Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Screen randomly goes black, slow to process anything [Solved]

Started by sonicshadow , Feb 16 2013 08:32 PM

  • This topic is locked This topic is locked

#1
sonicshadow
Posted 16 February 2013 - 08:32 PM

sonicshadow

    Member

  • Member
  • PipPip
  • 56 posts
Hello,

Thank you in advance for taking time to read my post. This laptop has many odd programs installed--many of which I don't know. The primary user of the computer downloads and installs many programs without being cautious about what is being installed (e.g. installing "toolbars" packaged with other programs). As a result, I presume that malware has made its way into this machine.

Symptoms:
The computer randomly turns its screen off, without turning off the actual computer.
A significant amount of lag when processing anything. Programs frequently stop responding.
At startup, I have an error displaying: Load Library L0409UserRes.dll failed
Perhaps not a real issue, but a process called QvodTerminal.exe sometimes uses up a lot of CPU. As of this posting it's not going insane though...

I attempted to use MBAM; the quick scan detected 48 problems before the screen went black, and I had to force the computer to restart. I didn't attempt another scan. I uninstalled a few programs that I suspected may have had something to do with the lag. Programs uninstalled include QQ, BaiduPlayer, and PPStream.

After two failed attempts (due to black screen or lag), I managed to get an OTL log. I was hoping that somebody will be able to help take a look and see if there are any glaring issues still in the machine.

Thanks!

OTL logfile created on: 16/2/2013 16:27:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\georgejhsu\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C04 | Country: Hong Kong S.A.R. | Language: ZHH | Date Format: d/M/yyyy

2.93 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 56.39% Memory free
5.86 Gb Paging File | 4.54 Gb Available in Paging File | 77.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.99 Gb Total Space | 187.94 Gb Free Space | 65.72% Space Free | Partition Type: NTFS

Computer Name: GEORGEJHSU-PC | User Name: georgejhsu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/16 14:48:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\georgejhsu\Desktop\OTL.exe
PRC - [2012/12/26 22:32:24 | 003,320,328 | ---- | M] (Kingsoft Corporation) -- C:\Program Files (x86)\Kingsoft\PowerWordDict\XDict.exe
PRC - [2012/12/01 14:51:33 | 003,615,960 | ---- | M] (网易公司) -- C:\Program Files (x86)\Youdao\Dict4\YodaoDict.exe
PRC - [2012/12/01 14:51:32 | 001,711,320 | ---- | M] (网易公司) -- C:\Program Files (x86)\Youdao\Dict4\5.3.40.8020\WordBook.exe
PRC - [2012/02/02 18:25:38 | 000,323,584 | ---- | M] () -- C:\Program Files (x86)\shidtv\Play.exe
PRC - [2011/05/19 09:51:52 | 002,629,632 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2011/04/20 17:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2011/04/20 17:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2011/04/15 15:15:05 | 000,118,784 | ---- | M] (EnterSafe) -- C:\Program Files (x86)\bosh_feitian\certd_bosh.exe
PRC - [2011/01/21 22:42:12 | 000,562,568 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- C:\Program Files (x86)\shidtv\QvodTerminal.exe
PRC - [2010/05/20 23:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 23:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/03/09 00:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/08 15:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/08 15:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/05 20:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/03/03 05:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 05:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 05:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/02/01 10:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/27 23:22:40 | 000,176,128 | ---- | M] (恒宝股份有限公司) -- C:\Program Files (x86)\bosh_hengbao\bosh_keyDriver01.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2010/01/13 09:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/01/08 05:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/12/24 17:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/24 17:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/12/23 16:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/05/05 16:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2008/10/07 11:13:06 | 000,053,365 | ---- | M] ( Beijing WatchData System Co., Ltd.) -- C:\Windows\SysWOW64\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exe
PRC - [2008/10/07 10:40:42 | 000,065,536 | ---- | M] ( Beijing WatchData System Co., Ltd.) -- C:\Windows\SysWOW64\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/12 16:50:21 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/10 03:42:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 03:42:03 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 03:41:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 03:41:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 03:41:37 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 03:41:26 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/09/03 04:04:13 | 000,606,208 | ---- | M] () -- C:\Program Files (x86)\Kingsoft\PowerWordDict\sqlite3.dll
MOD - [2012/03/21 18:54:28 | 000,063,168 | ---- | M] () -- C:\Program Files (x86)\Youdao\Dict4\5.3.40.8020\WordStrokeHelper32.dll
MOD - [2012/03/21 18:54:14 | 000,016,064 | ---- | M] () -- C:\Program Files (x86)\Youdao\Dict4\stable\Acrobat2Dict.dll
MOD - [2012/03/21 17:07:16 | 000,095,936 | ---- | M] () -- C:\Program Files (x86)\Youdao\Dict4\5.3.40.8020\CrashRpt.dll
MOD - [2012/02/02 18:25:38 | 000,323,584 | ---- | M] () -- C:\Program Files (x86)\shidtv\Play.exe
MOD - [2011/09/20 23:34:14 | 000,692,224 | ---- | M] () -- C:\Program Files (x86)\shidtv\SQLiteLib.dll
MOD - [2010/05/04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/03/08 16:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010/01/13 09:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/05/19 22:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/04 02:00:54 | 000,002,560 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/02/05 19:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) [On_Demand | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/12 16:37:37 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/23 01:09:44 | 001,241,000 | ---- | M] (中国网络电视台) [On_Demand | Stopped] -- C:\Program Files (x86)\CNTV\CBox\CntvCBoxService.exe -- (CntvCBoxService)
SRV - [2011/08/09 19:50:02 | 000,211,312 | ---- | M] (Kingsoft) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\KuaiKuai\ksvs\ksvsupd.exe -- (KSVSUPD)
SRV - [2011/08/09 19:49:06 | 000,971,120 | ---- | M] (Kingsoft) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\KuaiKuai\ksvs\ksvssvc.exe -- (KSVSSVC)
SRV - [2010/03/09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/03/08 15:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 05:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/02/01 10:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/01/08 05:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/12/23 16:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/10/09 18:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/07 10:40:42 | 000,065,536 | ---- | M] ( Beijing WatchData System Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe -- (WDMonitorCCB)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/03/01 22:11:36 | 001,593,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/22 02:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/01/31 17:52:04 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/12/17 09:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/01 19:54:18 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/01 17:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/18 04:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 18:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 18:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 18:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/05 15:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 15:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2011/08/09 19:48:52 | 000,174,712 | ---- | M] (Kingsoft) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\KuaiKuai\ksvs\ksvsdrv.sys -- (KSVSDRV)
DRV - [2009/09/01 17:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...94z1l5t4572o09r
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hao.360.cn/?360safe
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.le123.com/hao123.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.le123.com/hao123.html
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.le123.com/hao123.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qq.com/
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1FF7973D-AB0A-496d-82C1-4EADBBA11E7B}: "URL" = http://www.soso.com/...}&unc=o400493_1
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACAW_enUS396
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com...&tn=kwmusic_adr
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....erms}&fr=mkg028
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@iciba.com/GrabWord: C:\Program Files (x86)\Kingsoft\PowerWordDict\plugin\NPAPI\npGrabWord.dll (Kingsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@kingsfot.com/npkws: C:\Program Files (x86)\Kingsoft\kingsoft antivirus\npkws.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.0.53\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll ()
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files (x86)\Tencent\QQMusic\npQzoneMusic.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.87\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@sohu.com/npifox: C:\Program Files (x86)\ËѺüÓ°Òô\npifox.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\georgejhsu\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\georgejhsu\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kingsoft\PowerWordDict\plugin\Firefox [2012/09/23 17:32:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Youdao\Dict4\stable\extensions\firefox [2012/03/30 21:53:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\ShoppingAssistant\ruyitao\3.2.9.12\Extensions


