631,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/03/30 05:53:56 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/03/19 21:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/03/01 09:05:30 | 000,356,176 | ---- | M] () -- C:\Program Files (x86)\SdDUpdService\SdDUpdService.exe
PRC - [2013/02/25 23:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/24 13:14:44 | 000,159,176 | ---- | M] (360.cn) -- C:\Program Files (x86)\360\360Desktop\Bin\360AppCore.exe
PRC - [2012/12/20 20:33:42 | 000,341,992 | ---- | M] () -- C:\ProgramData\AAShell\NetCheck.exe
PRC - [2012/11/06 15:07:52 | 000,321,632 | ---- | M] () -- C:\Program Files (x86)\DWeather\dwthsvc.exe
PRC - [2012/10/08 16:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2012/08/16 07:18:12 | 000,058,776 | ---- | M] () -- C:\Program Files (x86)\Audio_Air\Audio_Air.exe
PRC - [2012/05/23 01:13:14 | 000,057,808 | ---- | M] (TODO: <公司名>) -- C:\Program Files (x86)\Ku6_Booster\Ku6_Booster.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/09 07:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/04/09 18:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 18:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 18:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 18:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 18:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/03/30 05:53:56 | 001,114,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/03/27 10:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/03/26 08:23:34 | 000,651,776 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2012/12/20 20:33:42 | 000,341,992 | ---- | M] () -- C:\ProgramData\AAShell\NetCheck.exe
MOD - [2012/12/12 03:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/12 03:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/12 03:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/01/27 10:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 10:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/12/11 13:07:04 | 000,619,904 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/09 12:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/14 10:00:41 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/30 05:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/19 21:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/03/01 09:05:30 | 000,356,176 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SdDUpdService\SdDUpdService.exe -- (SdDUpdService)
SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/25 23:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/10 16:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/06 15:07:52 | 000,321,632 | ---- | M] () [Auto | Start_Pending] -- C:\Program Files (x86)\DWeather\dwthsvc.exe -- (DWeather 天气预报服务)
SRV - [2012/09/15 09:02:05 | 000,061,952 | ---- | M] () [Auto | Running] -- C:\Users\wangrui.alan\AppData\Roaming\taobaoK\tb.dll -- (tbService)
SRV - [2012/08/16 07:18:12 | 000,058,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Audio_Air\Audio_Air.exe -- (AudioAir)
SRV - [2012/05/23 01:13:14 | 000,057,808 | ---- | M] (TODO: <公司名>) [Auto | Running] -- C:\Program Files (x86)\Ku6_Booster\Ku6_Booster.exe -- (KU6媒体加速服务)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/09 07:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/29 18:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/01/20 14:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/03 15:36:34 | 000,081,824 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012/12/03 15:36:34 | 000,013,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012/11/15 08:41:06 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012/08/24 00:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/24 00:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/10 14:45:17 | 000,092,976 | ---- | M] (WinMount International Inc) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KuaiZipDrive.sys -- (KuaiZipDrive)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/08/01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/09/17 21:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 12:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/11/02 14:01:26 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2006/11/02 10:27:00 | 000,054,072 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2011/01/02 11:23:38 | 000,000,201 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWow64\NULL -- (Null)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2097730478-889219606-3178997141-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2097730478-889219606-3178997141-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2097730478-889219606-3178997141-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-2097730478-889219606-3178997141-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-2097730478-889219606-3178997141-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKU\S-1-5-21-2097730478-889219606-3178997141-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 74 A5 13 FE A9 CB 01  [binary data]
IE - HKU\S-1-5-21-2097730478-889219606-3178997141-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2097730478-889219606-3178997141-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2097730478-889219606-3178997141-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2097730478-889219606-3178997141-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2097730478-889219606-3178997141-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2097730478-889219606-3178997141-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-2097730478-889219606-3178997141-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2097730478-889219606-3178997141-1003\..\SearchScopes,DefaultScope = 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Emma\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
 
[2011/04/25 21:31:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emma\AppData\Roaming\Mozilla\Extensions
[2011/04/25 21:31:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emma\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012/05/14 19:29:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\extensions
[2012/05/14 19:29:36 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Emma\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Steam Theme = C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcphcjcjgkjmbphkfjleamgkinaeebnm\1.1_0\
CHR - Extension: video2mp3.net = C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgehlfiodkonepliockofnonigghjkge\0.0.4_0\
CHR - Extension: Gmail = C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - No CLSID value found.
O3 - HKU\S-1-5-21-2097730478-889219606-3178997141-1001\..\Toolbar\WebBrowser: (no name) - {B80F591E-FE9A-46CF-A13E-180377240586} - No CLSID value found.
O3 - HKU\S-1-5-21-2097730478-889219606-3178997141-1001\..\Toolbar\WebBrowser: (no name) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKU\S-1-5-18..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKU\S-1-5-19..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [PPS Accelerator] C:\Program Files (x86)\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2097730478-889219606-3178997141-1001..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-2097730478-889219606-3178997141-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2097730478-889219606-3178997141-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2097730478-889219606-3178997141-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-2097730478-889219606-3178997141-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-2097730478-889219606-3178997141-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: 添加网址到360安全桌面 - C:\Program Files (x86)\360\360Desktop\Bin\addapp.html File not found
O8 - Extra context menu item: 添加网址到360安全桌面 - C:\Program Files (x86)\360\360Desktop\Bin\addapp.html File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{082DCC5A-6D01-4008-A969-0D96171DA284}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76F7B7DD-CA22-4B2A-8F00-F65978E2B917}: DhcpNameServer = 211.29.132.12 61.88.88.88
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
CREATERESTOREPOINT 
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/11 18:07:59 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/11 18:07:59 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/11 18:07:58 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/04/11 18:07:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/04/11 18:07:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/04/11 18:07:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/04/11 18:07:57 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/04/11 18:07:56 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/11 18:07:56 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/04/11 18:07:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/04/11 18:07:56 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/04/11 18:07:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/04/11 18:07:54 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/11 18:07:53 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/11 18:07:53 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/10 21:20:24 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
[2013/04/10 17:59:07 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 17:59:07 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 17:59:07 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 17:59:06 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 17:59:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 17:59:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/04/07 16:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013/04/07 16:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013/04/04 16:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\{8201D5FC-F086-4EE3-8441-4FAFB61B7583}
[2013/04/03 15:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/03 15:19:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/04/02 15:21:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/03/30 16:07:58 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/03/30 16:07:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/03/30 16:07:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/03/30 16:07:57 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/03/30 16:07:57 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/03/30 16:07:55 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/03/30 16:07:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/03/30 16:07:55 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/03/30 16:07:54 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/03/30 16:07:54 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/03/30 16:07:54 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/03/30 16:07:54 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/03/30 16:07:54 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/03/30 16:07:54 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/03/30 16:07:54 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/03/30 16:07:54 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/03/30 16:07:54 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/03/30 16:07:54 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/03/30 16:07:54 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/03/30 16:07:54 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/03/30 16:07:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/03/30 16:07:54 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/03/30 16:07:53 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/03/30 16:07:53 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/03/30 13:08:20 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/03/30 13:08:11 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/03/30 13:08:11 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/03/30 12:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/03/30 12:56:39 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/03/30 12:56:39 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/03/30 12:56:33 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/30 10:04:24 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\98808878.sys
[2013/03/29 21:40:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/03/29 15:05:50 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\Skype
[2013/03/29 15:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/29 15:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/03/29 15:05:43 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/03/29 15:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/03/29 09:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PPStream
[2013/03/29 09:25:59 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\PPStream
[2013/03/24 21:07:48 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/24 21:07:48 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/03/24 21:07:48 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/03/24 21:07:47 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/24 21:07:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/03/24 21:07:47 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/03/24 21:07:47 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/03/24 21:07:47 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/24 21:07:47 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/03/24 21:07:47 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/03/24 21:07:47 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/03/24 21:07:47 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/03/24 21:07:47 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/24 21:07:47 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/24 21:07:47 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/03/24 21:07:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/03/24 21:07:47 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/03/24 21:07:46 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/24 21:07:46 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/03/24 21:07:46 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/03/24 21:07:46 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/03/24 21:07:46 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/03/24 21:07:46 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/03/24 21:07:46 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/03/24 21:07:46 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/03/24 21:07:46 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/03/24 21:07:46 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/03/24 21:07:46 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/24 21:07:46 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/24 21:07:46 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/03/24 21:07:46 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/03/24 21:07:46 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/03/24 21:07:46 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/03/24 21:07:46 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/03/24 21:07:46 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/03/24 21:07:45 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/24 21:07:45 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/24 21:07:45 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/24 21:07:45 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/03/24 21:07:45 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/03/24 21:07:45 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/03/24 21:07:45 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/03/24 21:07:45 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/03/24 21:07:45 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/03/24 21:07:45 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/24 21:07:45 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/03/24 21:07:45 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/03/24 21:07:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/03/24 21:07:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/03/24 21:07:45 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/03/24 21:07:45 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/03/24 21:07:45 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/03/24 21:07:44 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/03/23 15:18:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/16 10:50:28 | 000,018,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/16 10:50:28 | 000,018,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/16 10:47:27 | 001,273,052 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/16 10:47:27 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/16 10:47:27 | 000,374,924 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2013/04/16 10:47:27 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/16 10:47:27 | 000,118,958 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2013/04/16 10:41:48 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/16 10:41:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/16 10:41:07 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/15 22:34:25 | 000,046,364 | ---- | M] () -- C:\Users\Emma\.recently-used.xbel
[2013/04/15 22:24:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/14 21:42:24 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/14 10:00:41 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/14 10:00:41 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/11 16:28:43 | 000,418,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/07 16:36:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2013/04/04 15:39:20 | 000,002,279 | ---- | M] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/30 12:56:28 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/30 12:56:24 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/03/30 12:56:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/03/30 12:56:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/03/30 12:56:23 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/03/30 12:56:23 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/03/30 10:04:24 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\98808878.sys
[2013/03/29 10:54:32 | 000,515,766 | ---- | M] () -- C:\Users\Emma\Documents\cc_20130329_115416.reg
[2013/03/29 09:26:09 | 000,001,077 | ---- | M] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2013/03/24 21:07:48 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/24 21:07:48 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/03/24 21:07:48 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/03/24 21:07:47 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/24 21:07:47 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/03/24 21:07:47 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/03/24 21:07:47 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/03/24 21:07:47 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/24 21:07:47 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/03/24 21:07:47 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/03/24 21:07:47 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/03/24 21:07:47 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/03/24 21:07:47 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/24 21:07:47 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/24 21:07:47 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/03/24 21:07:47 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/03/24 21:07:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/03/24 21:07:47 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/03/24 21:07:46 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/24 21:07:46 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/03/24 21:07:46 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/03/24 21:07:46 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/03/24 21:07:46 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/03/24 21:07:46 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/03/24 21:07:46 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/03/24 21:07:46 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/03/24 21:07:46 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/03/24 21:07:46 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/03/24 21:07:46 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/24 21:07:46 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/24 21:07:46 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/03/24 21:07:46 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/03/24 21:07:46 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/03/24 21:07:46 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/03/24 21:07:46 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/24 21:07:46 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/24 21:07:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/03/24 21:07:45 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/24 21:07:45 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/24 21:07:45 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/24 21:07:45 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/03/24 21:07:45 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/03/24 21:07:45 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/03/24 21:07:45 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/03/24 21:07:45 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/03/24 21:07:45 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/03/24 21:07:45 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/24 21:07:45 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/03/24 21:07:45 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/03/24 21:07:45 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/03/24 21:07:45 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/03/24 21:07:45 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/03/24 21:07:45 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/03/24 21:07:45 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/03/24 21:07:44 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/03/19 16:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/03/19 15:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/03/19 15:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/03/19 15:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/03/19 14:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/03/19 13:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
 
========== Files Created - No Company Name ==========
 
[2013/04/15 22:34:25 | 000,046,364 | ---- | C] () -- C:\Users\Emma\.recently-used.xbel
[2013/04/13 13:39:48 | 000,515,766 | ---- | C] () -- C:\Users\Emma\Documents\cc_20130329_115416.reg
[2013/04/13 13:39:48 | 000,463,587 | ---- | C] () -- C:\Users\Emma\Documents\TimeTable.jpg
[2013/04/13 13:39:48 | 000,211,550 | ---- | C] () -- C:\Users\Emma\Documents\Nightmare Night (piano).TIF
[2013/04/07 16:36:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2013/04/03 15:41:46 | 000,002,279 | ---- | C] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/03 15:19:22 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/03 15:19:21 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/29 09:26:09 | 000,001,077 | ---- | C] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2013/03/29 09:26:09 | 000,001,065 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPS 影音.lnk
[2013/03/24 21:07:46 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/24 21:07:46 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/09/09 14:08:11 | 000,786,504 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602N.DAT
[2012/09/09 14:08:11 | 000,296,064 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602W.DAT
[2012/07/30 18:10:35 | 000,070,579 | ---- | C] () -- C:\Users\Emma\AppData\Roaming\icarus-dxdiag.xml
[2012/06/15 19:20:13 | 000,000,042 | ---- | C] () -- C:\Users\Emma\.gtk-bookmarks
[2012/04/20 23:56:36 | 000,163,283 | ---- | C] () -- C:\Users\Emma\OC-Pony.xcf
[2012/01/30 11:30:17 | 000,000,624 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/01/15 20:17:12 | 001,222,078 | ---- | C] () -- C:\Windows\SysWow64\MCI_Screensaver2_Uninstall.exe
[2012/01/15 20:17:07 | 001,233,408 | ---- | C] () -- C:\Windows\SysWow64\libvorbis.dll
[2012/01/15 20:17:07 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\libogg.dll
[2011/10/19 18:27:24 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/19 17:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 17:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/01/02 11:48:22 | 000,000,911 | ---- | C] () -- C:\Users\Emma\AppData\Roaming\coreavc.ini
 
========== ZeroAccess Check ==========
 
[2011/09/19 15:25:02 | 000,000,642 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2097730478-889219606-3178997141-1001\$R8RUUH5\Yogbox 1.8\mods\extra\TWEAK - Rei's Minimap\jar\reifnsk\minimap\n.png
[2011/01/21 20:21:42 | 000,001,095 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2097730478-889219606-3178997141-1001\$RR4HBZW\N.lnk
[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 15:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 14:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 16:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 15:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 15:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 16:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 16:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 16:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 16:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 16:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 15:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 23:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 16:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 15:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 11:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 16:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 16:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 16:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 11:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 11:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 11:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 11:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 11:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 23:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 23:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 11:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 17:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 16:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< %systemroot%\*. /rp /s >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3500418AS ATA Device
Partitions: 3
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 229.00GB
Starting Offset: 105906176
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 237.00GB
Starting Offset: 245807185920
Hidden sectors: 0
 
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:661DFA1C
 
< End of report >


#7 Mythilas

Mythilas
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:08:52 PM

Posted 15 April 2013 - 08:27 PM

OTL Extras.txt
 
OTL Extras logfile created on: 16/04/2013 11:05:25 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Emma\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
8.00 Gb Total Physical Memory | 5.36 Gb Available Physical Memory | 67.00% Memory free
16.00 Gb Paging File | 13.40 Gb Available in Paging File | 83.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228.83 Gb Total Space | 25.55 Gb Free Space | 11.16% Space Free | Partition Type: NTFS
Drive D: | 236.83 Gb Total Space | 236.48 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
 
Computer Name: EMMA-PC | User Name: Emma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = 360seURL] -- Reg Error: Key error. File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = 360seURL] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2097730478-889219606-3178997141-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E839C9-ADCA-4A60-94AF-7C99FF3F277D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{14DA54D9-FCB2-4929-9940-EDEF86FC8A3A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1D45E499-D7E0-4A86-ABCB-F722522B2E16}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{333CD54B-2E5C-4429-964A-3C38A3A30B97}" = lport=59095 | protocol=6 | dir=in | name=pando media booster | 
"{33F36950-DAC3-46FA-A350-077422FA77EC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4CA8B632-A144-4F6E-960C-F59D0696DF25}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{52844B5F-CDBC-4B47-A0D1-993B0D8E69C1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{54515935-AF7F-4A48-9956-84885E1E53CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5B48606E-5D9C-4FBF-993C-1EA14AC2E859}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5BF515EE-9D57-4CCB-999A-0357496087BF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6070D097-5BF2-4538-8511-DC42D0A99C02}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{725B502D-6D50-4C81-B845-D879A73E6B01}" = rport=139 | protocol=6 | dir=out | app=system | 
"{779580D4-BEBE-4A83-BEEA-735AC5BBC19F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{81CE2C2E-2CF3-4550-831D-5075C0CF0CE7}" = lport=7777 | protocol=6 | dir=in | name=terraria tcp host | 
"{825042D0-97F3-4B6E-84AB-96C1F22780EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{86C85F8E-0657-42BD-84BE-7AF6AEA3CF35}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9A38AF70-790E-496A-85A6-DFC15C70CBFD}" = lport=59095 | protocol=17 | dir=in | name=pando media booster | 
"{9FDFE566-9D2D-4F27-8AE4-593CC559C272}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B15A9845-A7E4-4EE6-80E2-8D99727DC920}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C09780AC-950D-4F7D-BC49-326197D4CCBE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C7CB461D-5173-4587-A268-3F5241798DAA}" = lport=7777 | protocol=17 | dir=in | name=terraria udp host | 
"{D00AD304-10DE-4A1B-9BE6-FC9BA6DDD489}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D586876C-1370-4D25-8C26-43A2E8600CEF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DABA2508-5772-438E-A1CD-AFD7643D37B6}" = lport=59095 | protocol=17 | dir=in | name=pando media booster | 
"{DD7A0889-300D-4EEE-BB76-CD16FEFD2581}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{E9B6E3DE-A8FF-4EE3-8662-81D83A08C1AE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EC573EBA-701E-4079-BD46-5C0851622168}" = lport=445 | protocol=6 | dir=in | app=system | 
"{ED3A76D9-91EE-454C-916E-4CAD1BFDBAEA}" = lport=59095 | protocol=6 | dir=in | name=pando media booster | 
"{F8E2898F-02FF-43E6-A39D-D6409DB3B1D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F9DA0C1D-2F99-4588-9E94-4497CE805199}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FA375AB3-06BA-4E83-AAB4-B97D5664E8B3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FCBD218D-F98D-40DA-994B-3436888EC3B6}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E0A550-BF09-4C55-97A1-8D05BC0B8AA4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max season 2 episode 3\sammax203.exe | 
"{02FCD90C-B654-4D4C-A941-81B95EBF999D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{0431A0A2-85EB-4FB0-9410-2C2A896BEAA7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe | 
"{058B7851-53A2-4695-BBD8-D328AC75BBB1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{06181970-014C-469E-9DDC-9FD40217E312}" = protocol=6 | dir=out | app=system | 
"{0723AE1E-3D25-49E5-BBB8-BA0A4EC638D5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max 302\sammax302.exe | 
"{0D046974-531B-43AE-AE80-084FD97D1E66}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{0E0537B6-F186-449F-9FBF-4BB68CBC0934}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{0EBCEBB2-3645-4510-BB36-0F142B6F1806}" = protocol=17 | dir=in | name=tf2 upd port | 
"{11442C53-3990-4D31-B110-9A4CD1D2D99A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{15CEA963-1E8F-442E-8E87-97623C25197C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe | 
"{16A3FC89-6997-4B65-A3E0-03B42BB527CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{19304908-2FBE-46A4-894A-E4222E03D8DD}" = protocol=6 | dir=in | app=c:\users\emma\desktop\folders\shortcuts\minecraft.exe | 
"{196ACF6C-63F3-442B-B46E-8083803D73D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{1A2D5CF1-3E59-46D4-89E1-7D4D454F271D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max episode 2\sammax102.exe | 
"{1B4C24C7-3F66-4B40-99B7-CEAD41D0011D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{1BF5439A-653B-4C2C-A1D3-4828B067CBE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max 301\sammax301.exe | 
"{1E4D0947-34AE-4CA9-B79F-F6EDE623E1F1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{213DE9D4-A4BB-47B6-835B-6D9634C338D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{21A27BE1-E9FC-4271-8669-B2E207939ADD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{22451A29-81D6-482B-87C3-2BBC1238CA48}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{2279D3FE-44CB-480F-AD94-BCCD75012510}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\srcds.exe | 
"{23B2E4DD-CC44-48CD-8F8F-6F77E4D8C344}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe | 
"{286EC898-23B3-4AEB-B4E6-1E86379FF797}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{2E315D2F-6698-471E-95DE-C5FB65FB276A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe | 
"{2EB61D54-5498-4608-BF66-53241E96BF22}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{30D2F08B-DFD9-421A-AEA8-1C58917A0F89}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{315FCD9F-FFCD-4B53-A10D-09ACEB07676A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3293E907-D016-4F89-81F9-256D3DA85331}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{32F8F4AF-E497-4317-8B01-71ECAB4E9C25}" = protocol=17 | dir=in | app=c:\users\emma\downloads\games\other stuff\warcraft iii\war3.exe | 
"{349AE5F1-D2A5-43B9-81F8-5A9D07662C96}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{388AE3B6-590E-49C9-9F22-031EAEB737C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{3A067D2A-4F50-48A2-9AE8-95F0CEAE069F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{3C422767-E45F-440B-873E-9A715FAD8BC8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{3D75751A-0C38-4B47-99A6-3DF8A22A2E22}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{3F1C482C-5E41-4C76-9265-FD06849CA7B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max season 2 episode 4\sammax204.exe | 
"{404F7542-82C6-4E44-8A30-1112C2F7CFAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe | 
"{40E6268D-A8D2-419B-B4DE-824914ABD21A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4256A746-69AA-479C-BB07-E47D8E1C5E21}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max 305\sammax305.exe | 
"{432712A6-7E1B-416B-82CE-931082987D88}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4433941B-04E4-4078-91AC-43BD2065356A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max episode 5\sammax105.exe | 
"{47672FD7-89E1-431C-B412-3E4E2B158C9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\srcds.exe | 
"{4824F74B-8B22-474D-B6B9-284410C8D989}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{4952BAFE-A0A9-497E-84C6-985CB76A04E9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\bin\sdklauncher.exe | 
"{49BD7D9F-8941-497A-ACD4-FCB822DF54E0}" = protocol=17 | dir=in | app=c:\program files (x86)\ppstream\ppsap.exe | 
"{4A8F4445-22F3-4841-A532-2E8D30C06222}" = protocol=6 | dir=in | app=c:\program files (x86)\ppstream\ppstream.exe | 
"{4E5400DD-DF8A-4694-8CEF-C8C89A21C4EC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{502AE0C3-E6C6-404C-9F3F-A5911E28071A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max season 2 episode 5\sammax205.exe | 
"{521A7CB2-4EF0-49D5-9E92-0A7E80BDC26E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5D23D13D-C879-4FC8-8EA5-4C67EB998165}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max season 2 episode 1\sammax201.exe | 
"{63B7BD0C-9641-4C2B-93EB-90D564BA6585}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe | 
"{67BCA9CC-D990-4620-A97A-EF872872E4A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe | 
"{68505D4C-6159-4415-93EA-940E3036C361}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{685F93F2-68B8-4540-A88F-15CB2481317B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe | 
"{6AD6BA1E-5304-4CC0-9A08-858F0E5C35D4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max season 2 episode 2\sammax202.exe | 
"{6C849E0A-1E8B-493B-8599-4BD2D54FFFDB}" = protocol=17 | dir=in | app=c:\program files (x86)\ppstream\ppstream.exe | 
"{70DC83EB-4AD4-4F35-B344-BE01331A87F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max episode 6\sammax106.exe | 
"{71A521FB-924D-411D-A66E-4DC0882F67D2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max episode 2\sammax102.exe | 
"{7378BAD0-020B-4BDF-9FC9-773396533714}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{747D0BD6-6D00-4C95-B043-0490EF45BEBD}" = protocol=17 | dir=in | app=c:\users\emma\desktop\folders\shortcuts\minecraft.exe | 
"{74A53F15-9EC6-420C-8278-25382046F52C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{74FFA917-09FB-4E36-A694-6F077205A6EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max episode 3\sammax103.exe | 
"{750E8C49-F568-46C8-BBBD-718BEAABE643}" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"{756636F6-B157-4A99-B1D1-5796C3B22281}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{764B7BFB-0648-4312-805A-744B3D1C9FF4}" = protocol=6 | dir=in | app=c:\users\emma\desktop\folders\shortcuts\minecraft.exe | 
"{7F490DC4-28FB-4520-BB3D-6D2180BFAA50}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xmp.exe | 
"{7FBBB88E-D778-4DE0-BF0A-3FE9B0218125}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{8144F231-4D2C-455E-A67F-43CA31A24254}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\srcds.exe | 
"{83CFA6F5-0CFA-4F45-A8B4-BCAAB19486D2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{83D199AD-E39E-46B5-8701-F010CC9D5F82}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max season 2 episode 4\sammax204.exe | 
"{850A6E0E-8A27-4AFF-B66C-49C9C6BDB5EC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{85D93D54-3BDA-4F0D-8524-B79C83B900A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\bin\sdklauncher.exe | 
"{87B38D6F-9877-4A5D-A22D-39A8182CEADD}" = protocol=6 | dir=in | app=c:\program files (x86)\ppstream\ppsap.exe | 
"{8931DA27-8AE5-483C-87CB-709C183E3FBF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max episode 1\sammax101.exe | 
"{89FB42C3-6AA0-4122-931E-47DD81E281D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max episode 6\sammax106.exe | 
"{8A94F577-6C7C-4086-BC85-5F3B131D3577}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\srcds.exe | 
"{90712492-7E53-4F3D-B838-C986DAB68341}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | 
"{92D0A0AB-FAFD-4D41-950F-E60751715B26}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{971BF242-C757-4004-95D0-EFF50979FC21}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max 303\sammax303.exe | 
"{9885E2B9-F0D0-4D6F-A75E-952CDCAA9FF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max season 2 episode 3\sammax203.exe | 
"{99AC8B74-FB76-48D0-A118-756227C4AEED}" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"{9C208C26-4AAE-4889-943E-AC50A312678C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max season 2 episode 1\sammax201.exe | 
"{9C380C82-2174-4F86-A496-3D81742ED969}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9FEF2ADB-107E-490F-AB1C-1B049B5C0EC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{A58F533E-7A2D-4CF5-A986-2B375ADA4CFF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max 304\sammax304.exe | 
"{A598699A-B9A3-4497-8276-986B45FAE15F}" = protocol=6 | dir=in | app=c:\program files (x86)\ppstream\ppstream.exe | 
"{A5E87F31-518B-472E-B5CF-91D818D93F75}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mythilas\garrysmod\hl2.exe | 
"{A80A4FA0-1E6D-4DD2-800F-93C2C78CC45A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\bin\sdklauncher.exe | 
"{A8834C78-E0AB-4FDC-9A7F-684B882A6934}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max episode 3\sammax103.exe | 
"{A89FD166-AB29-4DF2-B5E0-49A345D9F84D}" = protocol=17 | dir=in | app=c:\users\emma\desktop\folders\shortcuts\minecraft.exe | 
"{A949766A-2E23-45CA-99E7-B8BA7443D699}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B7970643-9625-41B8-8E91-DAA9B5843CD8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max season 2 episode 5\sammax205.exe | 
"{BA453609-A96C-4B8C-8970-8CB45F52A530}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max 303\sammax303.exe | 
"{BAA6D194-9DFF-46A9-BF3D-259EDDF56A4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max 305\sammax305.exe | 
"{BAEBA069-1294-431F-A5C4-CA21A90708FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{BB53FBF6-5E6D-48E7-97B8-20A9ED8866D3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe | 
"{BDC96407-A37C-4EEA-9D32-B1BF1B668AB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mythilas\garrysmod\hl2.exe | 
"{BFC2FE95-36F7-4DFF-8043-BE06DF474CB4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\poker night at the inventory\celebritypoker.exe | 
"{C0EFA1CB-CE04-4375-B20A-5FCCB4122D4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C138A396-5529-4343-8DD7-0B329E591E48}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C222C080-61F0-4F96-8D6D-8003FD304895}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max episode 5\sammax105.exe | 
"{C33D1768-441E-4C9A-A156-3630CD0BEDCA}" = protocol=6 | dir=in | name=tf2 tcp port | 
"{C6F6C169-C2A7-4E6A-9378-1CCF2449E392}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\bin\sdklauncher.exe | 
"{CC0FA05D-4B7A-4E20-942C-7B19022F7FBB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max episode 4\sammax104.exe | 
"{CDCC128C-D318-4B23-8825-90A17C1023CC}" = protocol=17 | dir=in | app=c:\program files (x86)\ppstream\ppstream.exe | 
"{CE651D45-A0FB-482B-A295-484331087925}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max episode 1\sammax101.exe | 
"{CFE98745-205C-4A39-B2C3-55AB56B05B6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe | 
"{D2C76951-995D-4C9A-A383-2A7CADD9E085}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{D3AA54D5-8967-4415-9F8A-3912D3FEEB32}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max 304\sammax304.exe | 
"{D753E349-B8F2-40AD-B83B-30E0CF80AD66}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe | 
"{D7F192F1-CC64-4805-806C-855AD5BF0427}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D891D0FB-DE8D-4D13-86CE-C831608B3299}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{DBF0EFD8-19E9-4D21-AFBF-619F1173B396}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{DD05275C-1355-41C2-B2AB-8A11BA6E8732}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scribblenauts\scribble.exe | 
"{DF78E444-19FB-4F69-9E96-C91FB0D1C7E9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\thunderservicelite.exe | 
"{DFBF760F-BEB2-45A7-9A66-277373866A89}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{E14FFF7C-2CC2-414B-83BA-70FCEE7D43ED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E3462CE8-26CC-4EFE-8D23-FC17FECAB906}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max episode 4\sammax104.exe | 
"{E3B0BCFF-EAE8-4F5F-9A56-AD517FA6E3AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E5A20834-5C86-4C8B-B13A-F3CCD4A3C6C8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E8934FF9-8CF2-4174-8977-65FF11B7C97B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\thunder network\kankan\xmp.exe | 
"{E916FCF2-AD78-4097-9396-6DD2E74321BE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{E9A1B98E-1CDA-41C0-8CB2-1FC3682DFC9D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{EC9F7D13-ED45-4429-875C-479630C1B8FF}" = protocol=58 | dir=in | app=system | 
"{ECE16542-8DE9-4DF2-A072-DCC1519F50A2}" = protocol=6 | dir=in | app=c:\users\emma\downloads\games\other stuff\warcraft iii\war3.exe | 
"{ED452FC7-2E6D-4612-9DE5-868BE37867AC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max season 2 episode 2\sammax202.exe | 
"{F0D9FEA8-A6CC-4B59-B982-C252D065E70B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{F1DE15B3-7D86-4532-BDA0-20DD68DE6DA1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe | 
"{F241FE39-0BB2-493C-82E9-55902F981345}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max 301\sammax301.exe | 
"{F27CDAB3-19D2-4709-A85B-D347698D1F74}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F46CBF35-6D5F-43BD-B3FE-E36612FA9755}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{F4E08B8E-A591-46C1-9763-ABCD2A0DE590}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F56D9A04-0B35-43EE-92D1-AB5CC4A13E25}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{F92EF767-5463-4385-80D9-381BBAC66750}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{FA097B5E-E257-4279-9C4C-88C2FC67F7FE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{FBD3B394-747E-4E6B-98D5-CC6D3E150421}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{FCAB3784-70D7-47DB-8C75-1A3D693923EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sam and max 302\sammax302.exe | 
"{FFBE3ABE-5210-4435-9B41-BAEB03B22C69}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe | 
"TCP Query User{0024C569-C368-4DEA-813B-2BBB811EAF21}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{01A6A050-6DB5-4F6B-A574-CFC71DD45D3D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{1D715D59-383E-4AEE-B852-BFE82D2ADE5A}C:\users\emma\appdata\local\盛大网络\盛大下载器\sddown.exe" = protocol=6 | dir=in | app=c:\users\emma\appdata\local\盛大网络\盛大下载器\sddown.exe | 
"TCP Query User{25E158BD-C670-403D-B3DB-FF1F04D10E2D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{3765EF86-9BBC-4534-8E3E-2493353AB902}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{581D4DA0-F550-4ADC-95CA-3F89E910C631}C:\program files (x86)\steam\steamapps\mythilas\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mythilas\team fortress 2\hl2.exe | 
"TCP Query User{621EEFDE-5EA4-4F30-9572-6B74D29A9E4F}C:\users\emma\appdata\local\盛大网络\盛大下载器\sddown.exe" = protocol=6 | dir=in | app=c:\users\emma\appdata\local\盛大网络\盛大下载器\sddown.exe | 
"TCP Query User{7DD52836-39ED-4D38-917F-596AD469DAF5}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{9501FFB1-E634-4A08-8CB5-064807C2C1BF}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"TCP Query User{9EDD6B03-575E-4C01-A536-3DFAF9DD199D}C:\program files\快压\update.exe" = protocol=6 | dir=in | app=c:\program files\快压\update.exe | 
"TCP Query User{CBB04436-7CE0-40C6-84A5-9970DCE29B04}C:\users\emma\downloads\games\other stuff\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\emma\downloads\games\other stuff\warcraft iii\war3.exe | 
"TCP Query User{DAC7E304-E7D9-486B-B618-6D2740758574}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{E1274902-7CCA-4213-9D59-7A53D5E48AC4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{1F794978-D1BF-4E28-88BB-03E190877C51}C:\users\emma\downloads\games\other stuff\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\emma\downloads\games\other stuff\warcraft iii\war3.exe | 
"UDP Query User{1FBD7CEC-D8BE-4C6E-9F16-485A7189D87E}C:\program files\快压\update.exe" = protocol=17 | dir=in | app=c:\program files\快压\update.exe | 
"UDP Query User{3E441079-BF3B-4924-9A76-B5943A4E776A}C:\program files (x86)\steam\steamapps\mythilas\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mythilas\team fortress 2\hl2.exe | 
"UDP Query User{3FC295A0-9FB2-421B-9531-897990E3623E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{4E19E2F6-951E-4D64-9A69-4463072C51AA}C:\users\emma\appdata\local\盛大网络\盛大下载器\sddown.exe" = protocol=17 | dir=in | app=c:\users\emma\appdata\local\盛大网络\盛大下载器\sddown.exe | 
"UDP Query User{5FBF4C10-14A9-4F19-B0CD-377789C3C0F3}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{64EADC48-9904-41DF-BF1E-A214F6A9FFEE}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{775B47F5-BFFE-44EA-8312-161F507D1DE7}C:\users\emma\appdata\local\盛大网络\盛大下载器\sddown.exe" = protocol=17 | dir=in | app=c:\users\emma\appdata\local\盛大网络\盛大下载器\sddown.exe | 
"UDP Query User{8DCD5D51-B5DC-4544-9D0C-222969D6DCD8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{AE0030DD-B8C1-440E-8C3B-9775DCD8C210}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{DB12F26C-2EE8-4A76-9C22-306823D7668D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{DC76138D-36D8-4308-9720-601A36814341}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{FC0A2B7E-C8E7-44A7-8173-3CB808CF6FEA}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq9602" = CanoScan 9000F Scanner Driver
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7EC03761-251F-F627-CA39-01CDA3462C1B}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"GooglePinyin2" = 谷歌拼音输入法 2.3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Pen Tablet Driver" = Wacom
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CE06390-46D0-11D6-8578-006008CA5356}" = SmarThru
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4518D543-6A80-4856-AFA7-10836B42113A}" = Samsung SCX-4x16 Series - TWAIN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90DFD61B-8224-00C6-3D69-A983B60A394E}" = Bamboo Dock
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C639B1D2-D1FB-454C-BB28-C5348B2EB95C}_is1" = Omnitool version 10
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}" = ArcSoft PhotoStudio 6
"{ED94BE03-E6CC-4268-B03A-92080E3035A6}_is1" = MCSkin3D version 1.3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F4C65A7E-B87E-78A4-DD8F-142D785D512F}" = Creeper World
"{FA2CAF30-062F-8B00-86B9-46840A81802F}" = Creeper World Map Editor
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIRPLAY" = AIRPLAY 3
"ASIO4ALL" = ASIO4ALL
"Audio_Air" = 先进音频框架服务 v0.0.0.0
"Bamboo Dock" = Bamboo Dock
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"CreeperMap.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1" = Creeper World Map Editor
"CreeperWorld.A43EBFBEAB43B4ADC42FB67A9246E19C6E8214AC.1" = Creeper World
"Deckadance" = Deckadance
"Derpy_Lava_Lamp_is1" = Derpy_Lava_Lamp
"DWeather" = DWeather v1.8.3.0
"EADM" = EA Download Manager
"Google Chrome" = Google Chrome
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"Ku6_Booster" = Ku6媒体加速程序 v1.0.0.4
"KuaiZip" = 快压
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PPStream" = PPS影音 V2.7.0.1507 正式版
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"SdDUpdService" = SdDUpdService v1.8.2.2
"Steam App 105600" = Terraria
"Steam App 1840" = Source Filmmaker
"Steam App 203850" = Microsoft Flight
"Steam App 205100" = Dishonored
"Steam App 218680" = Scribblenauts Unlimited
"Steam App 220" = Half-Life 2
"Steam App 31220" = Sam & Max 301: The Penal Zone
"Steam App 31230" = Sam & Max 302: The Tomb of Sammun-Mak
"Steam App 31240" = Sam & Max 303: They Stole Max's Brain!
"Steam App 31250" = Sam & Max 304: Beyond the Alley of the Dolls
"Steam App 31260" = Sam & Max 305: The City that Dares not Sleep
"Steam App 31280" = Poker Night at the Inventory
"Steam App 380" = Half-Life 2: Episode One
"Steam App 4000" = Garry's Mod
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 560" = Left 4 Dead 2 Dedicated Server
"Steam App 563" = Left 4 Dead 2 Authoring Tools
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8200" = Sam & Max 101: Culture Shock
"Steam App 8210" = Sam & Max 102: Situation: Comedy
"Steam App 8220" = Sam & Max 103: The Mole, the Mob and the Meatball
"Steam App 8230" = Sam & Max 104: Abe Lincoln Must Die!
"Steam App 8240" = Sam & Max 105: Reality 2.0
"Steam App 8250" = Sam & Max 106: Bright Side of the Moon
"Steam App 8260" = Sam & Max 201: Ice Station Santa
"Steam App 8270" = Sam & Max 202: Moai Better Blues
"Steam App 8280" = Sam & Max 203: Night of the Raving Dead
"Steam App 8290" = Sam & Max 204: Chariots of the Dogs
"Steam App 8300" = Sam & Max 205: What's New Beelzebub?
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.5
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"Weatherzone Tracker_is1" = Weatherzone Tracker v2.04
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"迅雷看看高清播放组件" = 迅雷看看高清播放组件
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2097730478-889219606-3178997141-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13/04/2013 9:28:12 PM | Computer Name = Emma-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2169
 