========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\georgejhsu\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\georgejhsu\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\georgejhsu\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\georgejhsu\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\georgejhsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: PPLive PPTV Plugin (Enabled) = C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: npifox Dynamic Link Library (Enabled) = C:\Program Files (x86)\\u00CB\u00D1\u00BA\u00FC\u00D3\u00B0\u00D2\u00F4\npifox.dll
CHR - plugin: Google Update (Enabled) = C:\Users\georgejhsu\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\georgejhsu\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\georgejhsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_2\
CHR - Extension: Google Search = C:\Users\georgejhsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_2\
CHR - Extension: Gmail = C:\Users\georgejhsu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll File not found
O2 - BHO: (CSohuDetector Object) - {452ADB5B-00BE-469D-A65F-3046146B2ED5} - C:\Program Files (x86)\ËѺüÓ°Òô\SoHuAutoDetector.dll (Sohu)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (IEHelper Search) - {6252875D-0A79-6B27-BC6A-E3BC86BDAE78} - C:\PROGRA~2\Letv\letvlive\IEMINI~1.DLL File not found
O2 - BHO: (E3A8C5EB-E7EA-E4BB-6DC0-39B543445628 Class) - {E3A8C5EB-E7EA-E4BB-6DC0-39B543445628} - C:\Program Files (x86)\Baidu\{E3A8C5EB-E7EA-E4BB-6DC0-39B543445628}\AddressBar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [·çÔÆ] C:\Program Files (x86)\shidtv\play.exe ()
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [bosh_certd] C:\Program Files (x86)\bosh_feitian\certd_bosh.exe (EnterSafe)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [HengBao UranuSafe CSP V3.0 For SHBANK[bosh_keyDriver01]] C:\Program Files (x86)\bosh_hengbao\bosh_keyDriver01.exe (恒宝股份有限公司)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LetvHClient.exe] C:\Program Files (x86)\Letv\letvlive\LetvHClient.exe File not found
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [wdcertm_ccb] C:\Windows\SysWOW64\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exe ( Beijing WatchData System Co., Ltd.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Loader] C:\Program Files (x86)\Letv\letvlive\LeTVLoader.exe File not found
O4 - HKCU..\Run: [XDict] C:\Program Files (x86)\Kingsoft\PowerWordDict\xdict.exe (Kingsoft Corporation)
O4 - HKCU..\Run: [YodaoDict] C:\Program Files (x86)\Youdao\Dict4\RunDict.exe (网易公司)
O4 - Startup: C:\Users\georgejhsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Ìí¼ÓÍøÖ·µ½360°²È«×ÀÃæ - C:\Program Files (x86)\360\360Desktop\Bin\addapp.html File not found
O8:64bit: - Extra context menu item: 收藏到有道云笔记 - C:\Program Files (x86)\Youdao\YoudaoNote\ieext_menu.htm ()
O8:64bit: - Extra context menu item: 收藏到搜狐影音 - C:\Program Files (x86)\ËѺüÓ°Òô\SohuStore.html ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Ìí¼ÓÍøÖ·µ½360°²È«×ÀÃæ - C:\Program Files (x86)\360\360Desktop\Bin\addapp.html File not found
O8 - Extra context menu item: 收藏到有道云笔记 - C:\Program Files (x86)\Youdao\YoudaoNote\ieext_menu.htm ()
O8 - Extra context menu item: 收藏到搜狐影音 - C:\Program Files (x86)\ËѺüÓ°Òô\SohuStore.html ()
O9 - Extra Button: 收藏到有道云笔记 - {65D09F88-CE18-4A95-B8AF-311C3311DB03} - C:\Program Files (x86)\Youdao\YoudaoNote\ieext_btn.htm ()
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\SogouExplorer\sogouipfilter.dll (Sogou.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\SogouExplorer\sogouipfilter.dll (Sogou.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\SogouExplorer\sogouipfilter.dll (Sogou.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\SogouExplorer\sogouipfilter.dll (Sogou.com)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([cache.tv] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivecaption] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivehabit] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([qqlivesearch] http in Trusted sites)
O15 - HKLM\..Trusted Domains: qq.com ([video_1] http in Trusted sites)
O15 - HKLM\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: taobao.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: bankofshanghai.com ([*] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bankofshanghai.com ([ebank] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bankofshanghai.com ([ebanks] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bankofshanghai.com ([epay] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bankofshanghai.com ([ibank] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bankofshanghai.com ([ibank] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bankofshanghai.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: bankofshanghai.com.cn ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: ccb.cn ([b2b] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ccb.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ccb.com.cn ([*] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ccb.com.cn ([ca2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ccb.com.cn ([ca3] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ccb.com.cn ([ibsbjstar] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ccb.com.cn ([mybank] https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8826D11D-DE48-446B-A30C-AEBBDADCE480}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
O18:64bit: - Protocol\Handler\kuwo - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\KuGoo - No CLSID value found
O18 - Protocol\Handler\KuGoo3 - No CLSID value found
O18 - Protocol\Handler\kuwo - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1cdbbe11-ee7a-11df-ad51-705ab6e1b725}\Shell - "" = AutoRun
O33 - MountPoints2\{1cdbbe11-ee7a-11df-ad51-705ab6e1b725}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{8d8e2a13-a54b-11e1-bc6b-705ab6e1b725}\Shell - "" = AutoRun
O33 - MountPoints2\{8d8e2a13-a54b-11e1-bc6b-705ab6e1b725}\Shell\AutoRun\command - "" = E:\TV.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\TV.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/16 14:53:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\georgejhsu\Desktop\OTL.exe
[2013/02/16 13:44:13 | 000,000,000 | ---D | C] -- C:\Users\georgejhsu\AppData\Roaming\Malwarebytes
[2013/02/16 13:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/16 13:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/16 13:43:21 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/02/16 13:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/16 13:43:09 | 000,000,000 | ---D | C] -- C:\Users\georgejhsu\AppData\Local\Programs
[2013/02/10 19:03:01 | 000,000,000 | ---D | C] -- C:\Users\georgejhsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/02/09 22:30:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/02/09 22:26:30 | 000,000,000 | ---D | C] -- C:\Users\georgejhsu\AppData\Roaming\Wandoujia2
[2013/02/09 22:14:45 | 000,000,000 | ---D | C] -- C:\QMDownload
[2013/02/09 22:11:22 | 000,000,000 | -HSD | C] -- C:\KRECYCLE
[2013/02/09 22:10:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tencent
[2013/02/09 22:10:12 | 000,073,368 | ---- | C] (Tencent) -- C:\Windows\SysNative\drivers\TFsFltX64.sys
[2013/02/09 22:07:53 | 000,000,000 | ---D | C] -- C:\Users\georgejhsu\AppData\Local\Tencent
[2013/02/09 22:06:27 | 000,000,000 | -H-D | C] -- C:\10da2bdfa3d85deebcd7d44f9609928c
[2013/02/09 22:06:10 | 000,308,112 | ---- | C] (Tencent) -- C:\Windows\SysWow64\MMInstaller.dll
[2013/02/09 22:05:41 | 000,000,000 | ---D | C] -- C:\Users\georgejhsu\Documents\Tencent Files
[2013/02/09 22:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\Tencent
[2013/02/09 22:05:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tencent
[2013/02/09 21:59:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tencent
[2013/02/09 21:59:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tencent
[2013/02/09 21:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Tencent
[2013/02/09 21:59:05 | 000,000,000 | ---D | C] -- C:\Users\georgejhsu\AppData\Roaming\Tencent
[2012/06/09 19:50:35 | 001,203,688 | ---- | C] (淘宝软件(中国)有限公司) -- C:\Users\georgejhsu\AppData\Roaming\ruyitao_latest_0028.exe
[2012/06/09 19:49:37 | 005,536,328 | ---- | C] (Sogou.com) -- C:\Users\georgejhsu\AppData\Roaming\SogouExplorer_silent_3.1.0.4246_6304.exe
[2012/02/21 16:39:01 | 000,868,440 | ---- | C] (淘宝软件(中国)有限公司) -- C:\Users\georgejhsu\AppData\Roaming\ruyitao_3.1.4.2_0005.exe

========== Files - Modified Within 30 Days ==========

[2013/02/16 16:32:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/16 16:32:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/16 16:23:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/16 16:23:14 | 2360,844,288 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/16 14:48:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\georgejhsu\Desktop\OTL.exe
[2013/02/16 13:43:42 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/12 16:47:33 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/12 16:47:32 | 000,366,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/10 19:49:27 | 000,006,576 | ---- | M] () -- C:\bootsqm.dat
[2013/02/10 19:03:01 | 000,001,228 | ---- | M] () -- C:\Users\georgejhsu\Desktop\Revo Uninstaller.lnk
[2013/02/09 22:31:35 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/02/01 23:35:01 | 000,002,398 | ---- | M] () -- C:\Users\georgejhsu\Desktop\Google Chrome.lnk
[2013/01/31 23:52:32 | 000,000,138 | ---- | M] () -- C:\Windows\vsfilter.INI

========== Files Created - No Company Name ==========

[2013/02/16 13:43:42 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/10 19:49:27 | 000,006,576 | ---- | C] () -- C:\bootsqm.dat
[2013/02/10 19:03:01 | 000,001,228 | ---- | C] () -- C:\Users\georgejhsu\Desktop\Revo Uninstaller.lnk
[2013/02/09 22:34:14 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/09 22:31:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2013/02/09 22:31:35 | 000,001,978 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/02/09 22:09:56 | 000,112,032 | ---- | C] () -- C:\Windows\SysNative\QQPCUrlLoader.exe
[2013/02/09 21:59:05 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2013/01/01 10:56:58 | 000,000,044 | ---- | C] () -- C:\Users\georgejhsu\Track14.cda
[2013/01/01 10:56:58 | 000,000,044 | ---- | C] () -- C:\Users\georgejhsu\Track13.cda
[2013/01/01 10:56:58 | 000,000,044 | ---- | C] () -- C:\Users\georgejhsu\Track12.cda
[2013/01/01 10:56:58 | 000,000,044 | ---- | C] () -- C:\Users\georgejhsu\Track11.cda
[2013/01/01 10:56:58 | 000,000,044 | ---- | C] () -- C:\Users\georgejhsu\Track10.cda
[2013/01/01 10:56:58 | 000,000,044 | ---- | C] () -- C:\Users\georgejhsu\Track09.cda
[2013/01/01 10:56:58 | 000,000,044 | ---- | C] () -- C:\Users\georgejhsu\Track08.cda
[2013/01/01 10:56:58 | 000,000,044 | ---- | C] () -- C:\Users\georgejhsu\Track07.cda
[2013/01/01 10:56:58 | 000,000,044 | ---- | C] () -- C:\Users\georgejhsu\Track06.cda
[2013/01/01 10:56:58 | 000,000,044 | ---- | C] () -- C:\Users\georgejhsu\Track05.cda
[2013/01/01 10:56:58 | 000,000,044 | ---- | C] () -- C:\Users\georgejhsu\Track04.cda
[2013/01/01 10:56:58 | 000,000,044 | ---- | C] () -- C:\Users\georgejhsu\Track03.cda
[2013/01/01 10:56:58 | 000,000,044 | ---- | C] () -- C:\Users\georgejhsu\Track02.cda
[2013/01/01 10:56:58 | 000,000,044 | ---- | C] () -- C:\Users\georgejhsu\Track01.cda
[2012/12/24 18:30:16 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/12/24 18:30:15 | 000,000,245 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/12/24 18:29:17 | 000,003,302 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2012/12/24 18:21:32 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/12/24 18:20:34 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/12/24 18:20:20 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/12/12 23:59:49 | 000,000,138 | ---- | C] () -- C:\Windows\vsfilter.INI
[2012/12/12 14:25:51 | 000,003,072 | -H-- | C] () -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/05/13 23:48:20 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\bdsecustat.dat
[2012/05/07 22:35:35 | 000,000,000 | ---- | C] () -- C:\Users\georgejhsu\AppData\Roaming\wklnhst.dat
[2012/03/23 00:29:30 | 000,000,021 | ---- | C] () -- C:\Windows\KwYlx.dat
[2012/02/08 02:40:58 | 000,001,722 | ---- | C] () -- C:\Users\georgejhsu\funshion.ini
[2012/02/08 02:40:58 | 000,000,607 | ---- | C] () -- C:\Windows\SysWow64\funshion.ini
[2012/01/23 21:47:34 | 000,000,351 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/31 11:44:25 | 000,000,911 | ---- | C] () -- C:\Users\georgejhsu\AppData\Roaming\coreavc.ini
[2011/11/16 04:53:14 | 000,291,176 | ---- | C] () -- C:\Windows\SysWow64\kindling.dll