Error - 13/04/2013 9:28:13 PM | Computer Name = Emma-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 13/04/2013 9:28:13 PM | Computer Name = Emma-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3167
 
Error - 13/04/2013 9:28:13 PM | Computer Name = Emma-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3167
 
Error - 13/04/2013 9:28:14 PM | Computer Name = Emma-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 13/04/2013 9:28:14 PM | Computer Name = Emma-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4166
 
Error - 13/04/2013 9:28:14 PM | Computer Name = Emma-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4166
 
Error - 13/04/2013 9:28:15 PM | Computer Name = Emma-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 13/04/2013 9:28:15 PM | Computer Name = Emma-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5164
 
Error - 13/04/2013 9:28:15 PM | Computer Name = Emma-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5164
 
[ System Events ]
Error - 14/04/2013 6:21:13 PM | Computer Name = Emma-PC | Source = Service Control Manager | ID = 7023
Description = The SDBaseSvc service terminated with the following error:   %%126
 
Error - 14/04/2013 6:23:07 PM | Computer Name = Emma-PC | Source = Service Control Manager | ID = 7022
Description = The DWeather 天气预报服务 service hung on starting.
 
Error - 15/04/2013 12:52:48 AM | Computer Name = Emma-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Group
 Policy Client service to connect.
 
Error - 15/04/2013 12:52:48 AM | Computer Name = Emma-PC | Source = Service Control Manager | ID = 7000
Description = The Group Policy Client service failed to start due to the following
 error:   %%1053
 
Error - 15/04/2013 12:53:00 AM | Computer Name = Emma-PC | Source = Service Control Manager | ID = 7023
Description = The SDBaseSvc service terminated with the following error:   %%126
 
Error - 15/04/2013 12:54:52 AM | Computer Name = Emma-PC | Source = Service Control Manager | ID = 7022
Description = The DWeather 天气预报服务 service hung on starting.
 
Error - 15/04/2013 8:41:17 PM | Computer Name = Emma-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Group
 Policy Client service to connect.
 
Error - 15/04/2013 8:41:17 PM | Computer Name = Emma-PC | Source = Service Control Manager | ID = 7000
Description = The Group Policy Client service failed to start due to the following
 error:   %%1053
 
Error - 15/04/2013 8:41:29 PM | Computer Name = Emma-PC | Source = Service Control Manager | ID = 7023
Description = The SDBaseSvc service terminated with the following error:   %%126
 
Error - 15/04/2013 8:43:22 PM | Computer Name = Emma-PC | Source = Service Control Manager | ID = 7022
Description = The DWeather 天气预报服务 service hung on starting.
 
 
< End of report >


#8 satchfan

satchfan

  • Malware Response Team
  • 2,840 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:52 AM

Posted 16 April 2013 - 04:20 AM


Uninstall programs

 

Dweather has been discontinued and is therefore no longer supported.

 

Thunder look Player uses P2P technology and is therefore unsafe.

 

Uninstall these programs:

 

DWeather v1.8.3.0
SdDUpdService v1.8.2.2
uTorrent
Thunder look Player

and/or

迅雷看看高清播放组件

  • click Start, Control Panel, Programs and Features
  • click on DWeather v1.8.3.0 and then Uninstall
  • repeat this for the other programs listed above.

Can you also tell me what this is used for:

 

Ku6_Booster

 

And if this is related:

 

Ku6ýÌå¼ÓËÙ³ÌÐò v1.0.0.4

 

Also what is this:

 

ѸÀ׿´¿´¸ßÇå²¥•Å×é¼þ


Please post a new OTL log when you’ve finished uninstalling the above programs.

 

Satchfan


Edited by satchfan, 16 April 2013 - 04:32 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 Mythilas

Mythilas
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:08:52 PM

Posted 16 April 2013 - 06:58 PM

I've uninstalled all of them except Thunder Look Player as it's not in the programs list and not in my programs folder.

 

Ku6 Booster is some sort of plugin and this: Ku6ýÌå¼ÓËÙ³ÌÐò v1.0.0.4  Is probably part of the Ku6 Booster but the Chinese characters didn't show up properly.

 

As for this: Ñ¸À׿´¿´¸ßÇå²¥•Å×é¼þ 

I have no idea what it could be but I think it's the same issue with what's above

 

OTL.txt

 

 

OTL logfile created on: 17/04/2013 9:45:33 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Emma\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
8.00 Gb Total Physical Memory | 5.73 Gb Available Physical Memory | 71.66% Memory free
16.00 Gb Paging File | 13.49 Gb Available in Paging File | 84.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 228.83 Gb Total Space | 27.22 Gb Free Space | 11.89% Space Free | Partition Type: NTFS
Drive D: | 236.83 Gb Total Space | 236.48 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
 
Computer Name: EMMA-PC | User Name: Emma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/16 10:47:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Emma\Downloads\OTL.exe
PRC - [2013/04/09 18:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/30 05:53:56 | 001,631,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/03/30 05:53:56 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/03/19 21:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/03/01 09:05:30 | 000,356,176 | ---- | M] () -- C:\Program Files (x86)\SdDUpdService\SdDUpdService.exe
PRC - [2013/02/25 23:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/24 13:14:44 | 000,159,176 | ---- | M] (360.cn) -- C:\Program Files (x86)\360\360Desktop\Bin\360AppCore.exe
PRC - [2012/11/06 15:07:52 | 000,321,632 | ---- | M] () -- C:\Program Files (x86)\DWeather\dwthsvc.exe
PRC - [2012/10/08 16:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2012/08/16 07:18:12 | 000,058,776 | ---- | M] () -- C:\Program Files (x86)\Audio_Air\Audio_Air.exe
PRC - [2012/05/23 01:13:14 | 000,057,808 | ---- | M] (TODO: <公司名>) -- C:\Program Files (x86)\Ku6_Booster\Ku6_Booster.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/09 07:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/04/09 18:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 18:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 18:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 18:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 18:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/03/30 05:53:56 | 001,114,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/03/27 10:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/03/26 08:23:34 | 000,651,776 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2012/12/12 03:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/12 03:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/12 03:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/01/27 10:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 10:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/12/11 13:07:04 | 000,619,904 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/09 12:04:10 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/14 10:00:41 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/30 05:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/19 21:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/03/01 09:05:30 | 000,356,176 | ---- | M] () [Disabled | Running] -- C:\Program Files (x86)\SdDUpdService\SdDUpdService.exe -- (SdDUpdService)
SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/25 23:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/10 16:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/06 15:07:52 | 000,321,632 | ---- | M] () [Disabled | Start_Pending] -- C:\Program Files (x86)\DWeather\dwthsvc.exe -- (DWeather 天气预报服务)
SRV - [2012/09/15 09:02:05 | 000,061,952 | ---- | M] () [Auto | Running] -- C:\Users\wangrui.alan\AppData\Roaming\taobaoK\tb.dll -- (tbService)
SRV - [2012/08/16 07:18:12 | 000,058,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Audio_Air\Audio_Air.exe -- (AudioAir)
SRV - [2012/05/23 01:13:14 | 000,057,808 | ---- | M] (TODO: <公司名>) [Auto | Running] -- C:\Program Files (x86)\Ku6_Booster\Ku6_Booster.exe -- (KU6媒体加速服务)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/09 07:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/29 18:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/01/20 14:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/03 15:36:34 | 000,081,824 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012/12/03 15:36:34 | 000,013,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012/11/15 08:41:06 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012/08/24 00:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/24 00:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/10 14:45:17 | 000,092,976 | ---- | M] (WinMount International Inc) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KuaiZipDrive.sys -- (KuaiZipDrive)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/08/01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/09/17 21:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 12:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/11/02 14:01:26 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2006/11/02 10:27:00 | 000,054,072 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2011/01/02 11:23:38 | 000,000,201 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWow64\NULL -- (Null)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 74 A5 13 FE A9 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Emma\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
 
[2011/04/25 21:31:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emma\AppData\Roaming\Mozilla\Extensions
[2011/04/25 21:31:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emma\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012/05/14 19:29:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\extensions
[2012/05/14 19:29:36 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Emma\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Steam Theme = C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcphcjcjgkjmbphkfjleamgkinaeebnm\1.1_0\
CHR - Extension: Gmail = C:\Users\Emma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B80F591E-FE9A-46CF-A13E-180377240586} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: 添加网址到360安全桌面 - C:\Program Files (x86)\360\360Desktop\Bin\addapp.html File not found
O8 - Extra context menu item: 添加网址到360安全桌面 - C:\Program Files (x86)\360\360Desktop\Bin\addapp.html File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{082DCC5A-6D01-4008-A969-0D96171DA284}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76F7B7DD-CA22-4B2A-8F00-F65978E2B917}: DhcpNameServer = 211.29.132.12 61.88.88.88
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/11 18:07:59 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/11 18:07:59 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/11 18:07:58 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/04/11 18:07:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/04/11 18:07:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/04/11 18:07:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/04/11 18:07:57 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/04/11 18:07:56 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/11 18:07:56 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/04/11 18:07:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/04/11 18:07:56 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/04/11 18:07:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/04/11 18:07:54 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/11 18:07:53 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/11 18:07:53 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/10 21:20:24 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
[2013/04/10 17:59:07 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 17:59:07 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 17:59:07 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 17:59:06 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 17:59:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 17:59:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/04/07 16:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013/04/07 16:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013/04/04 16:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\{8201D5FC-F086-4EE3-8441-4FAFB61B7583}
[2013/04/03 15:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/03 15:19:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/04/02 15:21:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/03/30 16:07:58 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/03/30 16:07:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/03/30 16:07:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/03/30 16:07:57 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/03/30 16:07:57 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/03/30 16:07:55 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/03/30 16:07:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/03/30 16:07:55 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/03/30 16:07:54 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/03/30 16:07:54 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/03/30 16:07:54 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/03/30 16:07:54 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/03/30 16:07:54 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/03/30 16:07:54 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/03/30 16:07:54 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/03/30 16:07:54 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/03/30 16:07:54 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/03/30 16:07:54 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/03/30 16:07:54 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/03/30 16:07:54 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/03/30 16:07:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/03/30 16:07:54 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/03/30 16:07:53 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/03/30 16:07:53 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/03/30 13:08:20 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/03/30 13:08:11 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/03/30 13:08:11 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/03/30 12:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/03/30 12:56:39 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/03/30 12:56:39 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/03/30 12:56:33 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/30 10:04:24 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\98808878.sys
[2013/03/29 21:40:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/03/29 15:05:50 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\Skype
[2013/03/29 15:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/29 15:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/03/29 15:05:43 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/03/29 15:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/03/29 09:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PPStream
[2013/03/29 09:25:59 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\PPStream
[2013/03/24 21:07:48 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/24 21:07:48 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/03/24 21:07:48 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/03/24 21:07:47 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/24 21:07:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/03/24 21:07:47 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/03/24 21:07:47 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/03/24 21:07:47 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/24 21:07:47 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/03/24 21:07:47 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/03/24 21:07:47 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/03/24 21:07:47 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/03/24 21:07:47 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/24 21:07:47 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/24 21:07:47 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/03/24 21:07:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/03/24 21:07:47 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/03/24 21:07:46 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/24 21:07:46 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/03/24 21:07:46 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/03/24 21:07:46 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/03/24 21:07:46 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/03/24 21:07:46 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/03/24 21:07:46 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/03/24 21:07:46 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/03/24 21:07:46 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/03/24 21:07:46 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/03/24 21:07:46 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/24 21:07:46 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/24 21:07:46 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/03/24 21:07:46 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/03/24 21:07:46 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/03/24 21:07:46 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/03/24 21:07:46 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/03/24 21:07:46 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/03/24 21:07:45 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/24 21:07:45 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/24 21:07:45 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/24 21:07:45 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/03/24 21:07:45 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/03/24 21:07:45 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/03/24 21:07:45 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/03/24 21:07:45 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/03/24 21:07:45 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/03/24 21:07:45 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/24 21:07:45 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/03/24 21:07:45 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/03/24 21:07:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/03/24 21:07:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/03/24 21:07:45 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/03/24 21:07:45 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/03/24 21:07:45 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/03/24 21:07:44 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/03/23 15:18:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/17 09:26:31 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/17 09:24:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/17 09:16:38 | 000,018,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/17 09:16:38 | 000,018,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/17 09:12:25 | 001,273,052 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/17 09:12:25 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/17 09:12:25 | 000,374,924 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2013/04/17 09:12:25 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/17 09:12:25 | 000,118,958 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2013/04/17 09:07:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/17 09:07:20 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/16 22:36:41 | 000,046,365 | ---- | M] () -- C:\Users\Emma\.recently-used.xbel
[2013/04/14 21:42:24 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/14 10:00:41 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/14 10:00:41 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/11 16:28:43 | 000,418,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/07 16:36:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2013/04/04 15:39:20 | 000,002,279 | ---- | M] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/30 12:56:28 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/30 12:56:24 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/03/30 12:56:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/03/30 12:56:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/03/30 12:56:23 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/03/30 12:56:23 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/03/30 10:04:24 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\98808878.sys
[2013/03/29 10:54:32 | 000,515,766 | ---- | M] () -- C:\Users\Emma\Documents\cc_20130329_115416.reg
[2013/03/29 09:26:09 | 000,001,077 | ---- | M] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2013/03/24 21:07:48 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/03/24 21:07:48 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/03/24 21:07:48 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/03/24 21:07:47 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/03/24 21:07:47 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/03/24 21:07:47 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/03/24 21:07:47 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/03/24 21:07:47 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/24 21:07:47 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/03/24 21:07:47 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/03/24 21:07:47 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/03/24 21:07:47 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/03/24 21:07:47 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/24 21:07:47 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/03/24 21:07:47 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/03/24 21:07:47 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/03/24 21:07:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/03/24 21:07:47 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/03/24 21:07:46 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/24 21:07:46 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/03/24 21:07:46 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/03/24 21:07:46 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/03/24 21:07:46 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/03/24 21:07:46 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/03/24 21:07:46 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/03/24 21:07:46 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/03/24 21:07:46 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/03/24 21:07:46 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/03/24 21:07:46 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/24 21:07:46 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/24 21:07:46 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/03/24 21:07:46 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/03/24 21:07:46 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/03/24 21:07:46 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/03/24 21:07:46 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/24 21:07:46 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/24 21:07:46 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/03/24 21:07:45 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/24 21:07:45 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/24 21:07:45 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/24 21:07:45 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/03/24 21:07:45 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/03/24 21:07:45 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/03/24 21:07:45 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/03/24 21:07:45 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/03/24 21:07:45 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/03/24 21:07:45 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/24 21:07:45 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/03/24 21:07:45 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/03/24 21:07:45 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/03/24 21:07:45 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/03/24 21:07:45 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/03/24 21:07:45 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/03/24 21:07:45 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/03/24 21:07:44 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/03/19 16:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/03/19 15:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/03/19 15:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/03/19 15:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/03/19 14:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/03/19 13:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
 
========== Files Created - No Company Name ==========
 
[2013/04/16 22:36:41 | 000,046,365 | ---- | C] () -- C:\Users\Emma\.recently-used.xbel
[2013/04/13 13:39:48 | 000,515,766 | ---- | C] () -- C:\Users\Emma\Documents\cc_20130329_115416.reg
[2013/04/13 13:39:48 | 000,463,587 | ---- | C] () -- C:\Users\Emma\Documents\TimeTable.jpg
[2013/04/13 13:39:48 | 000,211,550 | ---- | C] () -- C:\Users\Emma\Documents\Nightmare Night (piano).TIF
[2013/04/07 16:36:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2013/04/03 15:41:46 | 000,002,279 | ---- | C] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/03 15:19:22 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/03 15:19:21 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/29 09:26:09 | 000,001,077 | ---- | C] () -- C:\Users\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2013/03/29 09:26:09 | 000,001,065 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPS 影音.lnk
[2013/03/24 21:07:46 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/24 21:07:46 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/09/09 14:08:11 | 000,786,504 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602N.DAT
[2012/09/09 14:08:11 | 000,296,064 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602W.DAT
[2012/07/30 18:10:35 | 000,070,579 | ---- | C] () -- C:\Users\Emma\AppData\Roaming\icarus-dxdiag.xml
[2012/06/15 19:20:13 | 000,000,042 | ---- | C] () -- C:\Users\Emma\.gtk-bookmarks
[2012/04/20 23:56:36 | 000,163,283 | ---- | C] () -- C:\Users\Emma\OC-Pony.xcf
[2012/01/30 11:30:17 | 000,000,624 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/01/15 20:17:12 | 001,222,078 | ---- | C] () -- C:\Windows\SysWow64\MCI_Screensaver2_Uninstall.exe
[2012/01/15 20:17:07 | 001,233,408 | ---- | C] () -- C:\Windows\SysWow64\libvorbis.dll
[2012/01/15 20:17:07 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\libogg.dll
[2011/10/19 18:27:24 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/19 17:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 17:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/01/02 11:48:22 | 000,000,911 | ---- | C] () -- C:\Users\Emma\AppData\Roaming\coreavc.ini
 
========== ZeroAccess Check ==========
 
[2011/09/19 15:25:02 | 000,000,642 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2097730478-889219606-3178997141-1001\$R8RUUH5\Yogbox 1.8\mods\extra\TWEAK - Rei's Minimap\jar\reifnsk\minimap\n.png
[2011/01/21 20:21:42 | 000,001,095 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2097730478-889219606-3178997141-1001\$RR4HBZW\N.lnk
[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 15:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 14:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:661DFA1C
 
< End of report >


#10 satchfan

satchfan

  • Malware Response Team
  • 2,840 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:52 AM

Posted 17 April 2013 - 04:40 AM

In a log from your previous thread in the other forum, Thunder Look Player appeared like this:

迅雷看看高清播放组件

Please look again at your Programs and features and see if you can locate it as this was causing problems and needs to be removed.

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Run OTL
 

  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services:OTLPRC - [2013/03/01 09:05:30 | 000,356,176 | ---- | M] () -- C:\Program Files (x86)\SdDUpdService\SdDUpdService.exePRC - [2012/11/06 15:07:52 | 000,321,632 | ---- | M] () -- C:\Program Files (x86)\DWeather\dwthsvc.exeSRV - [2013/03/01 09:05:30 | 000,356,176 | ---- | M] () [Disabled | Running] -- C:\Program Files (x86)\SdDUpdService\SdDUpdService.exe -- (SdDUpdService)SRV - [2012/11/06 15:07:52 | 000,321,632 | ---- | M] () [Disabled | Start_Pending] -- C:\Program Files (x86)\DWeather\dwthsvc.exe -- (DWeather 天气预报服务)[2011/04/25 21:31:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Emma\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com[2012/05/14 19:29:36 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}O2 - BHO: (no name) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B80F591E-FE9A-46CF-A13E-180377240586} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No CLSID value found.O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab[2011/09/19 15:25:02 | 000,000,642 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2097730478-889219606-3178997141-1001\$R8RUUH5\Yogbox 1.8\mods\extra\TWEAK - Rei's Minimap\jar\reifnsk\minimap\n.png[2011/01/21 20:21:42 | 000,001,095 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2097730478-889219606-3178997141-1001\$RR4HBZW\N.lnk@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:661DFA1C:FilesC:\Program Files (x86)\DweatherC:\Program Files (x86)\SdDUpdService:Commands[purity][emptytemp][Reboot]
  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done
  • please post the OTL fix log

===================================================

Run SystemLook

 

Please run SystemLook again.
 

  • double-click SystemLook.exe to run it.
  • copy the content of the following codebox into the main textfield - please make sure you include the colon, (:), at the beginning.

     
    :filefind*迅雷看看高清播放组件**Thunder*:folderfind*迅雷看看高清播放组件**Thunder*:Regfind迅雷看看高清播放组件Thunder:dirC:\ProgramData\{8201D5FC-F086-4EE3-8441-4FAFB61B7583} /s

     
  • click the Look button to start the scan.
  • when finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

===================================================

Link 1
Link 2

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

  • double click on ComboFix.exe & follow the prompts.
  • when finished, it will produce a report: please post the C:\ComboFix.txt log in your reply.

Logs to include in the next post:

OTL fix log
SystemLook.txt
ComboFix.txt


Thanks

Satchfan
 


Edited by satchfan, 17 April 2013 - 05:09 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 Mythilas

Mythilas
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:08:52 PM

Posted 17 April 2013 - 05:27 AM

I can't find 迅雷看看高清播放组件.
 
OTL fix log
 
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
No active process named SdDUpdService.exe was found!
No active process named dwthsvc.exe was found!
Error: No service named SdDUpdService was found to stop!
Service\Driver key SdDUpdService not found.
C:\Program Files (x86)\SdDUpdService\SdDUpdService.exe moved successfully.
Error: No service named DWeather 天气预报服务 was found to stop!
Service\Driver key DWeather 天气预报服务 not found.
C:\Program Files (x86)\DWeather\dwthsvc.exe moved successfully.
C:\Users\Emma\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com folder moved successfully.
C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B80F591E-FE9A-46CF-A13E-180377240586} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B80F591E-FE9A-46CF-A13E-180377240586}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E}\ not found.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
C:\$Recycle.bin\S-1-5-21-2097730478-889219606-3178997141-1001\$R8RUUH5\Yogbox 1.8\mods\extra\TWEAK - Rei's Minimap\jar\reifnsk\minimap\n.png moved successfully.
C:\$Recycle.bin\S-1-5-21-2097730478-889219606-3178997141-1001\$RR4HBZW\N.lnk moved successfully.
ADS C:\ProgramData\TEMP:661DFA1C deleted successfully.
========== FILES ==========
C:\Program Files (x86)\DWeather folder moved successfully.
C:\Program Files (x86)\SdDUpdService folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Emma
->Temp folder emptied: 188154234 bytes
->Temporary Internet Files folder emptied: 140126970 bytes
->Java cache emptied: 1 bytes
->Google Chrome cache emptied: 145181201 bytes
->Flash cache emptied: 60227 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: wangrui.alan
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13100328 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 14562336979 bytes
 
Total Files Cleaned = 14,352.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04172013_194839
 
Files\Folders moved on Reboot...
C:\Users\Emma\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
SystemLook.txt
 
S y s t e m L o o k   3 0 . 0 7 . 1 1   b y   j p s h o r t s t u f f 
 
 L o g   c r e a t e d   a t   2 0 : 2 3   o n   1 7 / 0 4 / 2 0 1 3   b y   E m m a 
 
 A d m i n i s t r a t o r   -   E l e v a t i o n   s u c c e s s f u l 
 
 
 
 = = = = = = = = = =   f i l e f i n d   = = = = = = = = = = 
 
 
 
 S e a r c h i n g   f o r   " * 艔鳀ww貧n璬>e膥鯪* " 
 
 N o   f i l e s   f o u n d . 
 
 
 
 S e a r c h i n g   f o r   " * T h u n d e r * " 
 
 C : \ P r o g r a m   F i l e s \ W i n d o w s   S i d e b a r \ G a d g e t s \ W e a t h e r . G a d g e t \ i m a g e s \ d o c k e d _ b l a c k _ t h u n d e r s t o r m . p n g - - a - - - -   1 2 2 3 9   b y t e s [ 2 1 : 4 7   1 3 / 0 7 / 2 0 0 9 ] [ 2 0 : 5 8   1 0 / 0 6 / 2 0 0 9 ]   A 7 9 1 F 9 3 A 5 B F 6 2 5 6 4 C 2 1 2 1 D E 0 C D F E 1 7 9 0 
 
 C : \ P r o g r a m   F i l e s \ W i n d o w s   S i d e b a r \ G a d g e t s \ W e a t h e r . G a d g e t \ i m a g e s \ d o c k e d _ g r a y _ t h u n d e r s t o r m . p n g - - a - - - -   1 2 7 5 7   b y t e s [ 2 1 : 4 7   1 3 / 0 7 / 2 0 0 9 ] [ 2 0 : 5 8   1 0 / 0 6 / 2 0 0 9 ]   D 8 2 D C 2 3 A 9 4 A E 9 3 1 B D C F 3 7 8 1 3 C F C 1 F 4 F 9 
 
 C : \ P r o g r a m   F i l e s \ W i n d o w s   S i d e b a r \ G a d g e t s \ W e a t h e r . G a d g e t \ i m a g e s \ u n d o c k e d _ b l a c k _ t h u n d e r s t o r m . p n g - - a - - - -   3 1 2 9 6   b y t e s [ 2 1 : 4 7   1 3 / 0 7 / 2 0 0 9 ] [ 2 0 : 5 8   1 0 / 0 6 / 2 0 0 9 ]   1 7 8 F A 4 F E B C 9 4 8 D C B F 3 8 0 3 D 3 0 8 D 9 A F 9 4 E 
 