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/06 17:38:03 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\360chrome
[2012/07/02 21:55:20 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\360CloudDesk
[2012/11/22 12:20:56 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\360Desktop
[2012/07/02 21:55:31 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\360Login
[2012/11/22 12:16:46 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\360Notify
[2012/07/02 21:54:57 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\360se
[2013/02/10 19:50:11 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\Baidu
[2012/08/13 14:27:20 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\CBox
[2012/12/24 18:55:18 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\ControlCenter4
[2012/07/07 15:52:28 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\duowan
[2012/07/30 21:54:51 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\GSVideoTracker
[2013/02/09 23:20:46 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\kingsoft
[2012/12/01 13:59:22 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\KuGou
[2012/11/22 12:33:55 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\langhua
[2012/12/27 20:50:57 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\Letv
[2012/09/23 17:32:16 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\Maxthon3
[2012/12/24 18:14:05 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\Nuance
[2010/09/11 13:29:04 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\OpenOffice.org
[2010/09/11 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\PPLive
[2013/02/16 14:47:40 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\PPStream
[2010/09/30 19:30:34 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\SE_logs
[2013/02/10 18:55:12 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\SogouExplorer
[2013/02/16 14:28:47 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\Tencent
[2013/02/09 22:27:30 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\Wandoujia2
[2012/05/07 22:37:02 | 000,000,000 | ---D | M] -- C:\Users\georgejhsu\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/02/10 18:38:24 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狐影音
[2013/02/10 18:38:22 | 000,000,987 | ---- | M] ()(C:\Users\georgejhsu\Desktop\????.lnk) -- C:\Users\georgejhsu\Desktop\搜狐影音.lnk
[2013/02/10 18:38:20 | 000,000,987 | ---- | C] ()(C:\Users\georgejhsu\Desktop\????.lnk) -- C:\Users\georgejhsu\Desktop\搜狐影音.lnk
[2013/02/09 22:09:56 | 000,000,000 | ---D | C](C:\Users\georgejhsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\georgejhsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
[2013/02/09 22:05:57 | 000,000,206 | R--- | M] ()(C:\Users\Public\Desktop\QQ??.url) -- C:\Users\Public\Desktop\QQ导航.url
[2013/02/09 22:05:55 | 000,000,206 | R--- | C] ()(C:\Users\Public\Desktop\QQ??.url) -- C:\Users\Public\Desktop\QQ导航.url
[2013/02/09 22:00:11 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
[2012/12/07 21:04:57 | 000,000,286 | ---- | M] ()(C:\Users\Public\Desktop\??????.url) -- C:\Users\Public\Desktop\网易折扣精选.url
[2012/12/07 21:04:57 | 000,000,286 | ---- | C] ()(C:\Users\Public\Desktop\??????.url) -- C:\Users\Public\Desktop\网易折扣精选.url
[2012/09/23 17:32:14 | 000,001,138 | ---- | M] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\金山词霸.lnk
[2012/09/23 17:32:14 | 000,001,138 | ---- | C] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\金山词霸.lnk
[2012/04/01 13:22:58 | 000,000,000 | ---D | M](C:\Users\georgejhsu\Documents\????) -- C:\Users\georgejhsu\Documents\搜狐影音
[2012/03/29 22:15:29 | 000,000,000 | ---D | C](C:\Users\georgejhsu\Documents\????) -- C:\Users\georgejhsu\Documents\搜狐影音
[2011/12/29 22:11:16 | 000,001,106 | ---- | M] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\有道词典.lnk
[2011/06/21 23:07:31 | 000,001,106 | ---- | C] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\有道词典.lnk
[2011/06/21 23:06:18 | 000,001,144 | ---- | M] ()(C:\Users\Public\Desktop\??2011.lnk) -- C:\Users\Public\Desktop\词霸2011.lnk
[2011/06/21 23:06:18 | 000,001,144 | ---- | C] ()(C:\Users\Public\Desktop\??2011.lnk) -- C:\Users\Public\Desktop\词霸2011.lnk
[2011/01/23 18:10:58 | 010,206,208 | ---- | M] ()(C:\Users\georgejhsu\Documents\«????»,?????????.pps) -- C:\Users\georgejhsu\Documents\《长河孤旅》,看一遍记一辈子的人.pps
[2011/01/23 18:10:38 | 010,206,208 | ---- | C] ()(C:\Users\georgejhsu\Documents\«????»,?????????.pps) -- C:\Users\georgejhsu\Documents\《长河孤旅》,看一遍记一辈子的人.pps
(C:\Users\georgejhsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??) -- C:\Users\georgejhsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\有道
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??2011) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\词霸2011
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?????1.0) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度地址栏1.0
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\金山词霸
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\有道

< End of report >
  • 0

Advertisements

#2
emeraldnzl
Posted 21 February 2013 - 02:29 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello sonicshadow,

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com...&tn=kwmusic_adr
O2 - BHO: (E3A8C5EB-E7EA-E4BB-6DC0-39B543445628 Class) - {E3A8C5EB-E7EA-E4BB-6DC0-39B543445628} - C:\Program Files (x86)\Baidu\{E3A8C5EB-E7EA-E4BB-6DC0-39B543445628}\AddressBar.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Files
ipconfig /flushdns /c

:Commands
[resethosts]
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
Next

Please download AdwCleaner from here to your desktop
  • Click on the green downward facing arrow on the right to commence download.
  • Run AdwCleaner and select Search

Posted Image

A log will be generated in notepad.

Close AdwCleaner - when a window pops up asking you whether you want to delete the items found, do not press OK at this point... just close the window.

Copy and paste the report back here.

When you return please post
  • OTL fix .txt
  • AdwCleaner log
  • 0

#3
sonicshadow
Posted 22 February 2013 - 04:59 AM

sonicshadow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Hi emeraldnzl, thank you for helping me. I have included the logs for you:

OTL log:

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3A8C5EB-E7EA-E4BB-6DC0-39B543445628}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3A8C5EB-E7EA-E4BB-6DC0-39B543445628}\ deleted successfully.
C:\Program Files (x86)\Baidu\{E3A8C5EB-E7EA-E4BB-6DC0-39B543445628}\AddressBar.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\georgejhsu\Desktop\cmd.bat deleted successfully.
C:\Users\georgejhsu\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: georgejhsu
->Temp folder emptied: 4922632 bytes
->Temporary Internet Files folder emptied: 284627593 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 29569746 bytes
->Flash cache emptied: 222624 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4962955 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46374035 bytes
RecycleBin emptied: 17362583250 bytes

Total Files Cleaned = 16,912.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02222013_024242

Files\Folders moved on Reboot...
C:\Users\georgejhsu\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

AdwCleaner Log

# AdwCleaner v2.112 - Logfile created 02/22/2013 at 02:52:21
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : georgejhsu - GEORGEJHSU-PC
# Boot Mode : Normal
# Running from : C:\Users\georgejhsu\Downloads\adwcleaner0.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Public\Desktop\iLivid.lnk
Folder Found : C:\Program Files (x86)\Ilivid
Folder Found : C:\Program Files (x86)\SogouExplorer
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\georgejhsu\AppData\Local\Ilivid Player
Folder Found : C:\Users\georgejhsu\AppData\Roaming\SogouExplorer

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\TENCENT
Key Found : HKCU\Software\AppDataLow\TENCENT
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\TENCENT
Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\ilivid
Key Found : HKLM\Software\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\Software\TENCENT
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Found : HKLM\SOFTWARE\DataMngr
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\georgejhsu\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.13] : homepage = "hxxp://www.searchnu.com/406",
Found [l.17] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
Found [l.1938] : homepage = "hxxp://www.searchnu.com/406",
Found [l.2357] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]

*************************

AdwCleaner[R1].txt - [3076 octets] - [22/02/2013 02:52:21]

########## EOF - C:\AdwCleaner[R1].txt - [3136 octets] ##########
  • 0

#4
emeraldnzl
Posted 22 February 2013 - 12:10 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

The computer randomly turns its screen off, without turning off the actual computer.