 C : \ P r o g r a m   F i l e s \ W i n d o w s   S i d e b a r \ G a d g e t s \ W e a t h e r . G a d g e t \ i m a g e s \ u n d o c k e d _ g r a y _ t h u n d e r s t o r m . p n g - - a - - - -   3 7 5 8 4   b y t e s [ 2 1 : 4 7   1 3 / 0 7 / 2 0 0 9 ] [ 2 0 : 5 8   1 0 / 0 6 / 2 0 0 9 ]   1 8 4 4 6 8 F 3 F 7 9 B B 1 2 2 1 5 C 5 5 4 0 B F A 7 0 6 3 C 8 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ J a v a \ j r e 7 \ l i b \ z i \ A m e r i c a \ T h u n d e r _ B a y - - a - - - -   1 1 8 8   b y t e s [ 0 2 : 5 6   3 0 / 0 3 / 2 0 1 3 ] [ 0 2 : 5 6   3 0 / 0 3 / 2 0 1 3 ]   5 7 3 B 1 0 3 D B 6 B C 2 E A D B 0 8 E D 2 6 D 2 D 9 6 9 B 8 0 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ a m n e s i a   t h e   d a r k   d e s c e n t \ s o u n d s \ 2 2 \ 2 2 _ a m b _ t h u n d e r . o g g - - a - - - -   5 0 0 9 8 4   b y t e s [ 0 9 : 5 3   2 2 / 0 1 / 2 0 1 2 ] [ 0 9 : 5 3   2 2 / 0 1 / 2 0 1 2 ]   A 8 C 1 6 2 0 2 6 D A A 9 2 9 E 3 6 0 8 4 7 A 5 2 C 6 F E F B B 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ a m n e s i a   t h e   d a r k   d e s c e n t \ s o u n d s \ 2 2 \ 2 2 _ a m b _ t h u n d e r . s n t - - a - - - -   3 2 8   b y t e s [ 0 9 : 2 2   2 2 / 0 1 / 2 0 1 2 ] [ 0 9 : 2 2   2 2 / 0 1 / 2 0 1 2 ]   7 2 0 C C B 9 3 1 E 5 A 1 F 9 B 3 4 8 A A 8 1 7 F 8 4 3 B A 3 6 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ a m n e s i a   t h e   d a r k   d e s c e n t \ s o u n d s \ g e n e r a l \ g e n e r a l _ t h u n d e r . s n t - - a - - - -   6 3 3   b y t e s [ 0 9 : 5 1   2 2 / 0 1 / 2 0 1 2 ] [ 0 9 : 5 1   2 2 / 0 1 / 2 0 1 2 ]   C 7 2 D A 2 8 C 3 C 8 2 8 D 1 8 9 0 B 5 0 2 1 D E F 4 5 5 2 B E 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ a m n e s i a   t h e   d a r k   d e s c e n t \ s o u n d s \ g e n e r a l \ g e n e r a l _ t h u n d e r 1 . o g g - - a - - - -   1 4 6 7 3 1   b y t e s [ 0 9 : 5 2   2 2 / 0 1 / 2 0 1 2 ] [ 0 9 : 5 2   2 2 / 0 1 / 2 0 1 2 ]   3 4 0 9 F F E 0 F 4 E D 4 6 2 3 0 8 9 9 6 B E A C 0 7 E C 2 0 3 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ a m n e s i a   t h e   d a r k   d e s c e n t \ s o u n d s \ g e n e r a l \ g e n e r a l _ t h u n d e r 2 . o g g - - a - - - -   1 0 9 5 1 9   b y t e s [ 0 9 : 2 6   2 2 / 0 1 / 2 0 1 2 ] [ 0 9 : 2 6   2 2 / 0 1 / 2 0 1 2 ]   7 F 1 C D C 7 A F 2 2 7 E A 1 B 9 F 3 9 7 8 B 4 8 D E D 7 2 2 5 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ a m n e s i a   t h e   d a r k   d e s c e n t \ s o u n d s \ g e n e r a l \ g e n e r a l _ t h u n d e r 3 . o g g - - a - - - -   1 7 7 0 2 6   b y t e s [ 0 9 : 5 7   2 2 / 0 1 / 2 0 1 2 ] [ 0 9 : 5 7   2 2 / 0 1 / 2 0 1 2 ]   7 7 2 3 2 8 F B E E E E C B 2 0 2 7 B C 9 B A 7 8 6 A B 9 6 A F 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ a m n e s i a   t h e   d a r k   d e s c e n t \ s o u n d s \ g e n e r a l \ g e n e r a l _ t h u n d e r 4 . o g g - - a - - - -   1 7 6 6 5 5   b y t e s [ 0 9 : 3 5   2 2 / 0 1 / 2 0 1 2 ] [ 0 9 : 3 5   2 2 / 0 1 / 2 0 1 2 ]   9 5 0 0 1 2 7 6 8 2 2 0 B 8 9 0 8 8 E 4 D 2 C 0 3 1 1 1 7 C 0 A 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ a m n e s i a   t h e   d a r k   d e s c e n t \ s o u n d s \ g e n e r a l \ g e n e r a l _ t h u n d e r 5 . o g g - - a - - - -   1 4 8 8 2 8   b y t e s [ 0 9 : 4 3   2 2 / 0 1 / 2 0 1 2 ] [ 0 9 : 4 3   2 2 / 0 1 / 2 0 1 2 ]   1 1 3 3 4 2 5 5 B 6 3 1 2 E 1 5 D 8 D 9 A 8 9 E 1 0 8 E 3 8 6 0 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ a m n e s i a   t h e   d a r k   d e s c e n t \ s o u n d s \ g e n e r a l \ g e n e r a l _ t h u n d e r 6 . o g g - - a - - - -   1 3 2 0 8 2   b y t e s [ 0 9 : 3 1   2 2 / 0 1 / 2 0 1 2 ] [ 0 9 : 3 1   2 2 / 0 1 / 2 0 1 2 ]   6 F F 0 0 6 2 C 3 E E 8 E 0 7 F A 4 A D 4 F 0 9 F E E 0 5 C 4 D 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ a m n e s i a   t h e   d a r k   d e s c e n t \ s o u n d s \ g e n e r a l \ g e n e r a l _ t h u n d e r 7 . o g g - - a - - - -   1 3 1 6 6 0   b y t e s [ 0 9 : 5 4   2 2 / 0 1 / 2 0 1 2 ] [ 0 9 : 5 4   2 2 / 0 1 / 2 0 1 2 ]   9 D 5 9 8 D 9 7 4 C 0 8 8 7 B 6 B 2 0 D F F A D 7 9 A 1 B 6 9 6 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ a m n e s i a   t h e   d a r k   d e s c e n t \ s o u n d s \ g e n e r a l \ g e n e r a l _ t h u n d e r 8 . o g g - - a - - - -   1 7 3 7 0 3   b y t e s [ 0 9 : 4 7   2 2 / 0 1 / 2 0 1 2 ] [ 0 9 : 4 7   2 2 / 0 1 / 2 0 1 2 ]   7 2 D F B 2 C 6 9 8 3 C C B 1 7 F 4 D 8 4 8 2 3 0 5 9 8 8 4 D F 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ a m n e s i a   t h e   d a r k   d e s c e n t \ s o u n d s \ g e n e r a l \ g e n e r a l _ t h u n d e r 9 . o g g - - a - - - -   1 9 3 9 2 0   b y t e s [ 0 9 : 4 5   2 2 / 0 1 / 2 0 1 2 ] [ 0 9 : 4 5   2 2 / 0 1 / 2 0 1 2 ]   B 4 3 F D 2 B C 4 3 1 D 1 1 C 5 8 8 A 0 5 4 4 5 F A 5 6 B A 6 2 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ D i s h o n o r e d \ D i s h o n o r e d G a m e \ C o o k e d P C C o n s o l e \ B a n k _ A m b _ T h u n d e r _ C l a p . p c k - - a - - - -   1 0 9 8 6 8 1   b y t e s [ 0 5 : 0 2   2 6 / 1 1 / 2 0 1 2 ] [ 0 7 : 1 7   2 9 / 1 1 / 2 0 1 2 ]   F D 2 B D 5 5 7 4 3 7 7 E 3 B 7 6 1 9 6 4 A 5 D 9 F 6 6 9 D 7 C 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ D i s h o n o r e d \ D i s h o n o r e d G a m e \ C o o k e d P C C o n s o l e \ B a n k _ A m b _ T h u n d e r _ R u m b l e _ L P F . p c k - - a - - - -   1 2 6 1 8 8 7   b y t e s [ 0 5 : 0 2   2 6 / 1 1 / 2 0 1 2 ] [ 0 7 : 5 8   2 9 / 1 1 / 2 0 1 2 ]   4 3 7 E 9 F 8 F F 0 B 9 B E E 7 D A D C D 7 0 3 5 B 2 E D 4 F 6 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ l e f t   4   d e a d   2 \ l e f t 4 d e a d 2 \ s o u n d \ a m b i e n t \ a m b i e n c e \ r a i n s c a p e s \ t h u n d e r _ c l o s e 0 1 . w a v - - a - - - -   7 6 0 4 7 6   b y t e s [ 0 2 : 0 0   2 7 / 1 1 / 2 0 1 1 ] [ 0 2 : 0 1   2 7 / 1 1 / 2 0 1 1 ]   E 1 B A 3 E 8 9 E B 4 9 2 C B 6 B 3 6 3 4 8 A F D 5 2 F E 6 A 1 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ l e f t   4   d e a d   2 \ l e f t 4 d e a d 2 \ s o u n d \ a m b i e n t \ a m b i e n c e \ r a i n s c a p e s \ t h u n d e r _ c l o s e 0 2 . w a v - - a - - - -   8 4 3 4 4 8   b y t e s [ 2 0 : 2 1   2 6 / 1 1 / 2 0 1 1 ] [ 2 0 : 2 1   2 6 / 1 1 / 2 0 1 1 ]   B 5 5 2 4 F 9 9 D 8 0 D 3 D 9 F 0 3 9 D 3 8 3 3 C F 5 5 5 A 7 9 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ l e f t   4   d e a d   2 \ l e f t 4 d e a d 2 \ s o u n d \ a m b i e n t \ a m b i e n c e \ r a i n s c a p e s \ t h u n d e r _ c l o s e 0 3 . w a v - - a - - - -   9 1 1 2 1 2   b y t e s [ 2 3 : 2 5   2 6 / 1 1 / 2 0 1 1 ] [ 2 3 : 2 5   2 6 / 1 1 / 2 0 1 1 ]   8 C E 2 E C 6 8 4 4 2 3 D 9 C 8 6 D 4 6 2 5 D 9 A 2 A D E 9 D 1 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ l e f t   4   d e a d   2 \ l e f t 4 d e a d 2 \ s o u n d \ a m b i e n t \ a m b i e n c e \ r a i n s c a p e s \ t h u n d e r _ c l o s e 0 4 . w a v - - a - - - -   9 8 8 8 4 8   b y t e s [ 0 8 : 5 7   2 7 / 1 1 / 2 0 1 1 ] [ 0 8 : 5 8   2 7 / 1 1 / 2 0 1 1 ]   1 5 F C 6 7 9 9 E 2 5 7 8 D D 3 9 E B 0 0 4 9 C 2 6 F 5 4 F E 7 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ l e f t   4   d e a d   2 \ l e f t 4 d e a d 2 \ s o u n d \ a m b i e n t \ a m b i e n c e \ r a i n s c a p e s \ t h u n d e r _ d i s t a n t 0 1 . w a v - - a - - - -   7 9 0 0 6 4   b y t e s [ 0 1 : 3 2   2 7 / 1 1 / 2 0 1 1 ] [ 0 1 : 3 2   2 7 / 1 1 / 2 0 1 1 ]   F 6 8 E B 1 3 8 E 2 C E 2 F 3 3 0 2 A 9 8 5 1 9 5 6 8 5 1 9 E F 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ l e f t   4   d e a d   2 \ l e f t 4 d e a d 2 \ s o u n d \ a m b i e n t \ a m b i e n c e \ r a i n s c a p e s \ t h u n d e r _ d i s t a n t 0 2 . w a v - - a - - - -   1 2 1 6 3 4 4   b y t e s [ 0 8 : 5 4   2 7 / 1 1 / 2 0 1 1 ] [ 0 8 : 5 6   2 7 / 1 1 / 2 0 1 1 ]   5 6 8 A 8 5 E F 6 F 9 3 E 7 1 7 9 E C C 8 0 F 5 A B C 0 1 1 8 2 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ l e f t   4   d e a d   2 \ l e f t 4 d e a d 2 \ s o u n d \ a m b i e n t \ a m b i e n c e \ r a i n s c a p e s \ t h u n d e r _ d i s t a n t 0 3 . w a v - - a - - - -   6 2 5 1 7 2   b y t e s [ 2 2 : 4 3   2 6 / 1 1 / 2 0 1 1 ] [ 2 2 : 4 3   2 6 / 1 1 / 2 0 1 1 ]   2 6 A B 2 F 8 A C 3 6 8 4 4 5 D A E F C B 7 E 4 3 C F 6 C C 0 0 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ l e f t   4   d e a d   2 \ l e f t 4 d e a d 2 \ s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r s t o r m \ t h u n d e r _ 1 . w a v - - a - - - -   1 5 1 7 7 3 2   b y t e s [ 0 0 : 5 7   2 7 / 1 1 / 2 0 1 1 ] [ 0 0 : 5 8   2 7 / 1 1 / 2 0 1 1 ]   A 1 2 0 8 4 6 D 3 C 1 A B 1 4 E F 6 F 3 2 A 9 B 7 E 7 F 6 C 9 9 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ l e f t   4   d e a d   2 \ l e f t 4 d e a d 2 \ s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r s t o r m \ t h u n d e r _ 2 . w a v - - a - - - -   2 0 9 6 8 1 6   b y t e s [ 0 1 : 5 7   2 7 / 1 1 / 2 0 1 1 ] [ 0 1 : 5 7   2 7 / 1 1 / 2 0 1 1 ]   5 2 1 F D B 8 D B 0 E 0 C E 0 1 F A A C 5 4 1 C C 4 7 F 7 D 9 5 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ l e f t   4   d e a d   2 \ l e f t 4 d e a d 2 \ s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r s t o r m \ t h u n d e r _ 3 . w a v - - a - - - -   1 5 1 8 1 1 2   b y t e s [ 0 7 : 0 8   2 7 / 1 1 / 2 0 1 1 ] [ 0 7 : 0 9   2 7 / 1 1 / 2 0 1 1 ]   0 7 8 2 9 A 3 2 F 4 D 2 1 1 0 3 8 B 0 3 E A 6 2 9 4 5 F 4 B 6 C 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ l e f t   4   d e a d   2 \ l e f t 4 d e a d 2 \ s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r s t o r m \ t h u n d e r _ f a r _ a w a y _ 1 . w a v - - a - - - -   1 3 2 7 3 9 6   b y t e s [ 2 3 : 0 6   2 6 / 1 1 / 2 0 1 1 ] [ 2 3 : 0 6   2 6 / 1 1 / 2 0 1 1 ]   0 0 B 9 9 C 8 E 9 6 0 3 A 4 4 D E 2 6 E A B 2 E A 9 3 2 6 F D 1 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ l e f t   4   d e a d   2 \ l e f t 4 d e a d 2 \ s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r s t o r m \ t h u n d e r _ f a r _ a w a y _ 2 . w a v - - a - - - -   1 9 8 6 5 4 4   b y t e s [ 0 7 : 5 6   2 7 / 1 1 / 2 0 1 1 ] [ 0 7 : 5 6   2 7 / 1 1 / 2 0 1 1 ]   5 0 7 D 9 E 2 7 F 3 D B 8 F 5 1 F A E 1 C 5 4 6 9 F 6 F 1 A 8 E 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S a m   a n d   M a x   S e a s o n   2   E p i s o d e   2 \ P a c k \ S a m M a x 2 0 2 _ e n g l i s h \ o b j _ C l o u d T h u n d e r . a u d - - a - - - -   1 2 3 7 4   b y t e s [ 0 5 : 4 4   1 2 / 0 2 / 2 0 1 2 ] [ 0 5 : 4 5   1 2 / 0 2 / 2 0 1 2 ]   C 4 5 C F 8 C 0 5 2 8 C 6 9 3 7 3 A 0 B C B 2 B A B 8 E C 1 7 C 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S a m   a n d   M a x   S e a s o n   2   E p i s o d e   3 \ P a c k \ S a m M a x 2 0 3 _ e n g l i s h \ a m b _ T h u n d e r _ 0 1 . a u d - - a - - - -   2 2 8 9 3   b y t e s [ 0 5 : 5 2   1 2 / 0 2 / 2 0 1 2 ] [ 0 5 : 5 2   1 2 / 0 2 / 2 0 1 2 ]   3 2 1 8 6 D E 9 0 9 3 0 8 2 A 1 7 B E A F 3 E E D 9 C E 1 0 5 8 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S a m   a n d   M a x   S e a s o n   2   E p i s o d e   3 \ P a c k \ S a m M a x 2 0 3 _ e n g l i s h \ a m b _ T h u n d e r _ 0 2 . a u d - - a - - - -   2 9 6 8 8   b y t e s [ 0 5 : 5 2   1 2 / 0 2 / 2 0 1 2 ] [ 0 5 : 5 2   1 2 / 0 2 / 2 0 1 2 ]   8 A 2 E C 7 5 B 7 C A A F 8 9 D 7 0 6 7 7 5 7 4 7 5 A 9 F F 5 2 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S a m   a n d   M a x   S e a s o n   2   E p i s o d e   3 \ P a c k \ S a m M a x 2 0 3 _ e n g l i s h \ a m b _ T h u n d e r _ 0 3 . a u d - - a - - - -   2 8 6 2 6   b y t e s [ 0 5 : 5 2   1 2 / 0 2 / 2 0 1 2 ] [ 0 5 : 5 2   1 2 / 0 2 / 2 0 1 2 ]   3 D 1 5 7 2 E B A B 6 8 6 F 0 F E 2 6 C 0 D B A 8 6 1 8 A 8 C 7 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S a m   a n d   M a x   S e a s o n   2   E p i s o d e   3 \ P a c k \ S a m M a x 2 0 3 _ e n g l i s h \ a m b _ T h u n d e r _ 0 4 . a u d - - a - - - -   2 3 1 0 6   b y t e s [ 0 5 : 5 2   1 2 / 0 2 / 2 0 1 2 ] [ 0 5 : 5 2   1 2 / 0 2 / 2 0 1 2 ]   7 B 6 4 B D 7 9 2 2 2 0 3 A D B 8 8 F 0 2 3 1 7 4 0 6 1 F A D 2 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S a m   a n d   M a x   S e a s o n   2   E p i s o d e   3 \ P a c k \ S a m M a x 2 0 3 _ e n g l i s h \ a m b _ T h u n d e r _ 0 5 . a u d - - a - - - -   3 0 5 6 5   b y t e s [ 0 5 : 5 2   1 2 / 0 2 / 2 0 1 2 ] [ 0 5 : 5 2   1 2 / 0 2 / 2 0 1 2 ]   B 4 8 2 D F E 0 3 E 1 C 1 6 B 1 5 C F 3 3 C 1 9 A 1 D 8 6 6 0 B 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S a m   a n d   M a x   S e a s o n   2   E p i s o d e   3 \ P a c k \ S a m M a x 2 0 3 _ e n g l i s h \ a m b _ T h u n d e r _ 0 6 . a u d - - a - - - -   3 1 0 5 2   b y t e s [ 0 5 : 5 2   1 2 / 0 2 / 2 0 1 2 ] [ 0 5 : 5 2   1 2 / 0 2 / 2 0 1 2 ]   3 9 6 0 3 A 9 5 4 9 E 5 4 F 1 5 C 4 9 D 8 8 B 0 0 2 1 9 2 F B 7 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S a m   a n d   M a x   S e a s o n   2   E p i s o d e   3 \ P a c k \ S a m M a x 2 0 3 _ e n g l i s h \ a m b _ T h u n d e r _ 0 7 . a u d - - a - - - -   2 8 1 5 6   b y t e s [ 0 5 : 5 2   1 2 / 0 2 / 2 0 1 2 ] [ 0 5 : 5 2   1 2 / 0 2 / 2 0 1 2 ]   5 4 7 5 A E 2 9 9 1 6 1 8 7 1 3 4 7 D 9 C B 3 C C F D B 4 F E 9 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S a m   a n d   M a x   S e a s o n   2   E p i s o d e   3 \ P a c k \ S a m M a x 2 0 3 _ e n g l i s h \ a m b _ T h u n d e r _ 0 8 . a u d - - a - - - -   4 4 6 8 7   b y t e s [ 0 5 : 5 2   1 2 / 0 2 / 2 0 1 2 ] [ 0 5 : 5 3   1 2 / 0 2 / 2 0 1 2 ]   6 A F C 4 F 5 9 8 4 9 E D C D D 8 C 3 6 1 6 6 4 9 D 3 D 9 7 4 0 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S a m   a n d   M a x   S e a s o n   2   E p i s o d e   3 \ P a c k \ S a m M a x 2 0 3 _ e n g l i s h \ a m b _ T h u n d e r _ 0 9 . a u d - - a - - - -   4 2 2 1 5   b y t e s [ 0 5 : 5 2   1 2 / 0 2 / 2 0 1 2 ] [ 0 5 : 5 3   1 2 / 0 2 / 2 0 1 2 ]   4 6 7 7 A 6 0 3 9 A 9 B 0 D 0 2 2 D C 0 2 5 B C 7 8 7 7 8 3 9 8 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S a m   a n d   M a x   S e a s o n   2   E p i s o d e   3 \ P a c k \ S a m M a x 2 0 3 _ e n g l i s h \ a m b _ T h u n d e r _ 1 0 . a u d - - a - - - -   4 1 6 2 8   b y t e s [ 0 5 : 5 2   1 2 / 0 2 / 2 0 1 2 ] [ 0 5 : 5 3   1 2 / 0 2 / 2 0 1 2 ]   1 B 9 4 0 5 5 0 9 B A 3 F 1 0 3 E 4 F 8 2 3 9 0 2 6 1 1 4 F 7 A 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S a m   a n d   M a x   S e a s o n   2   E p i s o d e   4 \ P a c k \ S a m M a x 2 0 4 _ e n g l i s h \ a m b _ T h u n d e r _ 0 8 . a u d - - a - - - -   4 4 6 8 7   b y t e s [ 0 6 : 2 8   1 2 / 0 2 / 2 0 1 2 ] [ 0 6 : 2 8   1 2 / 0 2 / 2 0 1 2 ]   6 A F C 4 F 5 9 8 4 9 E D C D D 8 C 3 6 1 6 6 4 9 D 3 D 9 7 4 0 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S a m   a n d   M a x   S e a s o n   2   E p i s o d e   5 \ P a c k \ S a m M a x 2 0 5 _ e n g l i s h \ a m b _ T h u n d e r _ 0 8 . a u d - - a - - - -   4 4 7 8 0   b y t e s [ 0 6 : 3 7   1 2 / 0 2 / 2 0 1 2 ] [ 0 6 : 3 7   1 2 / 0 2 / 2 0 1 2 ]   E 1 3 3 B 4 6 9 9 1 8 0 F 6 5 5 A E 3 8 8 3 D E 8 8 1 A 0 C 3 C 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S a m   a n d   M a x   S e a s o n   2   E p i s o d e   5 \ P a c k \ S a m M a x 2 0 5 _ e n g l i s h \ a m b _ T h u n d e r _ 0 9 . a u d - - a - - - -   4 2 3 0 8   b y t e s [ 0 6 : 3 7   1 2 / 0 2 / 2 0 1 2 ] [ 0 6 : 3 7   1 2 / 0 2 / 2 0 1 2 ]   8 4 A C 1 0 0 8 9 0 B 4 D 0 1 C F C F 1 A 7 5 7 B 9 6 B C 7 9 0 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S a m   a n d   M a x   S e a s o n   2   E p i s o d e   5 \ P a c k \ S a m M a x 2 0 5 _ e n g l i s h \ a m b _ T h u n d e r _ 1 0 . a u d - - a - - - -   4 1 7 2 1   b y t e s [ 0 6 : 3 7   1 2 / 0 2 / 2 0 1 2 ] [ 0 6 : 3 7   1 2 / 0 2 / 2 0 1 2 ]   0 C A 1 0 6 5 3 B 5 A E 1 A 5 5 0 7 7 1 F 7 D A F 6 B A 3 6 E 1 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ h l 2 \ s o u n d \ a m b i e n t \ a t m o s p h e r e \ t h u n d e r 1 . w a v - - a - - - -   1 4 6 0 4 4   b y t e s [ 0 6 : 0 3   1 1 / 1 1 / 2 0 1 2 ] [ 0 6 : 0 3   1 1 / 1 1 / 2 0 1 2 ]   8 0 A 2 7 2 B 5 D B D B 2 0 9 5 3 0 F B D F 2 3 9 0 F 4 E B D B 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ h l 2 \ s o u n d \ a m b i e n t \ a t m o s p h e r e \ t h u n d e r 2 . w a v - - a - - - -   1 7 0 6 2 0   b y t e s [ 0 6 : 0 3   1 1 / 1 1 / 2 0 1 2 ] [ 0 6 : 0 3   1 1 / 1 1 / 2 0 1 2 ]   6 A 0 A 8 5 D D 0 9 5 D 5 4 9 B 5 D 2 9 C E 4 C E 0 2 6 3 1 4 9 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ h l 2 \ s o u n d \ a m b i e n t \ a t m o s p h e r e \ t h u n d e r 3 . w a v - - a - - - -   3 7 0 8 1 0   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 5 : 5 8   1 1 / 1 1 / 2 0 1 2 ]   C 9 E 3 4 D C D 8 8 E 8 C 2 3 B 7 D B 2 1 1 B 6 F D B 4 F C A 6 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ h l 2 \ s o u n d \ a m b i e n t \ a t m o s p h e r e \ t h u n d e r 4 . w a v - - a - - - -   3 5 8 5 2 2   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 6 : 1 2   1 1 / 1 1 / 2 0 1 2 ]   3 F 4 4 A F A A 8 C 9 B C C 8 2 8 9 1 3 E F 0 2 F 9 B 2 2 5 F 2 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ h l 2 \ s o u n d \ a m b i e n t \ l e v e l s \ l a b s \ t e l e p o r t _ p o s t b l a s t _ t h u n d e r 1 . w a v - - a - - - -   7 7 0 0 6 4   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 6 : 1 7   1 1 / 1 1 / 2 0 1 2 ]   F 0 3 D 4 2 B 7 7 F 2 4 E 9 F F D C 6 4 B 7 1 E 4 A C 5 F 8 6 9 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ s d k t o o l s \ p y t h o n \ 2 . 6 \ w i n 3 2 \ t c l \ t c l 8 . 5 \ t z d a t a \ A m e r i c a \ T h u n d e r _ B a y - - a - - - -   8 3 3 0   b y t e s [ 0 5 : 4 6   1 2 / 1 1 / 2 0 1 2 ] [ 0 5 : 4 6   1 2 / 1 1 / 2 0 1 2 ]   8 D D 2 E 2 9 8 A E B 6 7 2 F 3 2 A D 8 B 4 4 A 0 A 8 4 4 3 1 A 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n . b s p - - a - - - -   7 9 0 2 6 8 5 6   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 9 : 3 2   1 2 / 1 1 / 2 0 1 2 ]   B 5 4 F 2 F 5 C C A 5 1 F 0 A C 2 5 5 D 3 8 F D B F 3 B 4 8 1 7 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n . n a v - - a - - - -   4 1 0 1 5 9 5   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 5 : 4 4   1 2 / 1 1 / 2 0 1 2 ]   0 0 7 8 8 6 9 A 7 B 2 6 A A E 2 6 2 2 3 5 1 7 0 4 7 9 A 0 E 5 0 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n _ d a n i s h . t x t - - a - - - -   3 3 0   b y t e s [ 0 5 : 1 0   1 2 / 1 1 / 2 0 1 2 ] [ 0 5 : 1 0   1 2 / 1 1 / 2 0 1 2 ]   2 B 3 C 9 8 1 B 4 C 1 B 3 3 6 A 1 A 9 7 6 C 8 7 A C B C C D F A 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n _ d u t c h . t x t - - a - - - -   4 3 8   b y t e s [ 0 5 : 2 3   1 1 / 1 1 / 2 0 1 2 ] [ 0 5 : 2 3   1 1 / 1 1 / 2 0 1 2 ]   F A 3 5 6 5 C 1 D 6 6 8 B B B 7 B F 3 E 6 0 3 4 2 7 5 C B 2 3 A 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n _ e n g l i s h . t x t - - a - - - -   3 2 6   b y t e s [ 0 5 : 2 3   1 1 / 1 1 / 2 0 1 2 ] [ 0 5 : 2 3   1 1 / 1 1 / 2 0 1 2 ]   3 4 E B E 6 0 A A 6 3 F B D 4 F A 9 1 B F D 1 6 E F E D 9 E 0 5 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n _ f i n n i s h . t x t - - a - - - -   3 5 0   b y t e s [ 0 5 : 1 7   1 2 / 1 1 / 2 0 1 2 ] [ 0 5 : 1 7   1 2 / 1 1 / 2 0 1 2 ]   6 F 8 A A 9 5 5 3 A 2 5 F 0 1 E D 5 5 3 9 5 C 4 D 8 7 5 5 0 0 6 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n _ f r e n c h . t x t - - a - - - -   4 1 2   b y t e s [ 0 5 : 0 5   1 2 / 1 1 / 2 0 1 2 ] [ 0 5 : 0 5   1 2 / 1 1 / 2 0 1 2 ]   0 B 8 A F 0 C 6 9 B C 9 F 0 2 7 1 C 4 7 7 9 C 7 C 1 F 5 A 7 4 9 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n _ g e r m a n . t x t - - a - - - -   4 0 2   b y t e s [ 0 5 : 1 0   1 2 / 1 1 / 2 0 1 2 ] [ 0 5 : 1 0   1 2 / 1 1 / 2 0 1 2 ]   0 1 5 F 0 D A F 0 A A A 6 3 C C 4 4 0 E A C 9 4 1 E B 1 6 0 3 0 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n _ i t a l i a n . t x t - - a - - - -   3 3 2   b y t e s [ 0 5 : 1 7   1 2 / 1 1 / 2 0 1 2 ] [ 0 5 : 1 7   1 2 / 1 1 / 2 0 1 2 ]   B 1 2 A 9 5 B 5 F 7 D 6 A 4 C F 5 6 2 4 D 1 5 9 F 9 9 8 4 5 B D 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n _ j a p a n e s e . t x t - - a - - - -   1 9 2   b y t e s [ 0 5 : 2 3   1 1 / 1 1 / 2 0 1 2 ] [ 0 5 : 2 3   1 1 / 1 1 / 2 0 1 2 ]   5 8 E 2 D 0 0 D 2 3 5 0 A F 6 0 7 A 8 0 2 C D 9 1 7 A 7 A F 0 7 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n _ k o r e a n . t x t - - a - - - -   1 7 4   b y t e s [ 0 5 : 1 0   1 2 / 1 1 / 2 0 1 2 ] [ 0 5 : 1 0   1 2 / 1 1 / 2 0 1 2 ]   5 A E 2 6 0 9 A A F E 9 B 2 2 7 8 8 C F D 3 6 C B 7 1 3 7 F 0 D 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n _ n o r w e g i a n . t x t - - a - - - -   3 5 6   b y t e s [ 0 5 : 1 7   1 2 / 1 1 / 2 0 1 2 ] [ 0 5 : 1 7   1 2 / 1 1 / 2 0 1 2 ]   2 A 2 E 5 F A 0 3 1 0 4 9 9 8 D E 3 1 1 1 5 4 D E C A 6 4 3 D 9 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n _ p o l i s h . t x t - - a - - - -   3 1 6   b y t e s [ 0 5 : 2 3   1 1 / 1 1 / 2 0 1 2 ] [ 0 5 : 2 3   1 1 / 1 1 / 2 0 1 2 ]   C 9 3 D B 4 1 4 1 1 D E F 6 3 8 C C F 0 7 F 6 0 8 C 2 6 D 4 8 2 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n _ p o r t u g u e s e . t x t - - a - - - -   3 8 0   b y t e s [ 1 0 : 3 1   1 1 / 1 1 / 2 0 1 2 ] [ 1 0 : 3 1   1 1 / 1 1 / 2 0 1 2 ]   9 D A 3 5 6 7 4 B 9 2 D 4 A C E 2 B 2 2 A 8 8 2 9 A 8 5 8 8 A 5 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n _ r u s s i a n . t x t - - a - - - -   4 3 4   b y t e s [ 0 5 : 2 3   1 1 / 1 1 / 2 0 1 2 ] [ 0 5 : 2 3   1 1 / 1 1 / 2 0 1 2 ]   3 4 4 A 1 1 1 2 5 C F 8 9 2 0 8 5 1 5 4 8 7 8 F 3 1 0 D 1 6 A 0 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n _ s c h i n e s e . t x t - - a - - - -   1 2 4   b y t e s [ 1 0 : 3 1   1 1 / 1 1 / 2 0 1 2 ] [ 1 0 : 3 1   1 1 / 1 1 / 2 0 1 2 ]   6 D 1 B 6 C D 1 C D F 5 B A 9 E 6 5 0 5 A A 6 1 4 8 C D E F 1 A 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n _ s p a n i s h . t x t - - a - - - -   4 1 6   b y t e s [ 0 5 : 2 3   1 1 / 1 1 / 2 0 1 2 ] [ 0 5 : 2 3   1 1 / 1 1 / 2 0 1 2 ]   3 1 8 3 6 D 0 2 E C A 3 F 3 4 2 C 2 4 B 0 A 1 0 E E 8 7 C A 7 7 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n _ s w e d i s h . t x t - - a - - - -   3 4 8   b y t e s [ 0 5 : 1 0   1 2 / 1 1 / 2 0 1 2 ] [ 0 5 : 1 0   1 2 / 1 1 / 2 0 1 2 ]   E 6 3 7 A 5 F 3 8 F C 2 8 B 5 3 8 0 C 6 C E 5 6 7 D 5 5 7 5 D 8 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ p l _ t h u n d e r m o u n t a i n _ t c h i n e s e . t x t - - a - - - -   1 1 8   b y t e s [ 0 5 : 1 7   1 2 / 1 1 / 2 0 1 2 ] [ 0 5 : 1 7   1 2 / 1 1 / 2 0 1 2 ]   6 C B E 6 0 7 6 B 5 F 9 B F 4 1 D A 6 F 4 E 1 E 8 A 6 B B A 8 E 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a p s \ s o u n d c a c h e \ p l _ t h u n d e r m o u n t a i n . m a n i f e s t - - a - - - -   1 5 3 7 0 2   b y t e s [ 0 5 : 5 3   1 2 / 1 1 / 2 0 1 2 ] [ 0 5 : 5 3   1 2 / 1 1 / 2 0 1 2 ]   D D 7 5 1 3 D 7 6 0 C A 8 8 A A 5 C A C A 9 6 2 0 A 9 D 9 F 6 D 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a t e r i a l s \ v g u i \ m a p s \ m e n u _ p h o t o s _ p l _ t h u n d e r m o u n t a i n . v m t - - a - - - -   1 3 5   b y t e s [ 0 7 : 0 9   1 1 / 1 1 / 2 0 1 2 ] [ 0 7 : 0 9   1 1 / 1 1 / 2 0 1 2 ]   1 1 8 5 C 2 E 4 6 3 A 0 F 9 A D D B D A 6 9 B 1 0 9 8 1 5 F F 9 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a t e r i a l s \ v g u i \ m a p s \ m e n u _ p h o t o s _ p l _ t h u n d e r m o u n t a i n . v t f - - a - - - -   3 4 9 7 8 4   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 7 : 3 7   1 2 / 1 1 / 2 0 1 2 ]   6 C 5 8 C B C 1 0 B A 1 D A 3 E 0 0 8 0 2 0 1 7 3 7 0 3 F D 9 E 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a t e r i a l s \ v g u i \ m a p s \ m e n u _ t h u m b _ p l _ t h u n d e r m o u n t a i n . v m t - - a - - - -   1 5 3   b y t e s [ 0 7 : 1 0   1 1 / 1 1 / 2 0 1 2 ] [ 0 7 : 1 0   1 1 / 1 1 / 2 0 1 2 ]   E 8 5 D E 9 5 0 2 C 5 0 3 5 8 0 C 3 3 D 1 7 7 0 6 7 B 2 E B E E 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a t e r i a l s \ v g u i \ m a p s \ m e n u _ t h u m b _ p l _ t h u n d e r m o u n t a i n . v t f - - a - - - -   1 1 1 6 8   b y t e s [ 0 9 : 3 8   1 2 / 1 1 / 2 0 1 2 ] [ 0 9 : 3 8   1 2 / 1 1 / 2 0 1 2 ]   6 2 8 7 8 D 1 D A C 9 B 2 4 0 7 1 F 0 F B 2 F D 1 2 0 8 A C 4 B 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a t e r i a l s \ v g u i \ t r a i n i n g \ s c r e e n s h o t s \ p l _ t h u n d e r m o u n t a i n . v m t - - a - - - -   1 5 6   b y t e s [ 0 9 : 5 3   1 2 / 1 1 / 2 0 1 2 ] [ 0 9 : 5 3   1 2 / 1 1 / 2 0 1 2 ]   B 9 4 C 9 F 4 A 8 E 3 3 3 9 2 4 D 6 1 E 2 F 1 8 B 5 9 5 D 8 1 9 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a t e r i a l s \ v g u i \ t r a i n i n g \ s c r e e n s h o t s \ p l _ t h u n d e r m o u n t a i n . v t f - - a - - - -   1 3 9 8 3 6 0   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 9 : 5 3   1 2 / 1 1 / 2 0 1 2 ]   B 2 9 7 3 D 5 B F F 6 A 9 B 6 A 2 3 4 A B 7 7 B E 1 F D 5 3 A 0 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m o d e l s \ t h u n d e r m o u n t a i n _ f x \ t h u n d e r m o u n t a i n _ b i g b o o m 1 . d x 9 0 . v t x - - a - - - -   6 5 8 6   b y t e s [ 0 4 : 5 1   1 3 / 1 1 / 2 0 1 2 ] [ 0 4 : 5 1   1 3 / 1 1 / 2 0 1 2 ]   4 3 D C 4 6 6 6 5 E 7 4 7 E 7 6 4 A C 8 9 3 C 4 3 E 7 0 4 D 0 8 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m o d e l s \ t h u n d e r m o u n t a i n _ f x \ t h u n d e r m o u n t a i n _ b i g b o o m 1 . m d l - - a - - - -   8 9 1 6   b y t e s [ 0 7 : 2 7   1 3 / 1 1 / 2 0 1 2 ] [ 0 7 : 2 7   1 3 / 1 1 / 2 0 1 2 ]   4 9 0 4 6 5 7 6 1 7 5 6 6 0 3 A 8 3 A 0 1 9 E 6 A A D 9 C 4 D 5 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m o d e l s \ t h u n d e r m o u n t a i n _ f x \ t h u n d e r m o u n t a i n _ b i g b o o m 1 . v v d - - a - - - -   2 5 7 2 8   b y t e s [ 0 7 : 5 6   1 2 / 1 1 / 2 0 1 2 ] [ 0 7 : 5 6   1 2 / 1 1 / 2 0 1 2 ]   7 6 9 4 3 4 4 0 5 C 9 0 F A 4 E 3 8 E F 6 5 4 0 C E B C C 7 4 D 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m o d e l s \ t h u n d e r m o u n t a i n _ f x \ t h u n d e r m o u n t a i n _ w o o d d e b r i s . d x 9 0 . v t x - - a - - - -   3 8 1 2 3   b y t e s [ 0 7 : 5 6   1 2 / 1 1 / 2 0 1 2 ] [ 0 7 : 5 6   1 2 / 1 1 / 2 0 1 2 ]   5 6 6 7 9 C 6 3 3 6 F 0 5 1 3 F D 7 1 B 9 C 5 C F E 5 D A D 5 1 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m o d e l s \ t h u n d e r m o u n t a i n _ f x \ t h u n d e r m o u n t a i n _ w o o d d e b r i s . m d l - - a - - - -   1 4 5 7 6 8   b y t e s [ 0 6 : 3 4   1 4 / 1 1 / 2 0 1 2 ] [ 0 6 : 3 4   1 4 / 1 1 / 2 0 1 2 ]   9 F 1 8 B A B 1 2 0 D E A 8 3 6 1 0 C 0 5 F E 1 6 8 E 2 2 A 0 C 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m o d e l s \ t h u n d e r m o u n t a i n _ f x \ t h u n d e r m o u n t a i n _ w o o d d e b r i s . v v d - - a - - - -   1 9 0 5 2 8   b y t e s [ 0 7 : 2 7   1 3 / 1 1 / 2 0 1 2 ] [ 0 7 : 2 7   1 3 / 1 1 / 2 0 1 2 ]   E 6 F 4 A 3 5 C 3 B 7 C 9 1 8 6 3 5 5 8 2 3 5 F E E 4 9 4 8 D 8 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ s c r i p t s \ s o u n d s c a p e s _ t h u n d e r m o u n t a i n . t x t - - a - - - -   2 1 3 5   b y t e s [ 0 7 : 2 2   1 3 / 1 1 / 2 0 1 2 ] [ 0 7 : 2 2   1 3 / 1 1 / 2 0 1 2 ]   D 2 0 4 E F 1 1 F 3 7 1 7 6 5 F C E 5 A 1 1 D 1 F 3 D C D 3 1 A 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ s o u n d \ a m b i e n t \ m e d i e v a l _ t h u n d e r 2 . w a v - - a - - - -   8 6 2 3 6 8   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 4 : 5 1   1 3 / 1 1 / 2 0 1 2 ]   E E 1 A 6 4 3 D 0 1 D E 3 0 E B B 4 C 6 C C 9 8 8 7 D 6 7 8 1 3 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ s o u n d \ a m b i e n t \ m e d i e v a l _ t h u n d e r 3 . w a v - - a - - - -   7 0 2 6 2 4   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 8 : 2 4   1 1 / 1 1 / 2 0 1 2 ]   1 9 A E 0 1 1 E 0 3 2 2 C C 8 6 9 3 C 6 6 6 B 0 2 3 3 0 4 F D 6 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ s o u n d \ a m b i e n t \ m e d i e v a l _ t h u n d e r 4 . w a v - - a - - - -   9 6 0 6 7 2   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 7 : 3 5   1 3 / 1 1 / 2 0 1 2 ]   5 C E 9 B 9 5 0 3 B 3 9 0 E 7 F 1 1 3 D 9 2 3 1 6 C C 8 D 5 2 8 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ s o u n d \ a m b i e n t \ t h u n d e r 2 . w a v - - a - - - -   8 6 2 3 6 8   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 8 : 0 5   1 2 / 1 1 / 2 0 1 2 ]   6 3 5 B 4 D 4 9 0 4 D 4 5 7 0 E 0 2 B E E B 4 6 A A D 8 8 A F F 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ s o u n d \ a m b i e n t \ t h u n d e r 3 . w a v - - a - - - -   7 0 2 6 2 4   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 8 : 0 5   1 2 / 1 1 / 2 0 1 2 ]   D 0 8 0 8 5 E C 9 2 1 7 6 2 D D F E A 1 9 A 9 9 6 D 6 9 D 2 D 3 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ s o u n d \ a m b i e n t \ t h u n d e r 4 . w a v - - a - - - -   9 6 0 6 7 2   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 8 : 2 9   1 1 / 1 1 / 2 0 1 2 ]   2 B 0 E 6 6 4 9 A 4 A D 9 A E A 1 F 1 6 2 C 2 4 1 4 6 9 7 B 2 A 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ s o u n d \ a m b i e n t \ h a l l o w e e n \ t h u n d e r _ 0 1 . w a v - - a - - - -   1 4 6 2 6 2 6   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 8 : 0 1   1 2 / 1 1 / 2 0 1 2 ]   E 5 2 1 7 C 7 B A 8 A A 8 4 7 C 6 1 8 8 B 8 C 0 7 D D E 6 F 7 B 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ s o u n d \ a m b i e n t \ h a l l o w e e n \ t h u n d e r _ 0 2 . w a v - - a - - - -   1 4 7 7 1 5 4   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 7 : 3 0   1 3 / 1 1 / 2 0 1 2 ]   7 8 7 A 6 6 0 7 2 E B E 5 8 1 5 A 1 4 B 4 B 3 C 1 3 D 1 B 6 6 3 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ s o u n d \ a m b i e n t \ h a l l o w e e n \ t h u n d e r _ 0 3 . w a v - - a - - - -   1 7 7 0 4 9 0   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 7 : 3 1   1 3 / 1 1 / 2 0 1 2 ]   A 9 2 D A 8 B 2 E D 6 A 5 8 4 6 9 B 6 6 5 6 B 0 C 8 C 5 6 D B 3 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ s o u n d \ a m b i e n t \ h a l l o w e e n \ t h u n d e r _ 0 4 . w a v - - a - - - -   1 3 0 6 3 2 0   b y t e s [ 0 5 : 3 1   0 2 / 0 4 / 2 0 1 3 ] [ 0 6 : 1 5   0 2 / 0 4 / 2 0 1 3 ]   0 0 7 7 1 E 8 B 0 D 8 5 5 B D 0 0 F 6 0 6 A D B 3 C 1 1 3 9 8 3 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ s o u n d \ a m b i e n t \ h a l l o w e e n \ t h u n d e r _ 0 5 . w a v - - a - - - -   1 4 9 8 4 1 2   b y t e s [ 0 5 : 3 1   0 2 / 0 4 / 2 0 1 3 ] [ 0 6 : 1 5   0 2 / 0 4 / 2 0 1 3 ]   A 0 1 8 7 E A 6 8 9 4 5 8 8 2 0 F 7 6 F 5 F 3 0 9 C 9 F 2 3 9 4 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ s o u n d \ a m b i e n t \ h a l l o w e e n \ t h u n d e r _ 0 6 . w a v - - a - - - -   1 3 6 7 8 5 0   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 8 : 0 2   1 2 / 1 1 / 2 0 1 2 ]   3 8 7 2 0 1 D 3 6 B D 9 F 0 6 D 0 4 7 9 2 C 9 1 F 3 6 1 5 3 4 C 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ s o u n d \ a m b i e n t \ h a l l o w e e n \ t h u n d e r _ 0 7 . w a v - - a - - - -   1 6 8 4 6 8 8   b y t e s [ 0 5 : 3 1   0 2 / 0 4 / 2 0 1 3 ] [ 0 6 : 1 3   0 2 / 0 4 / 2 0 1 3 ]   5 A 3 1 9 E D F B 6 3 6 1 C D 7 B F 6 9 4 A 9 5 D 5 5 3 5 3 9 0 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ s o u n d \ a m b i e n t \ h a l l o w e e n \ t h u n d e r _ 0 8 . w a v - - a - - - -   1 3 6 1 8 0 2   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 8 : 0 2   1 3 / 1 1 / 2 0 1 2 ]   5 B 1 1 1 A F C 3 A 8 A 6 3 5 8 9 0 8 E 8 0 0 C 9 8 E 7 4 1 1 E 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ s o u n d \ a m b i e n t \ h a l l o w e e n \ t h u n d e r _ 0 9 . w a v - - a - - - -   1 5 8 4 9 3 0   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 7 : 2 9   1 3 / 1 1 / 2 0 1 2 ]   F 8 0 A F 8 A 7 8 1 8 0 F 1 7 6 0 F F C C 1 C 9 C 5 6 5 2 E 7 1 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ s o u n d \ a m b i e n t \ h a l l o w e e n \ t h u n d e r _ 1 0 . w a v - - a - - - -   1 5 8 1 8 2 2   b y t e s [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] [ 0 7 : 1 8   1 3 / 1 1 / 2 0 1 2 ]   0 3 C F 0 A 2 7 0 A 7 0 C 8 4 D 8 3 6 C 5 8 F 8 F E B 5 3 9 C 3 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ j w 9 5 0 9 7 \ t e a m   f o r t r e s s   2 \ t f \ m a p s \ s o u n d c a c h e \ p l _ t h u n d e r m o u n t a i n . c a c h e - - a - - - -   3 9 7 8 7 9 0   b y t e s [ 0 6 : 5 3   1 2 / 0 9 / 2 0 1 1 ] [ 0 6 : 5 3   1 2 / 0 9 / 2 0 1 1 ]   9 6 4 5 8 D B D 1 D 1 B 8 8 A 2 5 2 C 3 1 F C 4 2 E 5 0 6 5 2 3 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ m y t h i l a s \ t e a m   f o r t r e s s   2 \ t f \ D o w n l o a d L i s t s \ p l _ t h u n d e r m o u n t a i n . l s t - - a - - - -   6 2   b y t e s [ 0 6 : 1 4   3 0 / 1 0 / 2 0 1 1 ] [ 1 0 : 0 7   1 6 / 0 8 / 2 0 1 2 ]   F 8 7 2 2 4 C 8 C 2 B 0 E 9 6 3 A 6 4 3 C A D E 9 B 9 7 E B 5 6 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ m y t h i l a s \ t e a m   f o r t r e s s   2 \ t f \ m a p s \ a r e n a _ h y d r o t h u n d e r _ b 4 . b s p - - a - - - -   8 8 8 7 9 3 2   b y t e s [ 1 0 : 1 4   2 2 / 1 0 / 2 0 1 1 ] [ 1 0 : 1 4   2 2 / 1 0 / 2 0 1 1 ]   A C 7 3 7 6 1 A B 3 2 7 A E 1 F 6 7 B 3 D 2 3 C 5 0 B B 1 2 3 8 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ m y t h i l a s \ t e a m   f o r t r e s s   2 \ t f \ m a p s \ g r a p h s \ p l _ t h u n d e r m o u n t a i n . a i n - - a - - - -   1 6   b y t e s [ 0 6 : 1 5   3 0 / 1 0 / 2 0 1 1 ] [ 1 0 : 0 7   1 6 / 0 8 / 2 0 1 2 ]   4 E 7 3 E C F 6 1 D 9 7 B 0 A E 2 3 A 4 0 A 3 D 6 5 6 F 1 A 2 6 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ m y t h i l a s \ t e a m   f o r t r e s s   2 \ t f \ m a p s \ s o u n d c a c h e \ a r e n a _ h y d r o t h u n d e r _ b 4 . c a c h e - - a - - - -   3 3 8 7 6 7 6   b y t e s [ 1 0 : 3 3   2 2 / 1 0 / 2 0 1 1 ] [ 2 2 : 2 4   2 6 / 1 2 / 2 0 1 1 ]   3 B C 7 0 0 8 3 F 7 2 B B 5 E 8 7 F A C 1 7 5 F F B C B 6 5 7 E 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ m y t h i l a s \ t e a m   f o r t r e s s   2 \ t f \ m a p s \ s o u n d c a c h e \ p l _ t h u n d e r m o u n t a i n . c a c h e - - a - - - -   8 8 9 1 6 4 6   b y t e s [ 0 3 : 2 9   0 3 / 0 9 / 2 0 1 1 ] [ 1 0 : 0 8   1 6 / 0 8 / 2 0 1 2 ]   7 8 C 0 5 C A E C E A 5 A 5 6 2 9 C 0 8 9 C 4 C 2 2 6 A C E 7 C 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ m y t h i l a s \ t e a m   f o r t r e s s   2 \ t f \ s o u n d \ v s h \ n o c t _ r a g e 1 _ t h u n d e r . m p 3 - - a - - - -   6 2 1 7 4   b y t e s [ 1 0 : 2 1   0 1 / 0 5 / 2 0 1 2 ] [ 1 0 : 2 1   0 1 / 0 5 / 2 0 1 2 ]   E C 4 F 1 D A 8 7 C A 1 D B 1 5 D 0 5 0 3 C 4 3 8 A 9 9 C 8 C E 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ m y t h i l a s \ t e a m   f o r t r e s s   2 \ t f \ s o u n d \ v s h \ n o c t _ r a g e 2 _ t h u n d e r . m p 3 - - a - - - -   6 5 5 1 8   b y t e s [ 1 0 : 2 1   0 1 / 0 5 / 2 0 1 2 ] [ 1 0 : 2 1   0 1 / 0 5 / 2 0 1 2 ]   B 0 0 5 7 4 9 B 4 A 1 3 9 0 8 7 2 9 3 C 3 6 D 9 E 3 5 4 3 A B 3 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ m y t h i l a s \ t e a m   f o r t r e s s   2 \ t f \ s o u n d \ v s h \ n o c t _ r a g e 3 _ t h u n d e r . m p 3 - - a - - - -   6 5 5 1 8   b y t e s [ 1 0 : 2 1   0 1 / 0 5 / 2 0 1 2 ] [ 1 0 : 2 1   0 1 / 0 5 / 2 0 1 2 ]   9 2 F B C F 7 3 B F 0 9 3 2 7 9 3 C C 9 7 5 1 D 2 F E 5 8 9 9 D 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ m y t h i l a s \ t e a m   f o r t r e s s   2 \ t f \ s o u n d \ v s h \ n o c t _ r a g e g _ t h u n d e r . m p 3 - - a - - - -   2 1 2 6 3 9   b y t e s [ 1 0 : 2 1   0 1 / 0 5 / 2 0 1 2 ] [ 1 0 : 2 1   0 1 / 0 5 / 2 0 1 2 ]   A 5 8 D 4 F 9 B 9 9 6 1 E A 5 9 8 A F D F 9 7 E 5 6 E 7 7 C E 2 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ W i n d o w s   S i d e b a r \ G a d g e t s \ W e a t h e r . G a d g e t \ i m a g e s \ d o c k e d _ b l a c k _ t h u n d e r s t o r m . p n g - - a - - - -   1 2 2 3 9   b y t e s [ 2 1 : 5 6   1 3 / 0 7 / 2 0 0 9 ] [ 2 1 : 3 8   1 0 / 0 6 / 2 0 0 9 ]   A 7 9 1 F 9 3 A 5 B F 6 2 5 6 4 C 2 1 2 1 D E 0 C D F E 1 7 9 0 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ W i n d o w s   S i d e b a r \ G a d g e t s \ W e a t h e r . G a d g e t \ i m a g e s \ d o c k e d _ g r a y _ t h u n d e r s t o r m . p n g - - a - - - -   1 2 7 5 7   b y t e s [ 2 1 : 5 6   1 3 / 0 7 / 2 0 0 9 ] [ 2 1 : 3 8   1 0 / 0 6 / 2 0 0 9 ]   D 8 2 D C 2 3 A 9 4 A E 9 3 1 B D C F 3 7 8 1 3 C F C 1 F 4 F 9 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ W i n d o w s   S i d e b a r \ G a d g e t s \ W e a t h e r . G a d g e t \ i m a g e s \ u n d o c k e d _ b l a c k _ t h u n d e r s t o r m . p n g - - a - - - -   3 1 2 9 6   b y t e s [ 2 1 : 5 6   1 3 / 0 7 / 2 0 0 9 ] [ 2 1 : 3 8   1 0 / 0 6 / 2 0 0 9 ]   1 7 8 F A 4 F E B C 9 4 8 D C B F 3 8 0 3 D 3 0 8 D 9 A F 9 4 E 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ W i n d o w s   S i d e b a r \ G a d g e t s \ W e a t h e r . G a d g e t \ i m a g e s \ u n d o c k e d _ g r a y _ t h u n d e r s t o r m . p n g - - a - - - -   3 7 5 8 4   b y t e s [ 2 1 : 5 6   1 3 / 0 7 / 2 0 0 9 ] [ 2 1 : 3 8   1 0 / 0 6 / 2 0 0 9 ]   1 8 4 4 6 8 F 3 F 7 9 B B 1 2 2 1 5 C 5 5 4 0 B F A 7 0 6 3 C 8 
 