Have you checked to see if that is the screen saver coming on but set to blank or black? Right click on the desktop > Personalize and check the settings.

but a process called QvodTerminal.exe


I believe that is a video player (QvodPlayer)... not malware but might be using up resources. If it is not needed you could uninstall it.

Now

Please run a free online scan with the ESET Online Scanner
Note: ESET was designed to run with Internet Explorer, compatibility with other browsers has been added recently but if you find difficulty, go to using Internet Explorer
  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Click Start and if your security program asks you if you want to allow the program, click yes.
  • If you anti-virus is active you may see a panel appear warning you that this may affect performance. Disabling the programs listed may speed things along.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Copy and paste that log as a reply to this topic
  • Press the BACK button
  • Press Finish

  • 0

#5
sonicshadow
Posted 23 February 2013 - 08:10 PM

sonicshadow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
There is actually no screensaver set, so I don't think this would be the issue. I've actually had some trouble running the ESET online scanner. It would not work for Internet Explorer, so I used Chrome to download their other version. However, I've attempted scanning 5 times already. The first 3 times, the screen turned off automatically and froze. The fourth time, I set the power option to not turn the screen off at any time (leaving it plugged in)--but after about roughly 65% completion, I had a BSOD. The most recent time I made it to 92%, but the computer froze with the screen still on. The screen looks as if it is still scanning, but all the pixels seem to be fixed. It does not respond to Ctrl+alt+Del or Ctrl+alt+esc, and it doesn't respond to the touchpad either.

But after the last scan up to 92% (taking roughly 5 and a half hours), the details showed that it caught (before it froze):
"a variant of Win32/Hao123.A application
a variant of Win32/Hao123.A application
a variant of Win32/Hao123.A application
Win32/Toolbar.SearchSuite application"


I did remove QvodPlayer though.

I have restarted the computer and I'm attempting the scan again, but are there any alternatives to this that might help? What steps should I take next?
  • 0

#6
emeraldnzl
Posted 23 February 2013 - 08:37 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

There is actually no screensaver set, so I don't think this would be the issue.


Well do have it wrong or isn't it that when you have no screen saver set the monitor will go black after a period... depending upon the power management timing options? Most modern computers are set to switch the monitor into a lower power mode, blanking the screen altogether. Check out the Power Options. Maybe setting a screensaver will be helpful to your friend stopping the screen going blank after a period.

But after the last scan up to 92% (taking roughly 5 and a half hours), the details showed that it caught (before it froze):


It does take a long time depending on the size of the disk and files therein. The last person I helped it took 12 hours.

I have restarted the computer and I'm attempting the scan again, but are there any alternatives to this that might help?


The alternatives can take a very long time too. We can look at that though but before we do, have you disabled your current security programs? They can interrupt/get in the way and slow things down even to the point of stopping ESET.
  • 0

#7
sonicshadow
Posted 23 February 2013 - 08:48 PM

sonicshadow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
You are correct that the screen will go black after a while if no screensaver is set, but normally, upon any usage of the mouse or keyboard, it should return immediately. In my case, it was unresponsive, and the only way the computer would respond is if I were to force shut down. I changed the power setting to disable the screen from turning off, and while it did not go black again, it did still freeze.

The only security program I have on this particular computer is Microsoft Security Essentials. For the ESET scan that is currently ongoing (As of this post), it is disabled. It was not previously disabled in previous runs.
  • 0

#8
emeraldnzl
Posted 23 February 2013 - 09:16 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

You are correct that the screen will go black after a while if no screensaver is set, but normally, upon any usage of the mouse or keyboard, it should return immediately. In my case, it was unresponsive, and the only way the computer would respond is if I were to force shut down. I changed the power setting to disable the screen from turning off, and while it did not go black again, it did still freeze.


Fair enough we will keep looking for a solution.

Here is an alternative for you if you don't have any more luck with the ESET one. Can take a long time though. ;)

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox.

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

  • Click on Kaspersky Security Scan Download button.
  • Click Run
  • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky.
  • Once complete a window will open Click Next.
  • Read through the requirements and privacy statement and check Accept.
  • Click Install and Yes to allow installation
  • When installation is complete click Finish
  • After a short wait a window will appear click below the statement "Start FREE Scan" Now on the button for a Full Scan
  • When the scan is complete a list of problems found will appear click the button Details beside the heading "Problems found"
  • Copy and paste the contents to notepad and save for reference. Then copy and paste back here.
  • Click the radio button near the top FIX NOW
  • Exit

  • 0

#9
sonicshadow
Posted 24 February 2013 - 01:33 AM

sonicshadow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Thanks for giving me the alternative, but I managed to finish the ESET scan. The results are as follows:

C:\Users\georgejhsu\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
C:\Users\georgejhsu\Downloads\iqy_offline_2.4.0.0_p2.exe a variant of Win32/Hao123.A application
C:\Users\georgejhsu\Downloads\LeTV_setup (1).exe a variant of Win32/Hao123.A application
C:\Users\georgejhsu\Downloads\LeTV_setup.exe a variant of Win32/Hao123.A application
  • 0

#10
emeraldnzl
Posted 24 February 2013 - 01:50 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello sonicshadow,

Please download ComboFix from one of this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

Advertisements

#11
sonicshadow
Posted 24 February 2013 - 05:01 AM

sonicshadow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Combofix returned the following log.

ComboFix 13-02-23.01 - georgejhsu 24/02/2013 1:23.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1622 [GMT -8:00]
Running from: c:\users\georgejhsu\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\360Downloads
c:\360downloads\GooglePinyinInstaller_QIHB.exe
c:\360downloads\ppstream_2.7.0.1507.exe
c:\360downloads\SohuVA_3.2.0.0-t-c2004.exe
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\20120706114522_pingan120301zhu15s.swf
c:\favoritevideo\InvisibleFolder\20120925115227_tongyisucail120926zhuhc.swf
c:\favoritevideo\InvisibleFolder\20130118171006_7837pingtai130118zhuhc.swf
c:\favoritevideo\InvisibleFolder\20130118171134_7837pingtai130118zhuzt.swf
c:\favoritevideo\InvisibleFolder\20130118180838_global130118zhufuceng.swf
c:\favoritevideo\InvisibleFolder\20130119165743_client.jpg
c:\favoritevideo\InvisibleFolder\pptv_jiangshen_130116.exe
c:\favoritevideo\InvisibleFolder\pptv_tulong_130117.exe
c:\favoritevideo\InvisibleFolder\tipsbubble.dll
c:\favoritevideo\InvisibleFolder\tipsclient.dll
c:\program files (x86)\SogouExplorer
c:\program files (x86)\SogouExplorer\4.0.2.6324\UninsSE.exe
c:\program files (x86)\SogouExplorer\sogouipfilter.dll
c:\program files (x86)\ymLevel2_Taste
c:\program files (x86)\ymLevel2_Taste\Coder2.dll
c:\program files (x86)\ymLevel2_Taste\DownLoad.dll
c:\program files (x86)\ymLevel2_Taste\INSTALL.LOG
c:\program files (x86)\ymLevel2_Taste\L2Host.dat
c:\program files (x86)\ymLevel2_Taste\MFC71.dll
c:\program files (x86)\ymLevel2_Taste\msvcr71.dll
c:\program files (x86)\ymLevel2_Taste\offLogo.mht
c:\program files (x86)\ymLevel2_Taste\UNWISE.EXE
c:\program files (x86)\ymLevel2_Taste\UNWISE.INI
c:\program files (x86)\ymLevel2_Taste\UnzipDll.dll
c:\users\Default\AppData\Roaming\SogouExplorer
c:\users\Default\AppData\Roaming\SogouExplorer\Bin\flash_wk.dll
c:\users\Default\AppData\Roaming\SogouExplorer\Bin\malurl.dat
c:\users\Default\AppData\Roaming\SogouExplorer\datapack1
c:\users\Default\AppData\Roaming\SogouExplorer\datapack2
c:\users\Default\AppData\Roaming\SogouExplorer\datapack3
c:\users\Default\AppData\Roaming\SogouExplorer\MetaSearch\metasearchupdate1
c:\users\Default\AppData\Roaming\SogouExplorer\MetaSearch\metasearchupdate2
c:\users\Default\AppData\Roaming\SogouExplorer\script.dat
c:\users\Default\AppData\Roaming\SogouExplorer\urlblack.dat
c:\users\georgejhsu\AppData\Roaming\360SE
c:\users\georgejhsu\AppData\Roaming\SogouExplorer
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\abw
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\acc.splenkey
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\adbdata.dat
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\bse_temp\update\msg.ini
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\bse_temp\update\quick.ini
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\bse_temp\update\slow.ini
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\bse_temp\updaterun.dat
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\bseapi.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\bsecfg.dat
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\bsecore.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\bseupd.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\d3dcompiler_43.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\d3dx9_43.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\flash_ie.ocx
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\flash_wk.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\framework.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\icudt.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\libegl.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\libglesv2.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\malurl.dat
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\p2pclient.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\seapi.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\seinstdll.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\semaindll.md5
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\SoDaLib.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\sogounet.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Bin\video_acc.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\CommCfg.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Conf\DataPack1
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Conf\DataPack2
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Conf\DataPack3
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Config.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\configlocal.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Dynamark.db.2013.01.01.12
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Dynamark.db.2013.01.04.15
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Dynamark.db.2013.01.09.20
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Dynamark.db.2013.01.15.23
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Dynamark.db.2013.01.19.15
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Dynamark.db.2013.01.27.14
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Dynamark.db.2013.02.09.21
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Extension.db.2013.01.01.12
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Extension.db.2013.01.04.15
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Extension.db.2013.01.09.20
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Extension.db.2013.01.15.23
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Extension.db.2013.01.19.15
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Extension.db.2013.01.27.14
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Extension.db.2013.02.09.21
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2013.01.01.12
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2013.01.04.15
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2013.01.09.20
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2013.01.15.23
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2013.01.19.15
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2013.01.27.14
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2013.02.09.21
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\FormData.dat.2013.01.01.12
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\FormData.dat.2013.01.04.15
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\FormData.dat.2013.01.09.20
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\FormData.dat.2013.01.15.23
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\FormData.dat.2013.01.19.15
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\FormData.dat.2013.01.27.14
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\FormData.dat.2013.02.09.21
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Misc.db.2013.01.01.12
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Misc.db.2013.01.04.15
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Misc.db.2013.01.09.20
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Misc.db.2013.01.15.23
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Misc.db.2013.01.19.15
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Misc.db.2013.01.27.14
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\DailyBackup\Misc.db.2013.02.09.21
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\dew
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Dynamark.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.189.eliao.0.0.0.5.sext
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.189.eliao\0.0.0.5\background.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.189.eliao\0.0.0.5\background_page.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.189.eliao\0.0.0.5\banner.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.189.eliao\0.0.0.5\close_btn.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.189.eliao\0.0.0.5\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.189.eliao\0.0.0.5\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.189.eliao\0.0.0.5\eliao_banner4other.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.189.eliao\0.0.0.5\eliao_banner4sogou_nav.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.189.eliao\0.0.0.5\gbkurl.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.189.eliao\0.0.0.5\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.189.eliao\0.0.0.5\md5.min.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.189.eliao\0.0.0.5\mobile_btn.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.189.eliao\0.0.0.5\popup.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.189.eliao\0.0.0.5\popup.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.189.eliao\0.0.0.5\refresh.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.189.eliao\0.0.0.5\sms_feature.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.189.eliao\0.0.0.5\web_btn.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf.sext
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\backgroundpage.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\privacy_on.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.1\thumbs.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.2\backgroundpage.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.2\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.2\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.2\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.2\privacy_on.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.privateSurf\0.0.0.2\thumbs.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.quicklink.sext
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\backgroundpage.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.quicklink\0.0.0.1\popup.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.secondAccount.sext
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\backgroundpage.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.1\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.2\backgroundpage.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.2\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.2\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.secondAccount\0.0.0.2\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share.sext
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\backgroundpage.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\qzone.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\renren.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\sina.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\sohu.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\tencent.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.1\thumbs.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.2\backgroundpage.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.2\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.2\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.2\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.2\qzone.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.2\renren.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.2\sina.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.2\sohu.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.2\tencent.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.share\0.0.0.2\thumbs.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker.sext
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\background.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\callback.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\npprintscreen.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\pop.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\res\ajax-loader.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\res\bg_rextop.jpg
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\res\btn_at.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\res\logo.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\res\logo__.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\res\oauth.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\background.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\consumer.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\contentscript.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\error_handler.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\jquery-1.6.1.min.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\md5-min.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_form.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_observer.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_observer_renren.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_observer_sina.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_observer_tencent.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_worker.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_worker_renren.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\oauth_worker_tencent.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\sha1.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\tranfer_thumdata.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\script\xml2json.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\signin.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\background.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\balloon.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\callback.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\npprintscreen.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\option.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\pop.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\ajax-loader.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\back-1.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\back-2.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\back-3.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\bg_rextop.jpg
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\blank.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\btn_at.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\choosen.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\chosen.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\loading.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\loading2.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\loading3.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\logo.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\logo__.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\oauth.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\popup.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\renren.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\share_fail.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\share_success.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\sina.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\res\tencent.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\background.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\consumer.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\contentscript.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\error_handler.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\jquery-1.6.1.min.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\md5-min.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\oauth.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\oauth_form.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\oauth_observer.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\oauth_observer_renren.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\oauth_observer_sina.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\oauth_observer_tencent.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\oauth_worker.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\oauth_worker_renren.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\oauth_worker_tencent.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\popup.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\popup_ui.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\sha1.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\snaptaker.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\script\xml2json.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.5\signin.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\background.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\balloon.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\callback.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\npprintscreen.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\option.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\pop.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\ajax-loader.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\back-1.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\back-2.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\back-3.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\bg_rextop.jpg
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\blank.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\btn_at.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\choosen.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\chosen.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\loading.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\loading2.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\loading3.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\logo.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\logo__.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\oauth.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\popup.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\renren.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\share_fail.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\share_success.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\sina.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\res\tencent.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\background.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\consumer.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\contentscript.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\error_handler.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\jquery-1.6.1.min.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\md5-min.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\oauth.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\oauth_form.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\oauth_observer.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\oauth_observer_renren.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\oauth_observer_sina.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\oauth_observer_tencent.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\oauth_worker.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\oauth_worker_renren.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\oauth_worker_tencent.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\popup.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\popup_ui.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\sha1.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\snaptaker.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\script\xml2json.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.4.6\signin.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\background.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\balloon.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\callback.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\npprintscreen.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\option.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\pop.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\ajax-loader.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\back-1.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\back-2.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\back-3.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\bg_rextop.jpg