 C : \ P r o g r a m D a t a \ T S L O G \ T S L O G _ T h u n d e r . l o g - - a - - - -   2 7 6 6   b y t e s [ 1 4 : 2 4   1 0 / 0 4 / 2 0 1 1 ] [ 1 4 : 2 4   1 0 / 0 4 / 2 0 1 1 ]   F 9 1 A 1 3 3 A 9 3 C 3 B 4 7 0 B 3 F 2 6 7 4 B A 5 1 5 8 1 8 6 
 
 C : \ U s e r s \ A l l   U s e r s \ T S L O G \ T S L O G _ T h u n d e r . l o g - - a - - - -   2 7 6 6   b y t e s [ 1 4 : 2 4   1 0 / 0 4 / 2 0 1 1 ] [ 1 4 : 2 4   1 0 / 0 4 / 2 0 1 1 ]   F 9 1 A 1 3 3 A 9 3 C 3 B 4 7 0 B 3 F 2 6 7 4 B A 5 1 5 8 1 8 6 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . m i n e c r a f t \ r e s o u r c e s \ n e w s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r 1 . o g g - - a - - - -   2 4 4 6 8   b y t e s [ 0 2 : 1 4   3 0 / 0 1 / 2 0 1 2 ] [ 0 2 : 1 4   3 0 / 0 1 / 2 0 1 2 ]   E 3 F 6 5 3 A 8 6 E 4 E 7 0 C A B A 0 F 9 1 C 3 4 A 3 B 3 F 9 6 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . m i n e c r a f t \ r e s o u r c e s \ n e w s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r 2 . o g g - - a - - - -   2 5 5 7 1   b y t e s [ 0 2 : 1 4   3 0 / 0 1 / 2 0 1 2 ] [ 0 2 : 1 4   3 0 / 0 1 / 2 0 1 2 ]   D 4 1 F A 1 C 9 3 B C E 3 0 5 D E 4 D 6 0 E A 9 A 7 A B 3 E C 4 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . m i n e c r a f t \ r e s o u r c e s \ n e w s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r 3 . o g g - - a - - - -   2 7 6 5 3   b y t e s [ 0 2 : 1 4   3 0 / 0 1 / 2 0 1 2 ] [ 0 2 : 1 4   3 0 / 0 1 / 2 0 1 2 ]   3 3 C 6 0 C 5 B 6 1 0 0 D 9 7 6 0 F 6 A C 5 4 6 3 3 A D C 8 8 C 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . m i n e c r a f t \ r e s o u r c e s \ s o u n d 3 \ a m b i e n t \ w e a t h e r \ t h u n d e r 1 . o g g - - a - - - -   2 4 4 6 8   b y t e s [ 0 9 : 4 1   1 5 / 1 0 / 2 0 1 2 ] [ 0 9 : 4 1   1 5 / 1 0 / 2 0 1 2 ]   E 3 F 6 5 3 A 8 6 E 4 E 7 0 C A B A 0 F 9 1 C 3 4 A 3 B 3 F 9 6 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . m i n e c r a f t \ r e s o u r c e s \ s o u n d 3 \ a m b i e n t \ w e a t h e r \ t h u n d e r 2 . o g g - - a - - - -   2 5 5 7 1   b y t e s [ 0 9 : 4 1   1 5 / 1 0 / 2 0 1 2 ] [ 0 9 : 4 1   1 5 / 1 0 / 2 0 1 2 ]   D 4 1 F A 1 C 9 3 B C E 3 0 5 D E 4 D 6 0 E A 9 A 7 A B 3 E C 4 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . m i n e c r a f t \ r e s o u r c e s \ s o u n d 3 \ a m b i e n t \ w e a t h e r \ t h u n d e r 3 . o g g - - a - - - -   2 7 6 5 3   b y t e s [ 0 9 : 4 1   1 5 / 1 0 / 2 0 1 2 ] [ 0 9 : 4 1   1 5 / 1 0 / 2 0 1 2 ]   3 3 C 6 0 C 5 B 6 1 0 0 D 9 7 6 0 F 6 A C 5 4 6 3 3 A D C 8 8 C 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ h a c k s l a s h m i n e \ r e s o u r c e s \ n e w s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r 1 . o g g - - a - - - -   2 4 4 6 8   b y t e s [ 2 3 : 2 5   0 9 / 0 6 / 2 0 1 2 ] [ 2 3 : 2 5   0 9 / 0 6 / 2 0 1 2 ]   E 3 F 6 5 3 A 8 6 E 4 E 7 0 C A B A 0 F 9 1 C 3 4 A 3 B 3 F 9 6 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ h a c k s l a s h m i n e \ r e s o u r c e s \ n e w s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r 2 . o g g - - a - - - -   2 5 5 7 1   b y t e s [ 2 3 : 2 5   0 9 / 0 6 / 2 0 1 2 ] [ 2 3 : 2 5   0 9 / 0 6 / 2 0 1 2 ]   D 4 1 F A 1 C 9 3 B C E 3 0 5 D E 4 D 6 0 E A 9 A 7 A B 3 E C 4 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ h a c k s l a s h m i n e \ r e s o u r c e s \ n e w s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r 3 . o g g - - a - - - -   2 7 6 5 3   b y t e s [ 2 3 : 2 5   0 9 / 0 6 / 2 0 1 2 ] [ 2 3 : 2 5   0 9 / 0 6 / 2 0 1 2 ]   3 3 C 6 0 C 5 B 6 1 0 0 D 9 7 6 0 F 6 A C 5 4 6 3 3 A D C 8 8 C 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ t e c h n i c s s p \ r e s o u r c e s \ n e w s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r 1 . o g g - - a - - - -   2 4 4 6 8   b y t e s [ 0 5 : 1 4   0 5 / 0 5 / 2 0 1 2 ] [ 0 5 : 1 4   0 5 / 0 5 / 2 0 1 2 ]   E 3 F 6 5 3 A 8 6 E 4 E 7 0 C A B A 0 F 9 1 C 3 4 A 3 B 3 F 9 6 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ t e c h n i c s s p \ r e s o u r c e s \ n e w s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r 2 . o g g - - a - - - -   2 5 5 7 1   b y t e s [ 0 5 : 1 4   0 5 / 0 5 / 2 0 1 2 ] [ 0 5 : 1 4   0 5 / 0 5 / 2 0 1 2 ]   D 4 1 F A 1 C 9 3 B C E 3 0 5 D E 4 D 6 0 E A 9 A 7 A B 3 E C 4 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ t e c h n i c s s p \ r e s o u r c e s \ n e w s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r 3 . o g g - - a - - - -   2 7 6 5 3   b y t e s [ 0 5 : 1 4   0 5 / 0 5 / 2 0 1 2 ] [ 0 5 : 1 4   0 5 / 0 5 / 2 0 1 2 ]   3 3 C 6 0 C 5 B 6 1 0 0 D 9 7 6 0 F 6 A C 5 4 6 3 3 A D C 8 8 C 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ t e c h n i c s s p \ r e s o u r c e s \ n e w s o u n d \ m a t m o s _ h l \ w e a t h e r \ t h u n d e r 1 . o g g - - a - - - -   3 3 7 0 6   b y t e s [ 0 5 : 1 1   0 5 / 0 5 / 2 0 1 2 ] [ 0 5 : 1 1   0 5 / 0 5 / 2 0 1 2 ]   9 C 7 1 E C E 8 1 1 7 D A F F 0 E 0 C 9 0 2 B 0 8 D 3 6 F 1 3 A 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ t e c h n i c s s p \ r e s o u r c e s \ n e w s o u n d \ m a t m o s _ h l \ w e a t h e r \ t h u n d e r 2 . o g g - - a - - - -   3 8 8 8 2   b y t e s [ 0 5 : 1 1   0 5 / 0 5 / 2 0 1 2 ] [ 0 5 : 1 1   0 5 / 0 5 / 2 0 1 2 ]   C 8 2 6 5 4 1 D 6 E E 2 5 9 0 3 9 4 8 F F 0 2 9 7 D B 5 6 A E 6 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ t e c h n i c s s p \ r e s o u r c e s \ n e w s o u n d \ m a t m o s _ h l \ w e a t h e r \ t h u n d e r 3 . o g g - - a - - - -   6 0 6 6 0   b y t e s [ 0 5 : 1 1   0 5 / 0 5 / 2 0 1 2 ] [ 0 5 : 1 1   0 5 / 0 5 / 2 0 1 2 ]   F D 2 5 3 D 1 2 8 8 5 9 8 0 6 B E 2 B B 3 C 8 4 7 2 7 7 7 1 C 0 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ t e c h n i c s s p \ r e s o u r c e s \ n e w s o u n d \ m a t m o s _ h l \ w e a t h e r \ t h u n d e r 4 . o g g - - a - - - -   6 0 0 5 7   b y t e s [ 0 5 : 1 1   0 5 / 0 5 / 2 0 1 2 ] [ 0 5 : 1 1   0 5 / 0 5 / 2 0 1 2 ]   3 D C 6 7 1 C 3 0 6 C 5 C 4 C C 5 6 B 4 1 3 3 7 7 1 2 5 7 E B 0 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ t e k k i t \ r e s o u r c e s \ n e w s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r 1 . o g g - - a - - - -   2 4 4 6 8   b y t e s [ 0 0 : 4 8   0 5 / 0 8 / 2 0 1 2 ] [ 0 0 : 4 8   0 5 / 0 8 / 2 0 1 2 ]   E 3 F 6 5 3 A 8 6 E 4 E 7 0 C A B A 0 F 9 1 C 3 4 A 3 B 3 F 9 6 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ t e k k i t \ r e s o u r c e s \ n e w s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r 2 . o g g - - a - - - -   2 5 5 7 1   b y t e s [ 0 0 : 4 8   0 5 / 0 8 / 2 0 1 2 ] [ 0 0 : 4 8   0 5 / 0 8 / 2 0 1 2 ]   D 4 1 F A 1 C 9 3 B C E 3 0 5 D E 4 D 6 0 E A 9 A 7 A B 3 E C 4 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ t e k k i t \ r e s o u r c e s \ n e w s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r 3 . o g g - - a - - - -   2 7 6 5 3   b y t e s [ 0 0 : 4 8   0 5 / 0 8 / 2 0 1 2 ] [ 0 0 : 4 8   0 5 / 0 8 / 2 0 1 2 ]   3 3 C 6 0 C 5 B 6 1 0 0 D 9 7 6 0 F 6 A C 5 4 6 3 3 A D C 8 8 C 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ t e k k i t \ r e s o u r c e s \ n e w s o u n d \ m a t m o s _ h l \ w e a t h e r \ t h u n d e r 1 . o g g - - a - - - -   3 3 7 0 6   b y t e s [ 0 0 : 2 5   0 5 / 0 8 / 2 0 1 2 ] [ 0 0 : 2 5   0 5 / 0 8 / 2 0 1 2 ]   9 C 7 1 E C E 8 1 1 7 D A F F 0 E 0 C 9 0 2 B 0 8 D 3 6 F 1 3 A 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ t e k k i t \ r e s o u r c e s \ n e w s o u n d \ m a t m o s _ h l \ w e a t h e r \ t h u n d e r 2 . o g g - - a - - - -   3 8 8 8 2   b y t e s [ 0 0 : 2 5   0 5 / 0 8 / 2 0 1 2 ] [ 0 0 : 2 5   0 5 / 0 8 / 2 0 1 2 ]   C 8 2 6 5 4 1 D 6 E E 2 5 9 0 3 9 4 8 F F 0 2 9 7 D B 5 6 A E 6 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ t e k k i t \ r e s o u r c e s \ n e w s o u n d \ m a t m o s _ h l \ w e a t h e r \ t h u n d e r 3 . o g g - - a - - - -   6 0 6 6 0   b y t e s [ 0 0 : 2 5   0 5 / 0 8 / 2 0 1 2 ] [ 0 0 : 2 5   0 5 / 0 8 / 2 0 1 2 ]   F D 2 5 3 D 1 2 8 8 5 9 8 0 6 B E 2 B B 3 C 8 4 7 2 7 7 7 1 C 0 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ t e k k i t \ r e s o u r c e s \ n e w s o u n d \ m a t m o s _ h l \ w e a t h e r \ t h u n d e r 4 . o g g - - a - - - -   6 0 0 5 7   b y t e s [ 0 0 : 2 5   0 5 / 0 8 / 2 0 1 2 ] [ 0 0 : 2 5   0 5 / 0 8 / 2 0 1 2 ]   3 D C 6 7 1 C 3 0 6 C 5 C 4 C C 5 6 B 4 1 3 3 7 7 1 2 5 7 E B 0 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ y o g b o x \ r e s o u r c e s \ n e w s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r 1 . o g g - - a - - - -   2 4 4 6 8   b y t e s [ 0 6 : 5 4   1 1 / 0 6 / 2 0 1 2 ] [ 0 6 : 5 4   1 1 / 0 6 / 2 0 1 2 ]   E 3 F 6 5 3 A 8 6 E 4 E 7 0 C A B A 0 F 9 1 C 3 4 A 3 B 3 F 9 6 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ y o g b o x \ r e s o u r c e s \ n e w s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r 2 . o g g - - a - - - -   2 5 5 7 1   b y t e s [ 0 6 : 5 4   1 1 / 0 6 / 2 0 1 2 ] [ 0 6 : 5 4   1 1 / 0 6 / 2 0 1 2 ]   D 4 1 F A 1 C 9 3 B C E 3 0 5 D E 4 D 6 0 E A 9 A 7 A B 3 E C 4 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ y o g b o x \ r e s o u r c e s \ n e w s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r 3 . o g g - - a - - - -   2 7 6 5 3   b y t e s [ 0 6 : 5 4   1 1 / 0 6 / 2 0 1 2 ] [ 0 6 : 5 4   1 1 / 0 6 / 2 0 1 2 ]   3 3 C 6 0 C 5 B 6 1 0 0 D 9 7 6 0 F 6 A C 5 4 6 3 3 A D C 8 8 C 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ y o g b o x \ r e s o u r c e s \ s o u n d 3 \ a m b i e n t \ w e a t h e r \ t h u n d e r 1 . o g g - - a - - - -   2 4 4 6 8   b y t e s [ 0 9 : 0 7   1 4 / 1 2 / 2 0 1 2 ] [ 0 9 : 0 7   1 4 / 1 2 / 2 0 1 2 ]   E 3 F 6 5 3 A 8 6 E 4 E 7 0 C A B A 0 F 9 1 C 3 4 A 3 B 3 F 9 6 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ y o g b o x \ r e s o u r c e s \ s o u n d 3 \ a m b i e n t \ w e a t h e r \ t h u n d e r 2 . o g g - - a - - - -   2 5 5 7 1   b y t e s [ 0 9 : 0 7   1 4 / 1 2 / 2 0 1 2 ] [ 0 9 : 0 7   1 4 / 1 2 / 2 0 1 2 ]   D 4 1 F A 1 C 9 3 B C E 3 0 5 D E 4 D 6 0 E A 9 A 7 A B 3 E C 4 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ . t e c h n i c l a u n c h e r \ y o g b o x \ r e s o u r c e s \ s o u n d 3 \ a m b i e n t \ w e a t h e r \ t h u n d e r 3 . o g g - - a - - - -   2 7 6 5 3   b y t e s [ 0 9 : 0 7   1 4 / 1 2 / 2 0 1 2 ] [ 0 9 : 0 7   1 4 / 1 2 / 2 0 1 2 ]   3 3 C 6 0 C 5 B 6 1 0 0 D 9 7 6 0 F 6 A C 5 4 6 3 3 A D C 8 8 C 
 
 C : \ U s e r s \ E m m a \ D o w n l o a d s \ G a m e s \ O t h e r   s t u f f \ W a r c r a f t \ W a r c r a f t   I I I \ M a p s \ F r o z e n T h r o n e \ ( 6 ) T h u n d e r L a k e . w 3 x - - a - - - -   2 8 0 1 1 5   b y t e s [ 0 8 : 3 1   1 8 / 0 2 / 2 0 1 1 ] [ 0 0 : 0 2   0 6 / 0 8 / 2 0 0 8 ]   D 5 E 3 E 9 0 0 4 7 E E 0 1 C B 2 8 D D D C 0 3 6 C E 7 E 2 8 8 
 
 C : \ U s e r s \ E m m a \ U p d a t e d   F i l e s \ H a l f - L i f e   2   E p i s o d e   O n e \ e p i s o d i c \ s o u n d \ a m b i e n t \ o u t r o \ T h u n d e r 0 1 . w a v - - a - - - -   3 8 8 7 3 4   b y t e s [ 0 9 : 5 6   1 8 / 0 5 / 2 0 1 1 ] [ 1 2 : 3 8   0 1 / 0 6 / 2 0 0 6 ]   5 A B A A 5 2 E 4 E A 1 2 3 4 F 5 D 5 6 A 4 F 2 D 7 F 0 7 7 1 B 
 
 C : \ U s e r s \ E m m a \ U p d a t e d   F i l e s \ H a l f - L i f e   2   E p i s o d e   O n e \ e p i s o d i c \ s o u n d \ a m b i e n t \ o u t r o \ T h u n d e r 0 2 . w a v - - a - - - -   5 2 1 9 4 6   b y t e s [ 0 9 : 5 6   1 8 / 0 5 / 2 0 1 1 ] [ 1 2 : 3 8   0 1 / 0 6 / 2 0 0 6 ]   B 5 9 4 1 3 4 B D D 6 C 1 7 6 C D A A C 9 E 6 0 C E 9 E 3 F 3 C 
 
 C : \ U s e r s \ E m m a \ U p d a t e d   F i l e s \ H a l f - L i f e   2   E p i s o d e   O n e \ e p i s o d i c \ s o u n d \ a m b i e n t \ o u t r o \ T h u n d e r 0 3 . w a v - - a - - - -   9 2 5 4 8 2   b y t e s [ 0 9 : 5 6   1 8 / 0 5 / 2 0 1 1 ] [ 1 2 : 3 8   0 1 / 0 6 / 2 0 0 6 ]   9 2 A 3 B D 9 7 C 9 E 0 4 8 4 5 3 8 E 6 A 1 4 3 6 6 E F 9 8 E 1 
 
 C : \ U s e r s \ E m m a \ U p d a t e d   F i l e s \ H a l f - L i f e   2   E p i s o d e   O n e \ e p i s o d i c \ s o u n d \ a m b i e n t \ o u t r o \ T h u n d e r 0 4 . w a v - - a - - - -   5 3 6 6 2 6   b y t e s [ 0 9 : 5 6   1 8 / 0 5 / 2 0 1 1 ] [ 1 2 : 3 8   0 1 / 0 6 / 2 0 0 6 ]   8 7 B 4 9 4 0 1 F 1 E E 9 9 F 0 C B 5 B B D F F 6 8 8 7 2 7 0 3 
 
 C : \ U s e r s \ E m m a \ U p d a t e d   F i l e s \ H a l f - L i f e   2   E p i s o d e   O n e \ e p i s o d i c \ s o u n d \ a m b i e n t \ o u t r o \ T h u n d e r 0 5 . w a v - - a - - - -   5 6 5 1 3 4   b y t e s [ 0 9 : 5 6   1 8 / 0 5 / 2 0 1 1 ] [ 1 2 : 3 8   0 1 / 0 6 / 2 0 0 6 ]   A 9 4 E 9 3 3 3 5 D 1 C 4 3 8 7 D 6 4 A 2 1 E 1 3 9 7 E A 5 7 B 
 
 C : \ U s e r s \ E m m a \ U p d a t e d   F i l e s \ H a l f - L i f e   2   E p i s o d e   O n e \ e p i s o d i c \ s o u n d \ a m b i e n t \ o u t r o \ T h u n d e r 0 6 . w a v - - a - - - -   5 7 8 4 2 6   b y t e s [ 0 9 : 5 6   1 8 / 0 5 / 2 0 1 1 ] [ 1 2 : 3 8   0 1 / 0 6 / 2 0 0 6 ]   6 F 3 5 1 8 F 2 2 8 0 2 D E 2 E B A 7 E 1 E 7 4 2 1 F 8 9 C D 8 
 
 C : \ U s e r s \ E m m a \ U p d a t e d   F i l e s \ H a l f - L i f e   2   E p i s o d e   O n e \ e p i s o d i c \ s o u n d \ a m b i e n t \ o u t r o \ T h u n d e r 0 7 . w a v - - a - - - -   6 0 5 2 3 8   b y t e s [ 0 9 : 5 6   1 8 / 0 5 / 2 0 1 1 ] [ 1 2 : 3 8   0 1 / 0 6 / 2 0 0 6 ]   B 4 2 F 8 C B F 4 E 6 4 6 0 C 7 D 8 8 F 2 D 1 6 0 F 4 E 4 E A 1 
 
 C : \ U s e r s \ E m m a \ U p d a t e d   F i l e s \ H a l f - L i f e   2   E p i s o d e   O n e \ h l 2 \ s o u n d \ a m b i e n t \ a t m o s p h e r e \ t h u n d e r 1 . w a v - - a - - - -   1 4 6 0 4 4   b y t e s [ 0 9 : 5 9   1 8 / 0 5 / 2 0 1 1 ] [ 1 5 : 1 3   0 1 / 0 6 / 2 0 0 6 ]   8 0 A 2 7 2 B 5 D B D B 2 0 9 5 3 0 F B D F 2 3 9 0 F 4 E B D B 
 
 C : \ U s e r s \ E m m a \ U p d a t e d   F i l e s \ H a l f - L i f e   2   E p i s o d e   O n e \ h l 2 \ s o u n d \ a m b i e n t \ a t m o s p h e r e \ t h u n d e r 2 . w a v - - a - - - -   1 7 0 6 2 0   b y t e s [ 0 9 : 5 9   1 8 / 0 5 / 2 0 1 1 ] [ 1 5 : 1 3   0 1 / 0 6 / 2 0 0 6 ]   6 A 0 A 8 5 D D 0 9 5 D 5 4 9 B 5 D 2 9 C E 4 C E 0 2 6 3 1 4 9 
 
 C : \ U s e r s \ E m m a \ U p d a t e d   F i l e s \ H a l f - L i f e   2   E p i s o d e   O n e \ h l 2 \ s o u n d \ a m b i e n t \ a t m o s p h e r e \ t h u n d e r 3 . w a v - - a - - - -   3 7 0 8 1 0   b y t e s [ 0 9 : 5 9   1 8 / 0 5 / 2 0 1 1 ] [ 1 5 : 1 3   0 1 / 0 6 / 2 0 0 6 ]   C 9 E 3 4 D C D 8 8 E 8 C 2 3 B 7 D B 2 1 1 B 6 F D B 4 F C A 6 
 
 C : \ U s e r s \ E m m a \ U p d a t e d   F i l e s \ H a l f - L i f e   2   E p i s o d e   O n e \ h l 2 \ s o u n d \ a m b i e n t \ a t m o s p h e r e \ t h u n d e r 4 . w a v - - a - - - -   3 5 8 5 2 2   b y t e s [ 0 9 : 5 9   1 8 / 0 5 / 2 0 1 1 ] [ 1 5 : 1 3   0 1 / 0 6 / 2 0 0 6 ]   3 F 4 4 A F A A 8 C 9 B C C 8 2 8 9 1 3 E F 0 2 F 9 B 2 2 5 F 2 
 
 C : \ U s e r s \ E m m a \ U p d a t e d   F i l e s \ H a l f - L i f e   2   E p i s o d e   O n e \ h l 2 \ s o u n d \ a m b i e n t \ l e v e l s \ l a b s \ t e l e p o r t _ p o s t b l a s t _ t h u n d e r 1 . w a v - - a - - - -   7 7 0 0 6 4   b y t e s [ 0 9 : 5 9   1 8 / 0 5 / 2 0 1 1 ] [ 1 5 : 1 3   0 1 / 0 6 / 2 0 0 6 ]   F 0 3 D 4 2 B 7 7 F 2 4 E 9 F F D C 6 4 B 7 1 E 4 A C 5 F 8 6 9 
 
 C : \ W i n d o w s \ w i n s x s \ a m d 6 4 _ m i c r o s o f t - w i n d o w s - g a d g e t s - w e a t h e r _ 3 1 b f 3 8 5 6 a d 3 6 4 e 3 5 _ 6 . 1 . 7 6 0 0 . 1 6 3 8 5 _ n o n e _ a 9 c f 5 4 8 d 2 1 b 8 6 a 2 f \ d o c k e d _ b l a c k _ t h u n d e r s t o r m . p n g - - a - - - -   1 2 2 3 9   b y t e s [ 2 1 : 4 7   1 3 / 0 7 / 2 0 0 9 ] [ 2 0 : 5 8   1 0 / 0 6 / 2 0 0 9 ]   A 7 9 1 F 9 3 A 5 B F 6 2 5 6 4 C 2 1 2 1 D E 0 C D F E 1 7 9 0 
 
 C : \ W i n d o w s \ w i n s x s \ a m d 6 4 _ m i c r o s o f t - w i n d o w s - g a d g e t s - w e a t h e r _ 3 1 b f 3 8 5 6 a d 3 6 4 e 3 5 _ 6 . 1 . 7 6 0 0 . 1 6 3 8 5 _ n o n e _ a 9 c f 5 4 8 d 2 1 b 8 6 a 2 f \ d o c k e d _ g r a y _ t h u n d e r s t o r m . p n g - - a - - - -   1 2 7 5 7   b y t e s [ 2 1 : 4 7   1 3 / 0 7 / 2 0 0 9 ] [ 2 0 : 5 8   1 0 / 0 6 / 2 0 0 9 ]   D 8 2 D C 2 3 A 9 4 A E 9 3 1 B D C F 3 7 8 1 3 C F C 1 F 4 F 9 
 
 C : \ W i n d o w s \ w i n s x s \ a m d 6 4 _ m i c r o s o f t - w i n d o w s - g a d g e t s - w e a t h e r _ 3 1 b f 3 8 5 6 a d 3 6 4 e 3 5 _ 6 . 1 . 7 6 0 0 . 1 6 3 8 5 _ n o n e _ a 9 c f 5 4 8 d 2 1 b 8 6 a 2 f \ u n d o c k e d _ b l a c k _ t h u n d e r s t o r m . p n g - - a - - - -   3 1 2 9 6   b y t e s [ 2 1 : 4 7   1 3 / 0 7 / 2 0 0 9 ] [ 2 0 : 5 8   1 0 / 0 6 / 2 0 0 9 ]   1 7 8 F A 4 F E B C 9 4 8 D C B F 3 8 0 3 D 3 0 8 D 9 A F 9 4 E 
 