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\blank.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\btn_at.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\choosen.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\chosen.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\loading.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\loading2.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\loading3.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\logo.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\logo__.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\oauth.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\popup.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\renren.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\share_fail.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\share_success.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\sina.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\res\tencent.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\background.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\consumer.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\contentscript.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\error_handler.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\jquery-1.6.1.min.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\md5-min.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\oauth.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\oauth_form.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\oauth_observer.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\oauth_observer_renren.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\oauth_observer_sina.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\oauth_observer_tencent.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\oauth_worker.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\oauth_worker_renren.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\oauth_worker_tencent.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\popup.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\popup_ui.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\sha1.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\snaptaker.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\script\xml2json.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.0\signin.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\background.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\balloon.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\callback.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\npprintscreen.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\option.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\pop.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\ajax-loader.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\back-1.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\back-2.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\back-3.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\bg_rextop.jpg
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\blank.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\btn_at.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\choosen.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\chosen.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\loading.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\loading2.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\loading3.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\logo.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\logo__.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\oauth.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\popup.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\renren.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\share_fail.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\share_success.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\sina.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\res\tencent.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\background.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\consumer.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\contentscript.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\error_handler.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\jquery-1.6.1.min.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\md5-min.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\oauth.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\oauth_form.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\oauth_observer.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\oauth_observer_renren.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\oauth_observer_sina.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\oauth_observer_tencent.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\oauth_worker.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\oauth_worker_renren.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\oauth_worker_tencent.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\popup.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\popup_ui.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\sha1.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\snaptaker.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\script\xml2json.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\shitu\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\shitu\images\close.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\shitu\images\pluginbg.jpg
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\shitu\images\stbg1.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\shitu\images\stbg2.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\shitu\images\stlink2.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\shitu\images\stload.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\shitu\shitu.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\shitu\shitu_bg.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\shitu\st.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.4\signin.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\background.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\balloon.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\callback.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\npprintscreen.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\option.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\pop.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\ajax-loader.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\back-1.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\back-2.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\back-3.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\bg_rextop.jpg
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\blank.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\btn_at.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\choosen.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\chosen.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\loading.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\loading2.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\loading3.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\logo.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\logo__.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\oauth.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\popup.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\renren.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\share_fail.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\share_success.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\sina.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\res\tencent.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\background.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\consumer.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\contentscript.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\error_handler.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\jquery-1.6.1.min.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\md5-min.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\oauth.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\oauth_form.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\oauth_observer.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\oauth_observer_renren.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\oauth_observer_sina.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\oauth_observer_tencent.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\oauth_worker.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\oauth_worker_renren.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\oauth_worker_tencent.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\popup.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\popup_ui.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\sha1.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\snaptaker.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\script\xml2json.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\shitu\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\shitu\images\close.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\shitu\images\pluginbg.jpg
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\shitu\images\stbg1.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\shitu\images\stbg2.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\shitu\images\stlink2.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\shitu\images\stload.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\shitu\shitu.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\shitu\shitu_bg.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\shitu\st.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.7\signin.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\background.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\balloon.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\callback.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\npprintscreen.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\option.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\pop.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\ajax-loader.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\back-1.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\back-2.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\back-3.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\bg_rextop.jpg
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\blank.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\btn_at.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\choosen.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\chosen.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\loading.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\loading2.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\loading3.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\logo.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\logo__.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\oauth.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\popup.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\renren.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\share_fail.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\share_success.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\sina.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\res\tencent.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\background.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\consumer.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\contentscript.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\error_handler.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\jquery-1.6.1.min.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\md5-min.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\oauth.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\oauth_form.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\oauth_observer.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\oauth_observer_renren.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\oauth_observer_sina.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\oauth_observer_tencent.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\oauth_worker.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\oauth_worker_renren.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\oauth_worker_tencent.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\popup.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\popup_ui.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\sha1.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\snaptaker.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\script\xml2json.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\shitu\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\shitu\images\close.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\shitu\images\pluginbg.jpg
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\shitu\images\stbg1.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\shitu\images\stbg2.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\shitu\images\stlink2.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\shitu\images\stload.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\shitu\shitu.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\shitu\shitu_bg.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\shitu\st.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.snapTaker\0.5.9\signin.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator.sext
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\ translate.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\backgroundpage.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\css\translate.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\google_translate.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\ajax-loader.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\btn_left.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\btn_left_active.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\btn_left_hover.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\btn_mid.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\btn_mid_active.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\btn_mid_hover.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\btn_right.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\btn_right_active.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\btn_right_hover.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\change.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\swap.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\swap_hover.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\thumbs.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\title_option.jpg
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\title_option2.jpg
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\images\translate_logo.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\js\before_googleapi.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\js\before_youdaoapi.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\js\jquery.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\js\translate.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\js\translate.js_
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\js\youdao_translate.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\translate.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\translator.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.3\youdao_translate.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\ translate.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\backgroundpage.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\css\translate.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\google_translate.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\ajax-loader.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_left.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_left_active.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_left_hover.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_mid.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_mid_active.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_mid_hover.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_right.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_right_active.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\btn_right_hover.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\change.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\swap.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\swap_hover.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\thumbs.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\title_option_google.jpg
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\title_option_youdao.jpg
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\images\translate_logo.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\js\before_googleapi.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\js\before_youdaoapi.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\js\jquery.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\js\translate.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\js\translate.js_
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\js\youdao_translate.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\translate.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\translator.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.4\youdao_translate.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\ translate.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\backgroundpage.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\css\translate.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\google_translate.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\images\ajax-loader.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\images\btn_left.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\images\btn_left_active.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\images\btn_left_hover.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\images\btn_mid.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\images\btn_mid_active.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\images\btn_mid_hover.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\images\btn_right.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\images\btn_right_active.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\images\btn_right_hover.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\images\change.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\images\swap.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\images\swap_hover.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\images\thumbs.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\images\title_option_google.jpg
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\images\title_option_youdao.jpg
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\images\translate_logo.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\js\before_googleapi.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\js\before_youdaoapi.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\js\jquery.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\js\translate.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\js\translate.js_