 C : \ W i n d o w s \ w i n s x s \ a m d 6 4 _ m i c r o s o f t - w i n d o w s - g a d g e t s - w e a t h e r _ 3 1 b f 3 8 5 6 a d 3 6 4 e 3 5 _ 6 . 1 . 7 6 0 0 . 1 6 3 8 5 _ n o n e _ a 9 c f 5 4 8 d 2 1 b 8 6 a 2 f \ u n d o c k e d _ g r a y _ t h u n d e r s t o r m . p n g - - a - - - -   3 7 5 8 4   b y t e s [ 2 1 : 4 7   1 3 / 0 7 / 2 0 0 9 ] [ 2 0 : 5 8   1 0 / 0 6 / 2 0 0 9 ]   1 8 4 4 6 8 F 3 F 7 9 B B 1 2 2 1 5 C 5 5 4 0 B F A 7 0 6 3 C 8 
 
 C : \ W i n d o w s \ w i n s x s \ x 8 6 _ m i c r o s o f t - w i n d o w s - g a d g e t s - w e a t h e r _ 3 1 b f 3 8 5 6 a d 3 6 4 e 3 5 _ 6 . 1 . 7 6 0 0 . 1 6 3 8 5 _ n o n e _ 4 d b 0 b 9 0 9 6 9 5 a f 8 f 9 \ d o c k e d _ b l a c k _ t h u n d e r s t o r m . p n g - - a - - - -   1 2 2 3 9   b y t e s [ 2 1 : 5 6   1 3 / 0 7 / 2 0 0 9 ] [ 2 1 : 3 8   1 0 / 0 6 / 2 0 0 9 ]   A 7 9 1 F 9 3 A 5 B F 6 2 5 6 4 C 2 1 2 1 D E 0 C D F E 1 7 9 0 
 
 C : \ W i n d o w s \ w i n s x s \ x 8 6 _ m i c r o s o f t - w i n d o w s - g a d g e t s - w e a t h e r _ 3 1 b f 3 8 5 6 a d 3 6 4 e 3 5 _ 6 . 1 . 7 6 0 0 . 1 6 3 8 5 _ n o n e _ 4 d b 0 b 9 0 9 6 9 5 a f 8 f 9 \ d o c k e d _ g r a y _ t h u n d e r s t o r m . p n g - - a - - - -   1 2 7 5 7   b y t e s [ 2 1 : 5 6   1 3 / 0 7 / 2 0 0 9 ] [ 2 1 : 3 8   1 0 / 0 6 / 2 0 0 9 ]   D 8 2 D C 2 3 A 9 4 A E 9 3 1 B D C F 3 7 8 1 3 C F C 1 F 4 F 9 
 
 C : \ W i n d o w s \ w i n s x s \ x 8 6 _ m i c r o s o f t - w i n d o w s - g a d g e t s - w e a t h e r _ 3 1 b f 3 8 5 6 a d 3 6 4 e 3 5 _ 6 . 1 . 7 6 0 0 . 1 6 3 8 5 _ n o n e _ 4 d b 0 b 9 0 9 6 9 5 a f 8 f 9 \ u n d o c k e d _ b l a c k _ t h u n d e r s t o r m . p n g - - a - - - -   3 1 2 9 6   b y t e s [ 2 1 : 5 6   1 3 / 0 7 / 2 0 0 9 ] [ 2 1 : 3 8   1 0 / 0 6 / 2 0 0 9 ]   1 7 8 F A 4 F E B C 9 4 8 D C B F 3 8 0 3 D 3 0 8 D 9 A F 9 4 E 
 
 C : \ W i n d o w s \ w i n s x s \ x 8 6 _ m i c r o s o f t - w i n d o w s - g a d g e t s - w e a t h e r _ 3 1 b f 3 8 5 6 a d 3 6 4 e 3 5 _ 6 . 1 . 7 6 0 0 . 1 6 3 8 5 _ n o n e _ 4 d b 0 b 9 0 9 6 9 5 a f 8 f 9 \ u n d o c k e d _ g r a y _ t h u n d e r s t o r m . p n g - - a - - - -   3 7 5 8 4   b y t e s [ 2 1 : 5 6   1 3 / 0 7 / 2 0 0 9 ] [ 2 1 : 3 8   1 0 / 0 6 / 2 0 0 9 ]   1 8 4 4 6 8 F 3 F 7 9 B B 1 2 2 1 5 C 5 5 4 0 B F A 7 0 6 3 C 8 
 
 
 
 = = = = = = = = = =   f o l d e r f i n d   = = = = = = = = = = 
 
 
 
 S e a r c h i n g   f o r   " * 艔鳀ww貧n璬>e膥鯪* " 
 
 N o   f o l d e r s   f o u n d . 
 
 
 
 S e a r c h i n g   f o r   " * T h u n d e r * " 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k d - - - - - - [ 1 4 : 2 3   1 0 / 0 4 / 2 0 1 1 ] 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ l e f t   4   d e a d   2 \ l e f t 4 d e a d 2 \ s o u n d \ a m b i e n t \ w e a t h e r \ t h u n d e r s t o r m d - - - - - - [ 2 1 : 5 0   2 6 / 1 1 / 2 0 1 1 ] 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m a t e r i a l s \ m o d e l s \ t h u n d e r m o u n t a i n _ f x d - - - - - - [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S t e a m \ s t e a m a p p s \ c o m m o n \ S o u r c e F i l m m a k e r \ g a m e \ t f \ m o d e l s \ t h u n d e r m o u n t a i n _ f x d - - - - - - [ 0 2 : 2 6   1 1 / 1 1 / 2 0 1 2 ] 
 
 C : \ P r o g r a m D a t a \ T h u n d e r   N e t w o r k d - - - - - - [ 1 4 : 2 3   1 0 / 0 4 / 2 0 1 1 ] 
 
 C : \ P r o g r a m D a t a \ T h u n d e r   N e t w o r k \ T h u n d e r d - - - - - - [ 1 4 : 2 3   1 0 / 0 4 / 2 0 1 1 ] 
 
 C : \ P r o g r a m D a t a \ T h u n d e r   N e t w o r k \ T h u n d e r L i v e U D d - - - - - - [ 1 4 : 2 3   1 0 / 0 4 / 2 0 1 1 ] 
 
 C : \ P r o g r a m D a t a \ T h u n d e r   N e t w o r k \ T h u n d e r L i v e U D \ T h u n d e r 7 _ 7 . 1 . 6 . 2 1 9 4 d - - - - - - [ 1 4 : 2 4   1 0 / 0 4 / 2 0 1 1 ] 
 
 C : \ U s e r s \ A l l   U s e r s \ T h u n d e r   N e t w o r k d - - - - - - [ 1 4 : 2 3   1 0 / 0 4 / 2 0 1 1 ] 
 
 C : \ U s e r s \ A l l   U s e r s \ T h u n d e r   N e t w o r k \ T h u n d e r d - - - - - - [ 1 4 : 2 3   1 0 / 0 4 / 2 0 1 1 ] 
 
 C : \ U s e r s \ A l l   U s e r s \ T h u n d e r   N e t w o r k \ T h u n d e r L i v e U D d - - - - - - [ 1 4 : 2 3   1 0 / 0 4 / 2 0 1 1 ] 
 
 C : \ U s e r s \ A l l   U s e r s \ T h u n d e r   N e t w o r k \ T h u n d e r L i v e U D \ T h u n d e r 7 _ 7 . 1 . 6 . 2 1 9 4 d - - - - - - [ 1 4 : 2 4   1 0 / 0 4 / 2 0 1 1 ] 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ L o c a l \ V i r t u a l S t o r e \ P r o g r a m D a t a \ T h u n d e r   N e t w o r k d - - - - - - [ 1 4 : 2 3   1 0 / 0 4 / 2 0 1 1 ] 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ L o c a l L o w \ T h u n d e r   N e t w o r k d - - - - - - [ 1 4 : 2 3   1 0 / 0 4 / 2 0 1 1 ] 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ L o c a l L o w \ T h u n d e r   N e t w o r k \ T h u n d e r d - - - - - - [ 1 4 : 2 3   1 0 / 0 4 / 2 0 1 1 ] 
 
 C : \ U s e r s \ E m m a \ A p p D a t a \ R o a m i n g \ M i c r o s o f t \ W i n d o w s \ C o o k i e s \ L o w \ T h u n d e r   N e t w o r k d - - - - - - [ 1 4 : 2 3   1 0 / 0 4 / 2 0 1 1 ] 
 
 C : \ U s e r s \ E m m a \ D o c u m e n t s \ T h u n d e r   N e t w o r k d - - - - - - [ 1 4 : 2 3   1 0 / 0 4 / 2 0 1 1 ] 
 
 C : \ U s e r s \ E m m a \ D o c u m e n t s \ T h u n d e r   N e t w o r k \ T h u n d e r d - - - - - - [ 1 4 : 2 3   1 0 / 0 4 / 2 0 1 1 ] 
 
 C : \ U s e r s \ E m m a \ D o c u m e n t s \ T h u n d e r   N e t w o r k \ T h u n d e r \ P r o f i l e s \ T h u n d e r A d d i n d - - - - - - [ 0 4 : 3 3   0 8 / 0 7 / 2 0 1 1 ] 
 
 C : \ U s e r s \ P u b l i c \ T h u n d e r   N e t w o r k d - - - - - - [ 1 4 : 2 3   1 0 / 0 4 / 2 0 1 1 ] 
 
 C : \ U s e r s \ P u b l i c \ T h u n d e r   N e t w o r k \ T h u n d e r d - - - - - - [ 1 5 : 0 0   1 0 / 0 4 / 2 0 1 1 ] 
 
 C : \ U s e r s \ P u b l i c \ T h u n d e r   N e t w o r k \ T h u n d e r 7 . 1 . 6 . 2 1 9 4 d - - - - - - [ 1 4 : 2 4   1 0 / 0 4 / 2 0 1 1 ] 
 
 C : \ U s e r s \ P u b l i c \ T h u n d e r   N e t w o r k \ T h u n d e r 7 . 1 . 8 . 2 3 0 2 d - - - - - - [ 0 8 : 5 8   0 7 / 0 7 / 2 0 1 1 ] 
 
 C : \ U s e r s \ P u b l i c \ T h u n d e r   N e t w o r k \ T h u n d e r P l a t f o r m d - - - - - - [ 1 4 : 2 3   1 0 / 0 4 / 2 0 1 1 ] 
 
 
 
 = = = = = = = = = =   R e g f i n d   = = = = = = = = = = 
 
 
 
 S e a r c h i n g   f o r   " 艔鳀ww貧n璬>e膥鯪" 
 
 N o   d a t a   f o u n d . 
 
 
 
 S e a r c h i n g   f o r   " T h u n d e r " 
 
 [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ L o w   R i g h t s \ E l e v a t i o n P o l i c y \ { C 4 9 5 F 9 1 B - 7 1 6 2 - 4 3 4 0 - 8 D B 3 - F A 9 7 8 C 1 C 6 2 2 F } ] 
 
 " A p p P a t h " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n k a n " 
 
 [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ L o w   R i g h t s \ E l e v a t i o n P o l i c y \ { C 4 9 5 F 9 1 D - 7 1 6 2 - 4 3 4 0 - 8 D B 3 - F A 9 7 8 C 1 C 6 2 2 F } ] 
 
 " A p p P a t h " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ T h u n d e r   N e t w o r k \ X m p 4 \ P r o g r a m " 
 
 [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ L o w   R i g h t s \ E l e v a t i o n P o l i c y \ { C 4 9 5 F 9 1 E - 7 1 6 2 - 4 3 4 0 - 8 D B 3 - F A 9 7 8 C 1 C 6 2 2 F } ] 
 
 " A p p P a t h " = " C : \ U s e r s \ P u b l i c \ T h u n d e r   N e t w o r k \ X M P 4 \ w e b x m p " 
 
 [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ L o w   R i g h t s \ E l e v a t i o n P o l i c y \ { C 6 B 7 F 4 D 9 - 8 D 1 5 - 4 a 4 8 - A 7 2 2 - B 5 4 C 3 D 6 F C E 7 0 } ] 
 
 " A p p N a m e " = " t h u n d e r p l a t f o r m . e x e " 
 
 [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ L o w   R i g h t s \ E l e v a t i o n P o l i c y \ { C 6 B 7 F 4 D 9 - 8 D 1 5 - 4 a 4 8 - A 7 2 2 - B 5 4 C 3 D 6 F C E 7 0 } ] 
 
 " A p p P a t h " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ T P \ V e r 1 \ 1 . 1 . 2 . 6 7 _ 1 1 1 1 " 
 
 [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ L o w   R i g h t s \ E l e v a t i o n P o l i c y \ { F 1 2 9 6 6 A 9 - C 1 3 9 - 4 4 3 1 - 8 3 4 0 - 3 0 2 4 6 5 F B 0 8 3 7 } ] 
 
 " A p p P a t h " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n k a n " 
 
 [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ L o w   R i g h t s \ E l e v a t i o n P o l i c y \ { F 1 2 9 6 6 A 9 - C 1 3 9 - 4 4 3 1 - 8 3 4 0 - 3 0 2 4 6 5 F B 0 8 3 7 } ] 
 
 " A p p N a m e " = " T h u n d e r S e r v i c e L i t e . e x e " 
 
 [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ T h u n d e r   N e t w o r k ] 
 
 [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ T h u n d e r   N e t w o r k \ T h u n d e r ] 
 
 [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ T h u n d e r   N e t w o r k \ T h u n d e r ] 
 
 " P a t h " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ T h u n d e r   N e t w o r k \ T h u n d e r \ p r o g r a m \ t h u n d e r . e x e " 
 
 [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ C l a s s e s \ . t h u n d e r a d d i n ] 
 
 [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ C l a s s e s \ . t h u n d e r a d d i n ] 
 
 @ = " X u n l e i . T h u n d e r A d d i n . 6 " 
 
 [ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ C l a s s e s \ X u n l e i . T h u n d e r A d d i n . 6 ] 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ A p p l i c a t i o n s \ M i n i X m p . e x e \ D e f a u l t I c o n ] 
 
 @ = " " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ T h u n d e r   N e t w o r k \ X m p 4 \ r e s \ X m p . e x e " , 0 " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ T y p e L i b \ { 9 7 8 1 0 5 7 0 - 3 5 F E - 4 1 9 5 - 8 3 D E - 3 0 E 7 9 B 7 1 8 7 1 3 } \ 1 . 0 \ 0 \ w i n 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ A P l a y e r _ 0 0 1 . d l l " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ T y p e L i b \ { 9 7 8 1 0 5 7 0 - 3 5 F E - 4 1 9 5 - 8 3 D E - 3 0 E 7 9 B 7 1 8 7 1 3 } \ 1 . 0 \ H E L P D I R ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ T y p e L i b \ { C 0 F 8 D E 0 B - E 6 4 4 - 4 B 8 5 - 8 1 2 D - B B B 3 A 9 B 0 A 6 F 3 } \ 1 . 0 \ 0 \ w i n 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n K a n \ v d . 1 . 1 . 0 . 3 2 . ( 5 4 4 ) . d l l " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ T y p e L i b \ { C 0 F 8 D E 0 B - E 6 4 4 - 4 B 8 5 - 8 1 2 D - B B B 3 A 9 B 0 A 6 F 3 } \ 1 . 0 \ H E L P D I R ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n K a n \ " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ T y p e L i b \ { D B 7 6 E A 2 A - 3 0 6 7 - 4 E B 2 - 9 5 2 4 - A C 9 D D 8 5 D 2 C B 1 } \ 1 . 0 \ 0 \ w i n 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n k a n \ S t r e a m I . d l l " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ T y p e L i b \ { D B 7 6 E A 2 A - 3 0 6 7 - 4 E B 2 - 9 5 2 4 - A C 9 D D 8 5 D 2 C B 1 } \ 1 . 0 \ H E L P D I R ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n k a n \ " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ C L S I D \ { 0 9 5 7 1 A 4 B - F 1 F E - 4 C 6 0 - 9 7 6 0 - D E 6 D 3 1 0 C 7 C 3 1 } \ I n p r o c S e r v e r 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ C o d e c s \ c o r e a v c . a x " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ C L S I D \ { 3 F D 7 6 A 8 3 - D A A 1 - 4 0 3 B - B 3 8 8 - 2 6 E F F F 6 5 2 7 2 5 } \ I n p r o c S e r v e r 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ C o d e c s \ c o r e a v c . a x " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ C L S I D \ { 7 0 4 0 A E 7 C - D 5 3 9 - 4 A B B - B E A 1 - B 5 E 5 8 A 3 D 2 6 5 5 } ] 
 
 " L o c a l i z e d S t r i n g " = " @ C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n k a n \ X M P . e x e , - 1 2 8 " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ C L S I D \ { 9 0 E 2 2 B 8 8 - 2 9 F D - 4 A A 5 - B 7 8 A - A B 0 C 5 6 F 9 E 1 D 3 } \ I n P r o c S e r v e r 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ A P l a y e r _ 0 0 1 . d l l " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ C L S I D \ { 9 E F F 1 9 5 3 - 9 6 9 4 - 4 7 B 1 - A E F 6 - B 2 A 3 F E 8 B F E 9 B } \ I n p r o c S e r v e r 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n K a n \ v d . 1 . 1 . 0 . 3 2 . ( 5 4 4 ) . d l l " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ C L S I D \ { A 9 3 2 2 1 4 8 - C 6 9 1 - 4 B 9 D - 9 1 F C - B 9 C 4 6 1 D B E 9 D D } \ I n p r o c S e r v e r 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ A P l a y e r _ 0 0 1 . d l l " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ C L S I D \ { A 9 3 2 2 1 4 8 - C 6 9 1 - 4 B 9 D - 9 1 F C - B 9 C 4 6 1 D B E 9 D D } \ T o o l b o x B i t m a p 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ A P l a y e r _ 0 0 1 . d l l ,   1 0 2 " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ C L S I D \ { B B A 3 5 D 2 A - A 3 7 4 - 4 C D F - 9 C 5 D - B F 3 1 D E 9 7 0 B 5 4 } \ I n p r o c S e r v e r 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ C o d e c s \ c o r e a v c . a x " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ C L S I D \ { C 9 7 8 3 F 9 D - 7 E 5 6 - 4 2 0 5 - 9 C A 1 - 2 2 5 C D 9 3 4 9 B D 7 } \ I n p r o c S e r v e r 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ C o d e c s \ c o r e a v c . a x " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ C L S I D \ { F 2 3 B 1 F 1 8 - C B 1 A - 4 7 E D - A 1 F E - B 6 0 4 9 4 A 6 2 6 D 0 } \ I n p r o c S e r v e r 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ C o d e c s \ c o r e a v c . a x " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ T y p e L i b \ { 9 7 8 1 0 5 7 0 - 3 5 F E - 4 1 9 5 - 8 3 D E - 3 0 E 7 9 B 7 1 8 7 1 3 } \ 1 . 0 \ 0 \ w i n 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ A P l a y e r _ 0 0 1 . d l l " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ T y p e L i b \ { 9 7 8 1 0 5 7 0 - 3 5 F E - 4 1 9 5 - 8 3 D E - 3 0 E 7 9 B 7 1 8 7 1 3 } \ 1 . 0 \ H E L P D I R ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ T y p e L i b \ { C 0 F 8 D E 0 B - E 6 4 4 - 4 B 8 5 - 8 1 2 D - B B B 3 A 9 B 0 A 6 F 3 } \ 1 . 0 \ 0 \ w i n 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n K a n \ v d . 1 . 1 . 0 . 3 2 . ( 5 4 4 ) . d l l " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ T y p e L i b \ { C 0 F 8 D E 0 B - E 6 4 4 - 4 B 8 5 - 8 1 2 D - B B B 3 A 9 B 0 A 6 F 3 } \ 1 . 0 \ H E L P D I R ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n K a n \ " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ T y p e L i b \ { D B 7 6 E A 2 A - 3 0 6 7 - 4 E B 2 - 9 5 2 4 - A C 9 D D 8 5 D 2 C B 1 } \ 1 . 0 \ 0 \ w i n 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n k a n \ S t r e a m I . d l l " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ C l a s s e s \ W o w 6 4 3 2 N o d e \ T y p e L i b \ { D B 7 6 E A 2 A - 3 0 6 7 - 4 E B 2 - 9 5 2 4 - A C 9 D D 8 5 D 2 C B 1 } \ 1 . 0 \ H E L P D I R ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n k a n \ " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ M i c r o s o f t \ D i r e c t D r a w \ C o m p a t i b i l i t y \ S i l e n t T h u n d e r ] 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ A p p C o m p a t F l a g s \ L a y e r s ] 
 
 " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ T h u n d e r   N e t w o r k \ T h u n d e r \ u n i n s t a l l _ x l 7 . e x e " = " V I S T A R T M " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ D i r e c t D r a w \ C o m p a t i b i l i t y \ S i l e n t T h u n d e r ] 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ L o w   R i g h t s \ E l e v a t i o n P o l i c y \ { 0 c 0 c 0 c 0 c - e f a d - c a b c - 1 c 8 c - 1 2 3 4 5 6 7 8 9 0 1 2 } ] 
 
 " A p p P a t h " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ T h u n d e r   N e t w o r k \ T h u n d e r \ B H O " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ L o w   R i g h t s \ E l e v a t i o n P o l i c y \ { E B F 8 A A 4 7 - 7 B 0 1 - 4 a d f - 9 8 6 2 - F 8 A B F 9 A D 8 D E A } ] 
 
 " A p p N a m e " = " T h u n d e r . e x e " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ L o w   R i g h t s \ E l e v a t i o n P o l i c y \ { E B F 8 A A 4 7 - 7 B 0 1 - 4 a d f - 9 8 6 2 - F 8 A B F 9 A D 8 D E A } ] 
 
 " A p p P a t h " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ T h u n d e r   N e t w o r k \ T h u n d e r \ P r o g r a m " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ T r a c i n g \ T h u n d e r 7 U p d a t e t o 2 3 0 2 _ R A S A P I 3 2 ] 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ T r a c i n g \ T h u n d e r 7 U p d a t e t o 2 3 0 2 _ R A S M A N C S ] 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ T r a c i n g \ T h u n d e r L i v e U D _ R A S A P I 3 2 ] 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ T r a c i n g \ T h u n d e r L i v e U D _ R A S M A N C S ] 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ T r a c i n g \ T h u n d e r M i n i s i t e _ R A S A P I 3 2 ] 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ T r a c i n g \ T h u n d e r M i n i s i t e _ R A S M A N C S ] 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ T r a c i n g \ t h u n d e r p l a t f o r m _ R A S A P I 3 2 ] 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ T r a c i n g \ t h u n d e r p l a t f o r m _ R A S M A N C S ] 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ T r a c i n g \ T h u n d e r _ R A S A P I 3 2 ] 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ T r a c i n g \ T h u n d e r _ R A S M A N C S ] 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ U n i n s t a l l \ t h u n d e r _ i s 1 ] 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ U n i n s t a l l \ t h u n d e r _ i s 1 ] 
 
 " I n s t a l l L o c a t i o n " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ T h u n d e r   N e t w o r k \ T h u n d e r " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ C l a s s e s \ C L S I D \ { 0 9 5 7 1 A 4 B - F 1 F E - 4 C 6 0 - 9 7 6 0 - D E 6 D 3 1 0 C 7 C 3 1 } \ I n p r o c S e r v e r 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ C o d e c s \ c o r e a v c . a x " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ C l a s s e s \ C L S I D \ { 3 F D 7 6 A 8 3 - D A A 1 - 4 0 3 B - B 3 8 8 - 2 6 E F F F 6 5 2 7 2 5 } \ I n p r o c S e r v e r 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ C o d e c s \ c o r e a v c . a x " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ C l a s s e s \ C L S I D \ { 7 0 4 0 A E 7 C - D 5 3 9 - 4 A B B - B E A 1 - B 5 E 5 8 A 3 D 2 6 5 5 } ] 
 
 " L o c a l i z e d S t r i n g " = " @ C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n k a n \ X M P . e x e , - 1 2 8 " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ C l a s s e s \ C L S I D \ { 9 0 E 2 2 B 8 8 - 2 9 F D - 4 A A 5 - B 7 8 A - A B 0 C 5 6 F 9 E 1 D 3 } \ I n P r o c S e r v e r 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ A P l a y e r _ 0 0 1 . d l l " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ C l a s s e s \ C L S I D \ { 9 E F F 1 9 5 3 - 9 6 9 4 - 4 7 B 1 - A E F 6 - B 2 A 3 F E 8 B F E 9 B } \ I n p r o c S e r v e r 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n K a n \ v d . 1 . 1 . 0 . 3 2 . ( 5 4 4 ) . d l l " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ C l a s s e s \ C L S I D \ { A 9 3 2 2 1 4 8 - C 6 9 1 - 4 B 9 D - 9 1 F C - B 9 C 4 6 1 D B E 9 D D } \ I n p r o c S e r v e r 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ A P l a y e r _ 0 0 1 . d l l " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ C l a s s e s \ C L S I D \ { A 9 3 2 2 1 4 8 - C 6 9 1 - 4 B 9 D - 9 1 F C - B 9 C 4 6 1 D B E 9 D D } \ T o o l b o x B i t m a p 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ A P l a y e r _ 0 0 1 . d l l ,   1 0 2 " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ C l a s s e s \ C L S I D \ { B B A 3 5 D 2 A - A 3 7 4 - 4 C D F - 9 C 5 D - B F 3 1 D E 9 7 0 B 5 4 } \ I n p r o c S e r v e r 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ C o d e c s \ c o r e a v c . a x " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ C l a s s e s \ C L S I D \ { C 9 7 8 3 F 9 D - 7 E 5 6 - 4 2 0 5 - 9 C A 1 - 2 2 5 C D 9 3 4 9 B D 7 } \ I n p r o c S e r v e r 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ C o d e c s \ c o r e a v c . a x " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ C l a s s e s \ C L S I D \ { F 2 3 B 1 F 1 8 - C B 1 A - 4 7 E D - A 1 F E - B 6 0 4 9 4 A 6 2 6 D 0 } \ I n p r o c S e r v e r 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ C o d e c s \ c o r e a v c . a x " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ C l a s s e s \ T y p e L i b \ { 9 7 8 1 0 5 7 0 - 3 5 F E - 4 1 9 5 - 8 3 D E - 3 0 E 7 9 B 7 1 8 7 1 3 } \ 1 . 0 \ 0 \ w i n 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ A P l a y e r _ 0 0 1 . d l l " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ C l a s s e s \ T y p e L i b \ { 9 7 8 1 0 5 7 0 - 3 5 F E - 4 1 9 5 - 8 3 D E - 3 0 E 7 9 B 7 1 8 7 1 3 } \ 1 . 0 \ H E L P D I R ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ A P l a y e r \ " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ C l a s s e s \ T y p e L i b \ { C 0 F 8 D E 0 B - E 6 4 4 - 4 B 8 5 - 8 1 2 D - B B B 3 A 9 B 0 A 6 F 3 } \ 1 . 0 \ 0 \ w i n 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n K a n \ v d . 1 . 1 . 0 . 3 2 . ( 5 4 4 ) . d l l " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ C l a s s e s \ T y p e L i b \ { C 0 F 8 D E 0 B - E 6 4 4 - 4 B 8 5 - 8 1 2 D - B B B 3 A 9 B 0 A 6 F 3 } \ 1 . 0 \ H E L P D I R ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n K a n \ " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ C l a s s e s \ T y p e L i b \ { D B 7 6 E A 2 A - 3 0 6 7 - 4 E B 2 - 9 5 2 4 - A C 9 D D 8 5 D 2 C B 1 } \ 1 . 0 \ 0 \ w i n 3 2 ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n k a n \ S t r e a m I . d l l " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ W o w 6 4 3 2 N o d e \ C l a s s e s \ T y p e L i b \ { D B 7 6 E A 2 A - 3 0 6 7 - 4 E B 2 - 9 5 2 4 - A C 9 D D 8 5 D 2 C B 1 } \ 1 . 0 \ H E L P D I R ] 
 
 @ = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n k a n \ " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C o n t r o l S e t 0 0 1 \ C o n t r o l \ S e s s i o n   M a n a g e r \ E n v i r o n m e n t ] 
 
 " P a t h " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ N V I D I A   C o r p o r a t i o n \ P h y s X \ C o m m o n ; C : \ P r o g r a m   F i l e s \ C o m m o n   F i l e s \ M i c r o s o f t   S h a r e d \ W i n d o w s   L i v e ; C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ M i c r o s o f t   S h a r e d \ W i n d o w s   L i v e ; % S y s t e m R o o t % \ s y s t e m 3 2 ; % S y s t e m R o o t % ; % S y s t e m R o o t % \ S y s t e m 3 2 \ W b e m ; % S Y S T E M R O O T % \ S y s t e m 3 2 \ W i n d o w s P o w e r S h e l l \ v 1 . 0 \ ; C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ W i n d o w s   L i v e \ S h a r e d ; C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n K a n \ C o d e c s " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C o n t r o l S e t 0 0 1 \ s e r v i c e s \ e v e n t l o g \ A p p l i c a t i o n \ X L D o c t o r   S e r v i c e s ] 
 
 " E v e n t M e s s a g e F i l e " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ T h u n d e r   N e " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C o n t r o l S e t 0 0 1 \ s e r v i c e s \ t c p h o c ] 
 
 " I m a g e P a t h " = " \ ? ? \ C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ T h u n d e r   N e t w o r k \ T h u n d e r \ X L D o c t o r \ 7 . 1 . 8 . 2 3 0 2 _ 3 \ P r o g r a m \ t c p h o c . s y s " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C o n t r o l S e t 0 0 2 \ C o n t r o l \ S e s s i o n   M a n a g e r \ E n v i r o n m e n t ] 
 
 " P a t h " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ N V I D I A   C o r p o r a t i o n \ P h y s X \ C o m m o n ; C : \ P r o g r a m   F i l e s \ C o m m o n   F i l e s \ M i c r o s o f t   S h a r e d \ W i n d o w s   L i v e ; C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ M i c r o s o f t   S h a r e d \ W i n d o w s   L i v e ; % S y s t e m R o o t % \ s y s t e m 3 2 ; % S y s t e m R o o t % ; % S y s t e m R o o t % \ S y s t e m 3 2 \ W b e m ; % S Y S T E M R O O T % \ S y s t e m 3 2 \ W i n d o w s P o w e r S h e l l \ v 1 . 0 \ ; C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ W i n d o w s   L i v e \ S h a r e d ; C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n K a n \ C o d e c s " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C o n t r o l S e t 0 0 2 \ s e r v i c e s \ e v e n t l o g \ A p p l i c a t i o n \ X L D o c t o r   S e r v i c e s ] 
 
 " E v e n t M e s s a g e F i l e " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ T h u n d e r   N e " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C o n t r o l S e t 0 0 2 \ s e r v i c e s \ t c p h o c ] 
 
 " I m a g e P a t h " = " \ ? ? \ C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ T h u n d e r   N e t w o r k \ T h u n d e r \ X L D o c t o r \ 7 . 1 . 8 . 2 3 0 2 _ 3 \ P r o g r a m \ t c p h o c . s y s " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ C o n t r o l \ S e s s i o n   M a n a g e r \ E n v i r o n m e n t ] 
 
 " P a t h " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ N V I D I A   C o r p o r a t i o n \ P h y s X \ C o m m o n ; C : \ P r o g r a m   F i l e s \ C o m m o n   F i l e s \ M i c r o s o f t   S h a r e d \ W i n d o w s   L i v e ; C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ M i c r o s o f t   S h a r e d \ W i n d o w s   L i v e ; % S y s t e m R o o t % \ s y s t e m 3 2 ; % S y s t e m R o o t % ; % S y s t e m R o o t % \ S y s t e m 3 2 \ W b e m ; % S Y S T E M R O O T % \ S y s t e m 3 2 \ W i n d o w s P o w e r S h e l l \ v 1 . 0 \ ; C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ W i n d o w s   L i v e \ S h a r e d ; C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n K a n \ C o d e c s " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ s e r v i c e s \ e v e n t l o g \ A p p l i c a t i o n \ X L D o c t o r   S e r v i c e s ] 
 
 " E v e n t M e s s a g e F i l e " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ T h u n d e r   N e " 
 
 [ H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ s e r v i c e s \ t c p h o c ] 
 
 " I m a g e P a t h " = " \ ? ? \ C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ T h u n d e r   N e t w o r k \ T h u n d e r \ X L D o c t o r \ 7 . 1 . 8 . 2 3 0 2 _ 3 \ P r o g r a m \ t c p h o c . s y s " 
 
 [ H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 0 9 7 7 3 0 4 7 8 - 8 8 9 2 1 9 6 0 6 - 3 1 7 8 9 9 7 1 4 1 - 1 0 0 1 \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ L o w   R i g h t s \ E l e v a t i o n P o l i c y \ { C 4 9 5 F 9 1 B - 7 1 6 2 - 4 3 4 0 - 8 D B 3 - F A 9 7 8 C 1 C 6 2 2 F } ] 
 
 " A p p P a t h " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n k a n " 
 
 [ H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 0 9 7 7 3 0 4 7 8 - 8 8 9 2 1 9 6 0 6 - 3 1 7 8 9 9 7 1 4 1 - 1 0 0 1 \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ L o w   R i g h t s \ E l e v a t i o n P o l i c y \ { C 4 9 5 F 9 1 D - 7 1 6 2 - 4 3 4 0 - 8 D B 3 - F A 9 7 8 C 1 C 6 2 2 F } ] 
 
 " A p p P a t h " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ T h u n d e r   N e t w o r k \ X m p 4 \ P r o g r a m " 
 
 [ H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 0 9 7 7 3 0 4 7 8 - 8 8 9 2 1 9 6 0 6 - 3 1 7 8 9 9 7 1 4 1 - 1 0 0 1 \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ L o w   R i g h t s \ E l e v a t i o n P o l i c y \ { C 4 9 5 F 9 1 E - 7 1 6 2 - 4 3 4 0 - 8 D B 3 - F A 9 7 8 C 1 C 6 2 2 F } ] 
 
 " A p p P a t h " = " C : \ U s e r s \ P u b l i c \ T h u n d e r   N e t w o r k \ X M P 4 \ w e b x m p " 
 
 [ H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 0 9 7 7 3 0 4 7 8 - 8 8 9 2 1 9 6 0 6 - 3 1 7 8 9 9 7 1 4 1 - 1 0 0 1 \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ L o w   R i g h t s \ E l e v a t i o n P o l i c y \ { C 6 B 7 F 4 D 9 - 8 D 1 5 - 4 a 4 8 - A 7 2 2 - B 5 4 C 3 D 6 F C E 7 0 } ] 
 
 " A p p N a m e " = " t h u n d e r p l a t f o r m . e x e " 
 
 [ H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 0 9 7 7 3 0 4 7 8 - 8 8 9 2 1 9 6 0 6 - 3 1 7 8 9 9 7 1 4 1 - 1 0 0 1 \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ L o w   R i g h t s \ E l e v a t i o n P o l i c y \ { C 6 B 7 F 4 D 9 - 8 D 1 5 - 4 a 4 8 - A 7 2 2 - B 5 4 C 3 D 6 F C E 7 0 } ] 
 
 " A p p P a t h " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ T P \ V e r 1 \ 1 . 1 . 2 . 6 7 _ 1 1 1 1 " 
 
 [ H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 0 9 7 7 3 0 4 7 8 - 8 8 9 2 1 9 6 0 6 - 3 1 7 8 9 9 7 1 4 1 - 1 0 0 1 \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ L o w   R i g h t s \ E l e v a t i o n P o l i c y \ { F 1 2 9 6 6 A 9 - C 1 3 9 - 4 4 3 1 - 8 3 4 0 - 3 0 2 4 6 5 F B 0 8 3 7 } ] 
 
 " A p p P a t h " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ T h u n d e r   N e t w o r k \ K a n k a n " 
 
 [ H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 0 9 7 7 3 0 4 7 8 - 8 8 9 2 1 9 6 0 6 - 3 1 7 8 9 9 7 1 4 1 - 1 0 0 1 \ S o f t w a r e \ M i c r o s o f t \ I n t e r n e t   E x p l o r e r \ L o w   R i g h t s \ E l e v a t i o n P o l i c y \ { F 1 2 9 6 6 A 9 - C 1 3 9 - 4 4 3 1 - 8 3 4 0 - 3 0 2 4 6 5 F B 0 8 3 7 } ] 
 
 " A p p N a m e " = " T h u n d e r S e r v i c e L i t e . e x e " 
 
 [ H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 0 9 7 7 3 0 4 7 8 - 8 8 9 2 1 9 6 0 6 - 3 1 7 8 9 9 7 1 4 1 - 1 0 0 1 \ S o f t w a r e \ T h u n d e r   N e t w o r k ] 
 
 [ H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 0 9 7 7 3 0 4 7 8 - 8 8 9 2 1 9 6 0 6 - 3 1 7 8 9 9 7 1 4 1 - 1 0 0 1 \ S o f t w a r e \ T h u n d e r   N e t w o r k \ T h u n d e r ] 
 
 [ H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 0 9 7 7 3 0 4 7 8 - 8 8 9 2 1 9 6 0 6 - 3 1 7 8 9 9 7 1 4 1 - 1 0 0 1 \ S o f t w a r e \ T h u n d e r   N e t w o r k \ T h u n d e r ] 
 
 " P a t h " = " C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ T h u n d e r   N e t w o r k \ T h u n d e r \ p r o g r a m \ t h u n d e r . e x e " 
 
 [ H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 0 9 7 7 3 0 4 7 8 - 8 8 9 2 1 9 6 0 6 - 3 1 7 8 9 9 7 1 4 1 - 1 0 0 1 \ S o f t w a r e \ C l a s s e s \ . t h u n d e r a d d i n ] 
 
 [ H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 0 9 7 7 3 0 4 7 8 - 8 8 9 2 1 9 6 0 6 - 3 1 7 8 9 9 7 1 4 1 - 1 0 0 1 \ S o f t w a r e \ C l a s s e s \ . t h u n d e r a d d i n ] 
 
 @ = " X u n l e i . T h u n d e r A d d i n . 6 " 
 
 [ H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 0 9 7 7 3 0 4 7 8 - 8 8 9 2 1 9 6 0 6 - 3 1 7 8 9 9 7 1 4 1 - 1 0 0 1 \ S o f t w a r e \ C l a s s e s \ X u n l e i . T h u n d e r A d d i n . 6 ] 
 
 [ H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 0 9 7 7 3 0 4 7 8 - 8 8 9 2 1 9 6 0 6 - 3 1 7 8 9 9 7 1 4 1 - 1 0 0 1 _ C l a s s e s \ . t h u n d e r a d d i n ] 
 
 [ H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 0 9 7 7 3 0 4 7 8 - 8 8 9 2 1 9 6 0 6 - 3 1 7 8 9 9 7 1 4 1 - 1 0 0 1 _ C l a s s e s \ . t h u n d e r a d d i n ] 
 
 @ = " X u n l e i . T h u n d e r A d d i n . 6 " 
 
 [ H K E Y _ U S E R S \ S - 1 - 5 - 2 1 - 2 0 9 7 7 3 0 4 7 8 - 8 8 9 2 1 9 6 0 6 - 3 1 7 8 9 9 7 1 4 1 - 1 0 0 1 _ C l a s s e s \ X u n l e i . T h u n d e r A d d i n . 6 ] 
 
 
 
 = = = = = = = = = =   d i r   = = = = = = = = = = 
 
 
 
 C : \ P r o g r a m D a t a \ { 8 2 0 1 D 5 F C - F 0 8 6 - 4 E E 3 - 8 4 4 1 - 4 F A F B 6 1 B 7 5 8 3 }   -   P a r a m e t e r s :   " / s " 
 
 
 
 - - - F i l e s - - - 
 
 A S C I P e r . i n i - - a - - - -   3 6   b y t e s [ 0 6 : 5 4   0 4 / 0 4 / 2 0 1 3 ] [ 0 6 : 5 4   0 4 / 0 4 / 2 0 1 3 ] 
 
 
 
 N o   f o l d e r s   f o u n d . 
 
 
 
 - =   E O F   = - 


#12 Mythilas

Mythilas
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:08:52 PM

Posted 17 April 2013 - 05:50 AM

For some reason the exe. ran in Chinese

 

Combofix.txt

 

 

ComboFix 13-04-17.01 - Emma 4/2013 Wed  20:41:54.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.936.86.1033.18.8191.5635 [GMT 10:00]
执行位置: c:\users\Emma\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * 成功创造新还原点
.
.
(((((((((((((((((((((((((((((((((((((((   被删除的档案   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SddSUpdate
c:\program files (x86)\SddSUpdate\seedsetup\seedsetup.exe
c:\program files (x86)\StormII
c:\users\Emma\AppData\Local\AA
c:\users\Emma\AppData\Local\AA\201147\AAConfig.ini
c:\users\Emma\AppData\Local\AA\201147\AAFlash.swf
c:\users\Emma\AppData\Local\AA\201147\AATime.ini
c:\users\Emma\AppData\Local\AA\201247\AAConfig.ini
c:\users\Emma\AppData\Local\AA\201247\AAFlash.swf
c:\users\Emma\AppData\Local\AA\201247\AATime.ini
c:\users\Emma\AppData\Local\AA\201248\AAConfig.ini
c:\users\Emma\AppData\Local\AA\201248\AAFlash.swf
c:\users\Emma\AppData\Local\AA\201248\AATime.ini
c:\users\Emma\AppData\Roaming\360SE
c:\users\Emma\AppData\Roaming\360SE\360SE.ini
c:\users\Emma\AppData\Roaming\360SE\360seie6.ini
c:\users\Emma\AppData\Roaming\360SE\apps\1000\1000.png
c:\users\Emma\AppData\Roaming\360SE\apps\1000\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1000\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\100000747\100000747.png
c:\users\Emma\AppData\Roaming\360SE\apps\100000747\config.ini
c:\users\Emma\AppData\Roaming\360SE\apps\100000747\logo.ico
c:\users\Emma\AppData\Roaming\360SE\apps\100000747\logo.png
c:\users\Emma\AppData\Roaming\360SE\apps\1018\1018.png
c:\users\Emma\AppData\Roaming\360SE\apps\1018\ab.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\1018\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\BankHelper.exe
c:\users\Emma\AppData\Roaming\360SE\apps\1018\banklist.dll
c:\users\Emma\AppData\Roaming\360SE\apps\1018\BankMode.dll
c:\users\Emma\AppData\Roaming\360SE\apps\1018\BankMode.dll.tmp
c:\users\Emma\AppData\Roaming\360SE\apps\1018\bc.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\boc.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\caipiao.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\ccb.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\ceb.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\chongzhi.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\cib.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\citic.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\cmb.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\cmbc.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\dianka.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\fanli.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\gdb.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\hxb.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\icbc.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\psbc.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\sdb.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\spdb.ico
c:\users\Emma\AppData\Roaming\360SE\apps\1018\tip.png
c:\users\Emma\AppData\Roaming\360SE\apps\102028944\102028944.png
c:\users\Emma\AppData\Roaming\360SE\apps\102028944\config.ini
c:\users\Emma\AppData\Roaming\360SE\apps\102028944\logo.ico
c:\users\Emma\AppData\Roaming\360SE\apps\102028944\logo.png
c:\users\Emma\AppData\Roaming\360SE\apps\102043400\102043400.png
c:\users\Emma\AppData\Roaming\360SE\apps\102043400\config.ini
c:\users\Emma\AppData\Roaming\360SE\apps\102043400\logo.ico
c:\users\Emma\AppData\Roaming\360SE\apps\102043400\logo.png
c:\users\Emma\AppData\Roaming\360SE\apps\2000\2000.png
c:\users\Emma\AppData\Roaming\360SE\apps\2000\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\2000\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\2000\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\2011\2011.png
c:\users\Emma\AppData\Roaming\360SE\apps\2011\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\2011\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\2011\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\2022\2022.png
c:\users\Emma\AppData\Roaming\360SE\apps\2022\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\2022\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\2022\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\2091\2091.png
c:\users\Emma\AppData\Roaming\360SE\apps\2091\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\2091\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\2091\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\appdoct.dll
c:\users\Emma\AppData\Roaming\360SE\apps\appsi.dll
c:\users\Emma\AppData\Roaming\360SE\apps\Appslocal.ini
c:\users\Emma\AppData\Roaming\360SE\apps\Appslocal.ver
c:\users\Emma\AppData\Roaming\360SE\apps\AppsServer.ver
c:\users\Emma\AppData\Roaming\360SE\apps\AppStat.ini
c:\users\Emma\AppData\Roaming\360SE\apps\baoku\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\baoku\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\baoku\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\baoku\baoku.png
c:\users\Emma\AppData\Roaming\360SE\apps\config.ini
c:\users\Emma\AppData\Roaming\360SE\apps\context.ini
c:\users\Emma\AppData\Roaming\360SE\apps\default.ini
c:\users\Emma\AppData\Roaming\360SE\apps\Default.ver
c:\users\Emma\AppData\Roaming\360SE\apps\download_temp\lvu2992.tmp
c:\users\Emma\AppData\Roaming\360SE\apps\download_temp\lvu3096.tmp
c:\users\Emma\AppData\Roaming\360SE\apps\download_temp\lvu3A0E.tmp
c:\users\Emma\AppData\Roaming\360SE\apps\download_temp\lvu5685.tmp
c:\users\Emma\AppData\Roaming\360SE\apps\download_temp\lvu5E92.tmp
c:\users\Emma\AppData\Roaming\360SE\apps\download_temp\lvu8853.tmp
c:\users\Emma\AppData\Roaming\360SE\apps\download_temp\lvu977D.tmp
c:\users\Emma\AppData\Roaming\360SE\apps\download_temp\lvu9EFD.tmp
c:\users\Emma\AppData\Roaming\360SE\apps\download_temp\lvuA968.tmp
c:\users\Emma\AppData\Roaming\360SE\apps\download_temp\lvuB398.tmp
c:\users\Emma\AppData\Roaming\360SE\apps\download_temp\lvuD3CD.tmp
c:\users\Emma\AppData\Roaming\360SE\apps\download_temp\lvuE049.tmp
c:\users\Emma\AppData\Roaming\360SE\apps\download_temp\lvuEFF9.tmp
c:\users\Emma\AppData\Roaming\360SE\apps\ExtFeedWeibo\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\ExtFeedWeibo\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\ExtFeedWeibo\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\ExtFeedWeibo\ExtFeedWeibo.png
c:\users\Emma\AppData\Roaming\360SE\apps\ExtFeedWeibo\sidelogo.png
c:\users\Emma\AppData\Roaming\360SE\apps\ExtNews\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\ExtNews\ExtNews.dll
c:\users\Emma\AppData\Roaming\360SE\apps\ExtNews\ExtNews.png
c:\users\Emma\AppData\Roaming\360SE\apps\ExtNews\sidelogo.png
c:\users\Emma\AppData\Roaming\360SE\apps\ExtShare\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\ExtShare\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\ExtShare\ExtShare.png
c:\users\Emma\AppData\Roaming\360SE\apps\ExtSmartWiz\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\ExtSmartWiz\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\ExtSmartWiz\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\ExtSmartWiz\ExtSmartWiz.dll
c:\users\Emma\AppData\Roaming\360SE\apps\ExtSmartWiz\ExtSmartWiz.png
c:\users\Emma\AppData\Roaming\360SE\apps\ExtTgj\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\ExtTgj\ExtTgj.dll
c:\users\Emma\AppData\Roaming\360SE\apps\ExtTgj\ExtTgj.png
c:\users\Emma\AppData\Roaming\360SE\apps\ExtTgj\sidelogo.png
c:\users\Emma\AppData\Roaming\360SE\apps\ExtTuan\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\ExtTuan\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\ExtTuan\ExtTuan.png
c:\users\Emma\AppData\Roaming\360SE\apps\ExtWebmail\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\ExtWebmail\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\ExtWebmail\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\ExtWebmail\ExtWebmail.dll
c:\users\Emma\AppData\Roaming\360SE\apps\ExtWebmail\ExtWebmail.dll.tmp
c:\users\Emma\AppData\Roaming\360SE\apps\ExtWebmail\ExtWebMail.png
c:\users\Emma\AppData\Roaming\360SE\apps\ExtWebmail\sidelogo.png
c:\users\Emma\AppData\Roaming\360SE\apps\ExtYouxi\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\ExtYouxi\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\ExtYouxi\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\ExtYouxi\ExtYouxi.dll
c:\users\Emma\AppData\Roaming\360SE\apps\ExtYouxi\ExtYouxi.dll.tmp
c:\users\Emma\AppData\Roaming\360SE\apps\ExtYouxi\ExtYouxi.png
c:\users\Emma\AppData\Roaming\360SE\apps\ExtYouxi\GameCenter.dll
c:\users\Emma\AppData\Roaming\360SE\apps\ExtYouxi\QiWan.exe
c:\users\Emma\AppData\Roaming\360SE\apps\ExtYouxi\sqlite3.dll
c:\users\Emma\AppData\Roaming\360SE\apps\LoginAssis\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\LoginAssis\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\LoginAssis\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\LoginAssis\LoginAssis.dll
c:\users\Emma\AppData\Roaming\360SE\apps\LoginAssis\LoginAssis.png
c:\users\Emma\AppData\Roaming\360SE\apps\maidongxi\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\maidongxi\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\maidongxi\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\maidongxi\maidongxi.png
c:\users\Emma\AppData\Roaming\360SE\apps\NotifyDown.dll
c:\users\Emma\AppData\Roaming\360SE\apps\NotifyDown.dll.tmp
c:\users\Emma\AppData\Roaming\360SE\apps\recmd.dll
c:\users\Emma\AppData\Roaming\360SE\apps\Recmd2.dll
c:\users\Emma\AppData\Roaming\360SE\apps\recmdinfo.ini
c:\users\Emma\AppData\Roaming\360SE\apps\recmdinfo2.ini
c:\users\Emma\AppData\Roaming\360SE\apps\root.ver
c:\users\Emma\AppData\Roaming\360SE\apps\root2.ver
c:\users\Emma\AppData\Roaming\360SE\apps\SEWebAppPlat.exe
c:\users\Emma\AppData\Roaming\360SE\apps\shipin\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\shipin\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\shipin\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\shipin\shipin.png
c:\users\Emma\AppData\Roaming\360SE\apps\Sidebar.ini
c:\users\Emma\AppData\Roaming\360SE\apps\Sidebar.ver
c:\users\Emma\AppData\Roaming\360SE\apps\SnapPlugin\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\SnapPlugin\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\SnapPlugin\SnapPlugin.png
c:\users\Emma\AppData\Roaming\360SE\apps\stat.ini
c:\users\Emma\AppData\Roaming\360SE\apps\TranslatorPlugin\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\TranslatorPlugin\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\TranslatorPlugin\TranslatorPlugin.png
c:\users\Emma\AppData\Roaming\360SE\apps\updatestat.ini
c:\users\Emma\AppData\Roaming\360SE\apps\UseAppStat.ini
c:\users\Emma\AppData\Roaming\360SE\apps\wanyouxi\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\wanyouxi\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\wanyouxi\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\wanyouxi\wanyouxi.png
c:\users\Emma\AppData\Roaming\360SE\apps\xiaoshuo\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\xiaoshuo\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\xiaoshuo\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\xiaoshuo\xiaoshuo.png
c:\users\Emma\AppData\Roaming\360SE\apps\xinwen\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\xinwen\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\xinwen\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\xinwen\xinwen.png
c:\users\Emma\AppData\Roaming\360SE\apps\yinyue\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\yinyue\app.ini
c:\users\Emma\AppData\Roaming\360SE\apps\yinyue\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\yinyue\yinyue.png
c:\users\Emma\AppData\Roaming\360SE\apps\Youxi\app.ico
c:\users\Emma\AppData\Roaming\360SE\apps\Youxi\app24.ico
c:\users\Emma\AppData\Roaming\360SE\apps\Youxi\Youxi.png
c:\users\Emma\AppData\Roaming\360SE\bin\ExtThumb.dll
c:\users\Emma\AppData\Roaming\360SE\bin\safehm.dll
c:\users\Emma\AppData\Roaming\360SE\bin\SeDown.exe
c:\users\Emma\AppData\Roaming\360SE\data\360sefav.db
c:\users\Emma\AppData\Roaming\360SE\data\360uyxe.db
c:\users\Emma\AppData\Roaming\360SE\data\adcache\29e15e5515ea8d500fba0a3068676aa4.cfg
c:\users\Emma\AppData\Roaming\360SE\data\adcache\3d845fca9e6565b79e7c182b28d24247.cfg
c:\users\Emma\AppData\Roaming\360SE\data\adcache\400fc4e9321548cf2ba107fccd9c0271.cfg
c:\users\Emma\AppData\Roaming\360SE\data\adcache\e68ec44b20e3d6cc74a20b34c4c12be3.cfg
c:\users\Emma\AppData\Roaming\360SE\data\adcache\fae66bab3aa0a26177e970e05a238104.cfg
c:\users\Emma\AppData\Roaming\360SE\data\Adfilter.dat
c:\users\Emma\AppData\Roaming\360SE\data\adfilter.ini
c:\users\Emma\AppData\Roaming\360SE\data\BlankData.ini
c:\users\Emma\AppData\Roaming\360SE\data\cachesnap\41fb27e03b4a17b57c95e2fea0f7acac.png
c:\users\Emma\AppData\Roaming\360SE\data\cachesnap\4c31896c2e4b761366b66f76dc3cc898.png
c:\users\Emma\AppData\Roaming\360SE\data\cachesnap\4f12a25ee6cc3d6123be77df850e343e.png
c:\users\Emma\AppData\Roaming\360SE\data\cachesnap\55bec7be4c0804552178a4bb69546a45.png
c:\users\Emma\AppData\Roaming\360SE\data\cachesnap\6b09759e8a1437fb926b2f7b2093f91e.png
c:\users\Emma\AppData\Roaming\360SE\data\cachesnap\a3d4287100650c5d4f24ef94fd710a6f.png
c:\users\Emma\AppData\Roaming\360SE\data\cachesnap\bfa89e563d9509fbc5c6503dd50faf2e.png
c:\users\Emma\AppData\Roaming\360SE\data\cachesnap\d0f58dcfc07f405ed0a58ce494ef1343.png
c:\users\Emma\AppData\Roaming\360SE\data\ConfigV2\360seConfig.reg
c:\users\Emma\AppData\Roaming\360SE\data\DailyBackup\360sefav_2011_10_01.favdb
c:\users\Emma\AppData\Roaming\360SE\data\DailyBackup\360sefav_2011_10_20.favdb
c:\users\Emma\AppData\Roaming\360SE\data\defsku.dll
c:\users\Emma\AppData\Roaming\360SE\data\Exinclude.dat
c:\users\Emma\AppData\Roaming\360SE\data\FavouriteBar.dat
c:\users\Emma\AppData\Roaming\360SE\data\gameurls.dat
c:\users\Emma\AppData\Roaming\360SE\data\history.dat
c:\users\Emma\AppData\Roaming\360SE\data\hotwords.dat
c:\users\Emma\AppData\Roaming\360SE\data\ico\6f83c9cd9c7e1ffee373d209b9643812.svp.tmp
c:\users\Emma\AppData\Roaming\360SE\data\ico\ad.05wan.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\adf.ly.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\aihdownload.adobe.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\ancienthistory.about.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\avc.360.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\beijing.runweb.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\bigpond.bigpond.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\blacklists.eff.org.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\cc.q.com.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\channelnine.ninemsn.com.au.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\click.union.360buy.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\cn.bing.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\config.ini
c:\users\Emma\AppData\Roaming\360SE\data\ico\cz.360.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\ddt.wan.360.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\deals.ebay.com.au.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\dgcs.wan.360.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\dh.wan.360.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\docs.gimp.org.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\donsmaps.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\download.microsoft.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\en.wikipedia.org.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\eoreality.net.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\farm.wan.360.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\forums.steampowered.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\forums.wildshadow.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\freeminecraftaccount.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\get.adobe.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\hao.360.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\hero.wan.360.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\kotaku.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\ldw.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\login.live.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\mcsd.wan.360.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\me.360.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\minecraft-server-list.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\minestatus.net.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\ninemsn.com.au.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\nz1.66300126.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\ozzy furocity.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\ozzyfurocity.net.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\plsm.wan.360.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\poker.wan.360.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\profile.live.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\prom.gome.com.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\re.taobao.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\s-static.ak.facebook.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\s.click.taobao.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\se.360.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\search8.taobao.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\shell.windows.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\skyrim.nexusmods.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\sn115w.snt115.mail.live.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\sn136w.snt136.mail.live.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\so.360.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\static.ak.facebook.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\stats.ozzyfurocity.net.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\steamcommunity.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\store-unity.unity3d.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\store.steampowered.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\support.steampowered.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\wan.360.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\wiki.spiralknights.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\wiki.teamfortress.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\windows.microsoft.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.baidu.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.baofeng.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.bing.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.etao.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.facebook.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.fanfiction.net.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.fileinfo.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.gamersfirst.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.google.com.hk.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.google.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.huffingtonpost.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.jinx.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.lambentstew.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.metacritic.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.microsoft.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.minecraftforum.net.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.nutristrategy.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.nutristrategy.com.ico.koal
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.nvidia.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.pantheon.org.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.pcgamer.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.philmultic.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.qihoo.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.rockpapershotgun.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.shacknews.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.sogou.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.steamcommunity.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.steampowered.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.teamfortress.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.tmall.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.update.microsoft.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.weatherzone.com.au.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.yintai.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.youdao.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\www.youtube.com.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\wxfy.wan.360.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\yahoo.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\ico\zqjl.wan.360.cn.ico
c:\users\Emma\AppData\Roaming\360SE\data\IEXCompat.dat
c:\users\Emma\AppData\Roaming\360SE\data\newskin.dat
c:\users\Emma\AppData\Roaming\360SE\data\plate\11b7c3e3dc8d17f8b7e7de5e9d87ef0b.png
c:\users\Emma\AppData\Roaming\360SE\data\plate\26f0182be760ef3bed71dbd3d3912ffd.png
c:\users\Emma\AppData\Roaming\360SE\data\plate\72ed6b499ed30aa93571dd4714f21778.png
c:\users\Emma\AppData\Roaming\360SE\data\plate\8839ab5c6210bfb9a68a8519674b4205.png
c:\users\Emma\AppData\Roaming\360SE\data\plate\a0999a791172eab3290620982994fc16.png
c:\users\Emma\AppData\Roaming\360SE\data\plate\a5da7ee244c32302db2530b1696e241f.png
c:\users\Emma\AppData\Roaming\360SE\data\plate\a7034b6feb62894017ae96d413faabfa.png
c:\users\Emma\AppData\Roaming\360SE\data\plate\bab765150144b1286748aec8990542a7.png
c:\users\Emma\AppData\Roaming\360SE\data\preset_j.dat
c:\users\Emma\AppData\Roaming\360SE\data\querrysgt.dat
c:\users\Emma\AppData\Roaming\360SE\data\SafeProtect.dat
c:\users\Emma\AppData\Roaming\360SE\data\seu.dll
c:\users\Emma\AppData\Roaming\360SE\data\SkinUpdate\Preview0.png
c:\users\Emma\AppData\Roaming\360SE\data\SkinUpdate\Preview1.png
c:\users\Emma\AppData\Roaming\360SE\data\SkinUpdate\preview2.png
c:\users\Emma\AppData\Roaming\360SE\data\SkinUpdate\preview3.png
c:\users\Emma\AppData\Roaming\360SE\data\SkinUpdate\Preview4.png
c:\users\Emma\AppData\Roaming\360SE\data\SkinUpdate\update.ini
c:\users\Emma\AppData\Roaming\360SE\data\snapcache\de17060eb9f7c8cff692f8a634f9a853.png
c:\users\Emma\AppData\Roaming\360SE\data\snapcache\logo\05cf34fd8851724f4a92ce384648dd84.png
c:\users\Emma\AppData\Roaming\360SE\data\snapcache\logo\1b02bb6784816c4d2008446d860186f8.png
c:\users\Emma\AppData\Roaming\360SE\data\snapcache\logo\2d3780d365c9aa414afcd4fafd2133ff.png
c:\users\Emma\AppData\Roaming\360SE\data\snapcache\logo\6614e48f12f5ff75a9f4c349f006dcad.png
c:\users\Emma\AppData\Roaming\360SE\data\snapcache\logo\8a9db7f075095394a6628d8f57959a23.png
c:\users\Emma\AppData\Roaming\360SE\data\snapcache\logo\982582e4b4970939cd86d2d09e2545b5.png
c:\users\Emma\AppData\Roaming\360SE\data\snapcache\logo\abba30a4a44f3acc86c2432ce79cccc4.jpg
c:\users\Emma\AppData\Roaming\360SE\data\snapcache\logo\bfd8a5e42942bfb46178bb7bb68f72c6.png
c:\users\Emma\AppData\Roaming\360SE\data\snapcache\logo\ce271ddaae15e53c287b63727f19c4f8.png
c:\users\Emma\AppData\Roaming\360SE\data\snapcache\logo\fe09f18de5f022c43c22d298a39cbd62.png
c:\users\Emma\AppData\Roaming\360SE\data\snapcache\snap.ini
c:\users\Emma\AppData\Roaming\360SE\data\sugguset.ini
c:\users\Emma\AppData\Roaming\360SE\data\superguard_2.dat
c:\users\Emma\AppData\Roaming\360SE\data\switch.ini
c:\users\Emma\AppData\Roaming\360SE\data\unsa.ini
c:\users\Emma\AppData\Roaming\360SE\data\urls.dat
c:\users\Emma\AppData\Roaming\360SE\data\URLTitle.ini
c:\users\Emma\AppData\Roaming\360SE\data\user.dat
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtBank\bank2.dll
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtBank\bank3.dll
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtBank\bankbox.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtBank\bankbox_up.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtBank\banklist.dll
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtBank\bankmode.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtBank\bankmode3.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtBank\ExtBank.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtBank\icon\tip.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtBank\Log\360log_2012_03_20.log
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtBank\Log\360log_2012_04_25.log
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtBank\Log\360log_2012_08_10.log
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtBank\stat.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtBank\stat_bankbox.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtDoctor\360Doctor.exe
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtDoctor\back.dat
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtDoctor\bhoshield.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtDoctor\diagnosis.dll
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtDoctor\doctor.dl_
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtDoctor\doctor.dll
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtDoctor\doctor.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtDoctor\DoctorSyn.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtDoctor\ExtDoctor.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtDoctor\HttpClientW.dll
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtDoctor\rule.dat
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtDoctor\rule.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtDownload\ExtDownload.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtDownload\ExtDownload.xml
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtDownload\livep.dat
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtDownload\stat.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\extpageblank\stat.dat
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtPages\urlopt.dat
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\app_stat.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\barbg.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\closebar.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\images\barbg.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\images\barbg2.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\images\btnweb.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\images\button.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\images\button_title.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\images\enginemask.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\images\line.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\images\menu_bg.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\images\menu_line.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\images\menumask.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\item.xml
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\menu.xml
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\menu_item.xml
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\search-icon-hot\360buy.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\search-icon-hot\360video.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\search-icon-hot\Amazon.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\search-icon-hot\baidu.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\search-icon-hot\google.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\search-icon-hot\jike.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\search-icon-hot\qihoo.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\search-icon-hot\sogou.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\search-icon-hot\soku.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\search-icon-hot\taobao.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\search-icon-hot\vancle.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\search-icon-hot\weibo.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\search-icon-hot\youdao.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\search-icon-hot\zonghe.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\search-icon-hot\zonghe1.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\setting.xml
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\settingbar.png
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\res\subitm.xml
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtSmartWiz\SmartWizRes.dll
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtTgj\data.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtThumb\app_stat.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtWebmail\stat.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtWebmail\webmail.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtYouxi\360pyx2.db
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtYouxi\360pyx3.db
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtYouxi\adsoft\ExtYouxi_soft2.xml
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtYouxi\app_stat.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtYouxi\ExtYouxi.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtYouxi\ExtYouxi_url.xml
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtYouxi\GameCenter.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtYouxi\GameCenter\360WebGames.xml
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtYouxi\GameMode\config.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtYouxi\GameNews\config.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtYouxi\GameNews\news.dat
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtYouxi\promlib.dll
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtYouxi\server\game_recomm.html
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtYouxi\ver.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\ExtYouxi\wlist.dat
c:\users\Emma\AppData\Roaming\360SE\extensions\Favorites\ExtDataIO.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\Favorites\Favorites.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\Favorites\Favorites2.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2012_12_29.log
c:\users\Emma\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2013_01_01.log
c:\users\Emma\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2013_01_05.log
c:\users\Emma\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2013_01_09.log
c:\users\Emma\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2013_01_17.log
c:\users\Emma\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2013_01_18.log
c:\users\Emma\AppData\Roaming\360SE\extensions\Favorites\Log\360log_2013_01_23.log
c:\users\Emma\AppData\Roaming\360SE\extensions\Favorites\Quick.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\Favorites\titleopt.dll
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginAssis\app_stat.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginAssis\assis2.db
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginAssis\config.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginAssis\loginassis.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginEnrol\loginstat.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginEnrol\loginstat2.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginEnrol\pic\100000002
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginEnrol\pic\100000007
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginEnrol\pic\100000008
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginEnrol\pic\100000018
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginEnrol\pic\100000019
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginEnrol\pic\100000020
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginEnrol\pic\100000021
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginEnrol\pushinfo.xml
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginEnrol\pushInfo\check
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginEnrol\pushInfo\pic\14
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginEnrol\pushInfo\pic\26
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginEnrol\pushInfo\pic\32
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginEnrol\pushInfo\pic\38
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginEnrol\pushInfo\pushinfo.json
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginEnrol\pushInfo\setting.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\LoginEnrol\pushupdate.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\SafeCentral\esimple.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\SafeCentral\SafeCentral.in
c:\users\Emma\AppData\Roaming\360SE\extensions\SafeCentral\SafeCentral.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\SafeCentral\safehfc.ini
c:\users\Emma\AppData\Roaming\360SE\extensions\SafeCentral\SafeProtect.dat
c:\users\Emma\AppData\Roaming\360SE\extensions\SafeCentral\trust.dat
c:\users\Emma\AppData\Roaming\360SE\extensions\SafeCentral\urllib.dat
c:\users\Emma\AppData\Roaming\360SE\extensions\SafeCentral\urllibauth.dat
c:\users\Emma\AppData\Roaming\360SE\extensions\SafeCentral\urllibw.dat
c:\users\Emma\AppData\Roaming\360SE\Hang\360se_hang.log
c:\users\Emma\AppData\Roaming\360SE\Hang\360se_hang_13557240900.dmp
c:\users\Emma\AppData\Roaming\360SE\login.ini
c:\users\Emma\AppData\Roaming\360SE\pd\imgbg2.png
c:\users\Emma\AppData\Roaming\360SE\pd\se_june2.ini
c:\users\Emma\AppData\Roaming\360SE\seup.ini
c:\users\Emma\AppData\Roaming\360SE\stat.ini
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~2DCB.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~2F7B.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~31FC.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~3604.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~3F93.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~4178.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~4D78.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~4EF7.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~4F12.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~50FF.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~51FE.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~5279.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~527B.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~59DA.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~5D11.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~639.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~66D0.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~6F2A.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~739E.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~76B3.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~7ECB.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~80A6.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~80F6.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~8391.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~851D.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~8A0C.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~8C0F.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~9615.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~9946.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~9955.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~9DED.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~A4CC.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~A8AE.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~AA22.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~AC6D.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~B129.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~B4B.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~B8AE.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~B916.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~CA28.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~D0B1.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~D489.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~D6C.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~DB80.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~E7B3.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~E7D4.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~F72.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~F99D.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~FAD7.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~FC0E.tmp
c:\users\Emma\AppData\Roaming\360SE\v3update\v3download\~FF4C.tmp
c:\users\Emma\AppData\Roaming\360SE\WebCache\hao.360.cn.new
.
.
(((((((((((((((((((((((((  2013-03-17 至 2013-04-17 的新的档案  )))))))))))))))))))))))))))))))
.
.
2013-04-17 10:47 . 2013-04-17 10:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-17 10:47 . 2013-04-17 10:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-17 10:34 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{888A811C-0D60-4F76-A1BE-10A0ABC01A2C}\mpengine.dll
2013-04-17 09:48 . 2013-04-17 09:48 -------- d-----w- C:\_OTL
2013-04-16 05:37 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-11 08:08 . 2013-02-19 12:01 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-04-11 08:08 . 2013-02-19 11:42 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-10 08:18 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 08:17 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 07:59 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 07:59 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 07:59 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 07:59 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 07:59 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 07:59 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 07:59 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-07 06:35 . 2013-04-07 06:35 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2013-04-04 06:54 . 2013-04-04 06:54 -------- d-----w- c:\programdata\{8201D5FC-F086-4EE3-8441-4FAFB61B7583}
2013-04-03 05:19 . 2013-04-03 05:41 -------- d-----w- c:\program files (x86)\Google
2013-04-02 05:21 . 2013-04-02 05:21 -------- d-----w- c:\windows\ERUNT
2013-03-30 03:08 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-03-30 03:08 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-03-30 03:08 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-03-30 03:08 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-03-30 03:08 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-03-30 03:08 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-03-30 03:08 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-03-30 03:08 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-03-30 03:08 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-03-30 02:56 . 2013-03-30 02:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-03-30 02:56 . 2013-03-30 02:56 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-30 02:56 . 2013-03-30 02:56 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-30 00:04 . 2013-03-30 00:04 208216 ----a-w- c:\windows\system32\drivers\98808878.sys
2013-03-29 23:45 . 2013-03-18 18:50 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7078E18A-0AE4-4FC8-9016-C9549E8893B7}\mpengine.dll
2013-03-29 05:05 . 2013-04-17 10:44 -------- d-----w- c:\users\Emma\AppData\Roaming\Skype
2013-03-29 05:05 . 2013-03-29 05:05 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-03-29 05:05 . 2013-04-05 22:29 -------- d-----r- c:\program files (x86)\Skype
2013-03-29 05:05 . 2013-03-29 05:17 -------- d-----w- c:\programdata\Skype
2013-03-28 23:26 . 2013-03-28 23:26 -------- d-----w- c:\program files (x86)\PPStream
2013-03-28 23:25 . 2013-03-28 23:26 -------- d-----w- c:\users\Emma\AppData\Roaming\PPStream
2013-03-23 21:38 . 2012-11-28 05:35 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9402C181-536E-4472-A2EE-354C4ECD4BF6}\gapaengine.dll
2013-03-23 05:18 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   在三个月内被修改的档案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-14 00:00 . 2012-06-09 12:33 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-14 00:00 . 2011-12-05 05:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 11:23 . 2011-01-01 21:42 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 04:50 . 2013-02-16 05:35 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 10:34 . 2011-01-01 21:45 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-30 02:56 . 2011-01-04 02:29 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-25 13:32 . 2013-02-25 13:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 13:32 . 2012-11-10 20:56 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-25 13:32 . 2012-11-10 20:56 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-25 13:32 . 2013-02-25 13:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-25 13:32 . 2010-07-09 18:38 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-25 13:32 . 2013-02-25 13:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-25 13:32 . 2012-11-10 20:56 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-25 13:32 . 2013-02-25 13:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-25 13:32 . 2013-02-25 13:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-25 13:32 . 2013-02-25 13:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-25 13:32 . 2013-02-25 13:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 13:32 . 2013-02-25 13:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 13:32 . 2012-11-10 20:56 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-25 13:32 . 2013-02-25 13:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-25 13:32 . 2013-02-25 13:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-25 13:32 . 2009-07-13 21:59 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-25 13:32 . 2013-02-25 13:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-25 13:32 . 2013-02-25 13:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 13:32 . 2013-02-25 13:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 13:32 . 2009-07-13 21:59 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 13:32 . 2013-02-25 13:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-12 05:45 . 2013-03-14 06:46 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 06:46 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 06:46 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 06:46 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 06:46 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 06:46 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-29 08:15 . 2013-01-29 08:15 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2013-01-29 08:15 . 2013-01-29 08:15 828872 ----a-w- c:\windows\system32\msvcr110.dll
2013-01-29 08:15 . 2013-01-29 08:15 661448 ----a-w- c:\windows\system32\msvcp110.dll
2013-01-29 08:15 . 2013-01-29 08:15 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2013-01-29 08:15 . 2013-01-29 08:15 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2013-01-29 08:15 . 2013-01-29 08:15 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2013-01-29 08:15 . 2013-01-29 08:15 50800 ----a-w- c:\windows\system32\drivers\point64.sys
2013-01-29 08:15 . 2013-01-29 08:15 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2013-01-23 23:32 . 2013-01-23 23:32 2177648 ----a-w- c:\windows\system32\coin93.dll
2013-01-20 04:59 . 2013-01-20 04:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 04:59 . 2010-10-24 10:25 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-18 15:00 . 2010-07-09 05:17 6390048 ----a-w- c:\windows\system32\nvcpl.dll
2013-01-18 15:00 . 2010-07-09 05:17 3460896 ----a-w- c:\windows\system32\nvsvc64.dll
2013-01-18 15:00 . 2010-07-09 05:27 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-01-18 15:00 . 2010-07-09 05:17 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-01-18 15:00 . 2010-07-09 05:17 2558240 ----a-w- c:\windows\system32\nvsvcr.dll
2013-01-18 15:00 . 2010-07-09 05:17 118560 ----a-w- c:\windows\system32\nvmctray.dll
2013-01-17 21:15 . 2013-01-17 21:15 550176 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((((((((((((((   重要登入点   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-29 1631144]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PPS Accelerator"="c:\program files (x86)\PPStream\PPSAP.exe" [2010-02-24 214408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SDBaseSvc;SDBaseSvc;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-19 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R2 tbService;tbService;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-12-03 13728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tcphoc;tcphoc;c:\program files (x86)\Thunder Network\Thunder\XLDoctor\7.1.8.2302_3\Program\tcphoc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-12-03 81824]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-11-14 15776]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 AudioAir;先进音频框架服务;c:\program files (x86)\Audio_Air\Audio_Air.exe [2012-08-15 58776]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 KU6媒体加速服务;KU6媒体加速服务;c:\program files (x86)\Ku6_Booster\Ku6_Booster.exe [2012-05-22 57808]
S2 KuaiZipDrive;KuaiZipDrive;c:\windows\system32\drivers\KuaiZipDrive.sys [2012-07-10 92976]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2006-11-02 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-17 383264]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [2012-12-11 619904]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-29 50800]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
DoctorService REG_MULTI_SZ   XLDoctor Service
SDBaseSvc REG_MULTI_SZ   SDBaseSvc
tbService REG_MULTI_SZ   tbService
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 07:26 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
 ‘计划任务’ 文件夹 里的内容
.
2013-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 00:00]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03 05:19]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03 05:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KzShlobj]
@="{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}"
[HKEY_CLASSES_ROOT\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}]
2012-03-20 03:09 279072 ----a-w- c:\program files\快压\KZipShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: 添加网址到360安全桌面 - c:\program files (x86)\360\360Desktop\Bin\addapp.html
TCP: DhcpNameServer = 10.0.0.138
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-37258752.sys
SafeBoot-79544289.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-IL Download Manager - c:\program files (x86)\Image-Line\Downloader\uninstall.exe
AddRemove-IL Shared Libraries - c:\program files (x86)\Image-Line\Shared\uninstall.exe
AddRemove-KuaiZip - c:\program files\快压\Uninstaller.exe
AddRemove-UnityWebPlayer - c:\users\Emma\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2097730478-889219606-3178997141-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2097730478-889219606-3178997141-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2097730478-889219606-3178997141-1001\Software\SecuROM\License information*]
"datasecu"=hex:c6,70,a3,c9,1c,fb,7b,f3,52,60,10,40,78,b2,ff,00,dd,0e,fc,04,d4,
   de,19,c7,85,e7,70,e0,c3,41,e7,98,05,d5,ce,51,63,77,ae,bc,cc,53,50,42,ae,c0,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2013-04-17  20:48:59
ComboFix-quarantined-files.txt  2013-04-17 10:48
.
Pre-Run: 40,662,740,992 bytes free
Post-Run: 40,369,721,344 bytes free
.
- - End Of File - - 3275EE23941A48DDA8126C5E1F90C0E9


#13 satchfan

satchfan

  • Malware Response Team
  • 2,840 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:52 AM

Posted 17 April 2013 - 06:43 AM

Thunder Network is the program that needs to be uninstalled. Please uninstall it.


Open ComboFix

 

Please do the following:

  • close any open browsers.
  • close/disable all anti virus and anti malware programs so that they do not interfere with the running of ComboFix.
  • open notepad and copy/paste the text in the codebox below into it:

     


File::C:\Program Files (x86)\360\360Desktop\Bin\addapp.html
DDS::IE: 添加网址到360安全桌面 - C:\Program Files 
(x86)\360\360Desktop\Bin\addapp.html


Save this as "CFScript.txt", and as  Type: All Files (*.*) in the same location as ComboFix.exe

 

CFScriptB-4.gif

 

Referring to the picture above, drag CFScript into ComboFix.exe

 

When finished, it produces a log at C:\ComboFix.txt.  Post the contents of Combofix.txt in your next reply.

 

Can you tell me if there are any remaining problems.

 

Thanks

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 Mythilas

Mythilas
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:08:52 PM

Posted 17 April 2013 - 11:29 PM

I'd deleted the Thunder Network folder.

 

Combofix.txt

 

 

ComboFix 13-04-18.01 - Emma 4/2013 Thu  14:14:46.2.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.936.86.1033.18.8191.6496 [GMT 10:00]
执行位置: c:\users\Emma\Desktop\ComboFix.exe
Command switches used :: c:\users\Emma\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * 成功创造新还原点
.
.
(((((((((((((((((((((((((  2013-03-18 至 2013-04-18 的新的档案  )))))))))))))))))))))))))))))))
.
.
2013-04-18 04:19 . 2013-04-18 04:19 -------- d-----w- c:\users\wangrui.alan\AppData\Local\temp
2013-04-18 04:19 . 2013-04-18 04:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-18 04:19 . 2013-04-18 04:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-17 12:23 . 2013-04-17 12:23 -------- d-----w- c:\windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2013-04-17 10:55 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B97A993B-6715-4BEB-AFF9-D6EA55C5BC3A}\mpengine.dll
2013-04-17 09:48 . 2013-04-17 09:48 -------- d-----w- C:\_OTL
2013-04-16 05:37 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-11 08:08 . 2013-02-19 12:01 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-04-11 08:08 . 2013-02-19 11:42 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-10 08:18 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 08:17 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 07:59 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 07:59 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 07:59 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 07:59 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 07:59 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 07:59 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 07:59 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-07 06:35 . 2013-04-07 06:35 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2013-04-04 06:54 . 2013-04-04 06:54 -------- d-----w- c:\programdata\{8201D5FC-F086-4EE3-8441-4FAFB61B7583}
2013-04-03 05:19 . 2013-04-03 05:41 -------- d-----w- c:\program files (x86)\Google
2013-04-02 05:21 . 2013-04-02 05:21 -------- d-----w- c:\windows\ERUNT
2013-03-30 03:08 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-03-30 03:08 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-03-30 03:08 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-03-30 03:08 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-03-30 03:08 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-03-30 03:08 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-03-30 03:08 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-03-30 03:08 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-03-30 03:08 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-03-30 02:56 . 2013-03-30 02:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-03-30 02:56 . 2013-03-30 02:56 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-30 02:56 . 2013-03-30 02:56 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-30 00:04 . 2013-03-30 00:04 208216 ----a-w- c:\windows\system32\drivers\98808878.sys
2013-03-29 23:45 . 2013-03-18 18:50 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7078E18A-0AE4-4FC8-9016-C9549E8893B7}\mpengine.dll
2013-03-29 05:05 . 2013-04-18 04:08 -------- d-----w- c:\users\Emma\AppData\Roaming\Skype
2013-03-29 05:05 . 2013-03-29 05:05 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-03-29 05:05 . 2013-04-05 22:29 -------- d-----r- c:\program files (x86)\Skype
2013-03-29 05:05 . 2013-03-29 05:17 -------- d-----w- c:\programdata\Skype
2013-03-28 23:26 . 2013-03-28 23:26 -------- d-----w- c:\program files (x86)\PPStream
2013-03-28 23:25 . 2013-03-28 23:26 -------- d-----w- c:\users\Emma\AppData\Roaming\PPStream
2013-03-23 21:38 . 2012-11-28 05:35 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9402C181-536E-4472-A2EE-354C4ECD4BF6}\gapaengine.dll
2013-03-23 05:18 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   在三个月内被修改的档案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-14 00:00 . 2012-06-09 12:33 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-14 00:00 . 2011-12-05 05:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 11:23 . 2011-01-01 21:42 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 04:50 . 2013-02-16 05:35 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 10:34 . 2011-01-01 21:45 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-30 02:56 . 2011-01-04 02:29 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-25 13:32 . 2013-02-25 13:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 13:32 . 2012-11-10 20:56 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-25 13:32 . 2012-11-10 20:56 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-25 13:32 . 2013-02-25 13:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-25 13:32 . 2010-07-09 18:38 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-25 13:32 . 2013-02-25 13:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-25 13:32 . 2012-11-10 20:56 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-25 13:32 . 2013-02-25 13:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-25 13:32 . 2013-02-25 13:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-25 13:32 . 2013-02-25 13:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-25 13:32 . 2013-02-25 13:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 13:32 . 2013-02-25 13:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 13:32 . 2012-11-10 20:56 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-25 13:32 . 2013-02-25 13:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-25 13:32 . 2013-02-25 13:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-25 13:32 . 2009-07-13 21:59 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-25 13:32 . 2013-02-25 13:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-25 13:32 . 2013-02-25 13:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 13:32 . 2013-02-25 13:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 13:32 . 2009-07-13 21:59 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 13:32 . 2013-02-25 13:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-12 05:45 . 2013-03-14 06:46 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 06:46 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 06:46 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 06:46 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 06:46 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 06:46 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-29 08:15 . 2013-01-29 08:15 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2013-01-29 08:15 . 2013-01-29 08:15 828872 ----a-w- c:\windows\system32\msvcr110.dll
2013-01-29 08:15 . 2013-01-29 08:15 661448 ----a-w- c:\windows\system32\msvcp110.dll
2013-01-29 08:15 . 2013-01-29 08:15 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2013-01-29 08:15 . 2013-01-29 08:15 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2013-01-29 08:15 . 2013-01-29 08:15 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2013-01-29 08:15 . 2013-01-29 08:15 50800 ----a-w- c:\windows\system32\drivers\point64.sys
2013-01-29 08:15 . 2013-01-29 08:15 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2013-01-23 23:32 . 2013-01-23 23:32 2177648 ----a-w- c:\windows\system32\coin93.dll
2013-01-20 04:59 . 2013-01-20 04:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 04:59 . 2010-10-24 10:25 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-18 15:00 . 2010-07-09 05:17 6390048 ----a-w- c:\windows\system32\nvcpl.dll
2013-01-18 15:00 . 2010-07-09 05:17 3460896 ----a-w- c:\windows\system32\nvsvc64.dll
2013-01-18 15:00 . 2010-07-09 05:27 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-01-18 15:00 . 2010-07-09 05:17 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-01-18 15:00 . 2010-07-09 05:17 2558240 ----a-w- c:\windows\system32\nvsvcr.dll
2013-01-18 15:00 . 2010-07-09 05:17 118560 ----a-w- c:\windows\system32\nvmctray.dll
.
.
(((((((((((((((((((((((((((((((((((((   重要登入点   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-29 1631144]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PPS Accelerator"="c:\program files (x86)\PPStream\PPSAP.exe" [2010-02-24 214408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SDBaseSvc;SDBaseSvc;c:\windows\System32\svchost.exe [2009-07-14 27136]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-19 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R2 tbService;tbService;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-08-01 52584]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-12-03 13728]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tcphoc;tcphoc;c:\program files (x86)\Thunder Network\Thunder\XLDoctor\7.1.8.2302_3\Program\tcphoc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-12-03 81824]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-11-14 15776]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-01 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 AudioAir;先进音频框架服务;c:\program files (x86)\Audio_Air\Audio_Air.exe [2012-08-15 58776]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 KU6媒体加速服务;KU6媒体加速服务;c:\program files (x86)\Ku6_Booster\Ku6_Booster.exe [2012-05-22 57808]
S2 KuaiZipDrive;KuaiZipDrive;c:\windows\system32\drivers\KuaiZipDrive.sys [2012-07-10 92976]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2006-11-02 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-17 383264]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [2012-12-11 619904]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-29 50800]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
DoctorService REG_MULTI_SZ   XLDoctor Service
SDBaseSvc REG_MULTI_SZ   SDBaseSvc
tbService REG_MULTI_SZ   tbService
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 07:26 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
 ‘计划任务’ 文件夹 里的内容
.
2013-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 00:00]
.
2013-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03 05:19]
.
2013-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-03 05:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KzShlobj]
@="{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}"
[HKEY_CLASSES_ROOT\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}]
2012-03-20 03:09 279072 ----a-w- c:\program files\快压\KZipShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: 添加网址到360安全桌面 - c:\program files (x86)\360\360Desktop\Bin\addapp.html
TCP: DhcpNameServer = 10.0.0.138
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-IL Download Manager - c:\program files (x86)\Image-Line\Downloader\uninstall.exe
AddRemove-IL Shared Libraries - c:\program files (x86)\Image-Line\Shared\uninstall.exe
AddRemove-KuaiZip - c:\program files\快压\Uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2097730478-889219606-3178997141-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2097730478-889219606-3178997141-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2097730478-889219606-3178997141-1001\Software\SecuROM\License information*]
"datasecu"=hex:c6,70,a3,c9,1c,fb,7b,f3,52,60,10,40,78,b2,ff,00,dd,0e,fc,04,d4,
   de,19,c7,85,e7,70,e0,c3,41,e7,98,05,d5,ce,51,63,77,ae,bc,cc,53,50,42,ae,c0,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2013-04-18  14:21:35
ComboFix-quarantined-files.txt  2013-04-18 04:21
ComboFix2.txt  2013-04-17 10:48
.
Pre-Run: 40,593,727,488 bytes free
Post-Run: 40,402,259,968 bytes free
.
- - End Of File - - 6CA66CD56E6587EAAEDA82DF52AC41CD


#15 satchfan

satchfan

  • Malware Response Team
  • 2,840 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:52 AM

Posted 18 April 2013 - 04:35 AM

Thunder Network is still running and needs to be uninstalled, not deleted. Please uninstall it.
 

  • click Start, Control Panel, Programs and Features
  • click on Thunder Network and then Uninstall.

===============================================

The previous fix didn’t work so we need to do it again.

Open ComboFix

Please do the following:

  • close any open browsers.
  • close/disable all anti virus and anti malware programs so that they do not interfere with the running of ComboFix.
  • open notepad and copy/paste the text in the codebox below into it:
Folder::
C:\Program Files (x86)\360

DDS::
IE: 添加网址到360安全桌面 - C:\Program Files (x86)\360\360Desktop\Bin\addapp.html

 

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Note: "CFScript.txt", not "CFScript.txt.txt" as the last one.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe.


When finished, it produces a log at C:\ComboFix.txt.  Post the contents of Combofix.txt in your next reply.


Please remember to tell me if there are any remaining problems.

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users