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\js\youdao_translate.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\translate.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\translator.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.5\youdao_translate.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\ translate.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\backgroundpage.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\css\translate.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\google_translate.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\images\ajax-loader.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\images\btn_left.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\images\btn_left_active.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\images\btn_left_hover.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\images\btn_mid.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\images\btn_mid_active.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\images\btn_mid_hover.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\images\btn_right.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\images\btn_right_active.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\images\btn_right_hover.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\images\change.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\images\swap.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\images\swap_hover.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\images\thumbs.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\images\title_option_google.jpg
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\images\title_option_youdao.jpg
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\images\translate_logo.gif
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\js\before_googleapi.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\js\before_youdaoapi.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\js\jquery.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\js\translate.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\js\translate.js_
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\js\youdao_translate.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\translate.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\translator.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.translator\0.0.0.7\youdao_translate.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.www.1.4.0.1.sext
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.www\1.4.0.1\background.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.www\1.4.0.1\default-big.png
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.www\1.4.0.1\default.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.www\1.4.0.1\iframe_pos.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.www\1.4.0.1\iframe_pos_ie.css
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.www\1.4.0.1\manifest.xml
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.www\1.4.0.1\popup.html
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.www\1.4.0.1\start.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Extension\com.sogou.www\1.4.0.1\stop.js
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\default_page.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\FavorIcon.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_baike.baidu.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_bk.pptv.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_box.zhangmen.baidu.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_cn.yahoo.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_ie.sogou.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_ikan.pptv.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_list.pptv.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_liveupdate.cyberlink.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_mail.cn.yahoo.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_mail.yahoo.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_mp3.baidu.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_news.cn.yahoo.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_passport.pptv.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_search.pptv.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_tv.pptv.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_us.mg204.mail.yahoo.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_v.pptv.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_video.baidu.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_vip.pptv.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_wstat.pptv.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_www.1ting.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_www.95171.cn_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_www.baidu.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_www.fdsh.com.cn_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_www.fetion.com.cn_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_www.firefox.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_www.flash.cn_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_www.google.cn_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_www.google.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_www.pp250.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_www.pptv.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_www.yahoo.cn_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_www.yahoo.com.cn_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_www.yahoo.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_www.yaotou.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_www.yoqoo.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_www.youku.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_www.youtube.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_ya.ru_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\http_yahoo.com_80_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\https_edit.bjs.yahoo.com_443_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\https_nobu.backup.com_443_fav.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FavIcon\o0.ico
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Favorite2.dat
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\FormData.dat
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\hardcode.bin
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\HistoryUrl.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\liteupdater.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\LocalPage\Error404.zip
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\LocalPage\MyFavorStartPage.zip
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\LocalPage\PassportLogin.zip
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\LocalPage\WKInspector.zip
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\LocalStorage.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\MCPattern.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\MetaSearch\MetaSearch
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\MetaSearch\MetaSearch.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\MetaSearch\MetaSearchUpdate1
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\MetaSearch\MetaSearchUpdate2
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Misc.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\netopt.se
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\p4p.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\playevent.pat
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\pr.dat
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\rk.dat
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\script.dat
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\SEacc_F5_pattern.txt
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\SEacc_pattern.txt
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\SEacc_refresh_pattern.txt
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\seupdater.dll
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Skin\bluesky.setheme
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Skin\dolphin.setheme
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Skin\miss.setheme
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Skin\popo.setheme
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\SogouCache.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\tb
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\uhistory.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\UpgradeBackup\Dynamark.db.2012.11.20.15.09
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\UpgradeBackup\Extension.db.2012.11.20.15.08
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\UpgradeBackup\FormData.dat.2012.02.13.15.13
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\UpgradeBackup\HistoryUrl.db.2012.11.20.15.08
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\UpgradeBackup\MCPattern.db.2012.02.13.15.13
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\UpgradeBackup\Misc.db.2012.02.13.15.13
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\UpgradeBackup\Misc.db.2012.11.20.15.09
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\UpgradeBackup\rk.dat.2012.11.20.15.09
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\urlblack.dat
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\urlcache.dat
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\videopattern
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Cookies
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\1779.tmp
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\4E5D.tmp
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\data_0
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\data_1
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\data_2
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\data_3
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000001
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000002
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000003
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000004
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000005
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000006
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000007
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000008
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000009
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00000a
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00000b
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00000c
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00000d
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00000e
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00000f
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000010
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000011
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000012
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000013
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000014
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000015
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000016
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000017
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000018
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000019
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00001a
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00001b
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00001c
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00001d
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00001e
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00001f
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000020
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000021
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000022
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000023
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000024
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000025
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000026
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000027
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000028
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000029
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00002a
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00002b
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00002c
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00002d
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00002e
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00002f
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000030
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000031
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000032
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000033
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000034
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000035
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000036
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000037
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000038
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000039
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00003a
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00003b
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00003c
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00003d
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00003e
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00003f
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000040
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000041
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000042
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000043
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000045
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000046
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000047
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000048
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000049
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00004a
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00004b
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00004c
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00004d
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00004e
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00004f
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000050
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000051
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000052
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000053
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000054
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000055
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000056
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000057
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000058
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000059
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00005a
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00005b
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00005c
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00005d
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00005e
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00005f
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000060
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000061
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000062
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000063
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000064
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000065
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000066
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000067
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000068
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000069
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00006a
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00006b
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00006c
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00006d
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00006f
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000071
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000072
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000073
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000074
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000075
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000076
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000077
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000078
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000079
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00007a
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00007b
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00007d
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00007e
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000080
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000081
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000082
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000083
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000084
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000085
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000087
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000088
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000089
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00008a
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00008b
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00008c
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00008d
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00008e
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00008f
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000090
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000091
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000092
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000093
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000094
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000095
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000096
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000097
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000098
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_000099
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00009a
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00009b
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00009c
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00009d
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00009e
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_00009f
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000a0
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000a1
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000a2
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000a3
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000a4
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000a5
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000a6
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000a7
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000a8
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000a9
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000aa
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000ab
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000ac
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000ad
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000ae
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000af
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000b0
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000b1
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000b2
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000b3
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000b4
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000b5
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000b6
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000b7
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000b8
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000b9
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000ba
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000bb
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000bc
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000bd
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000be
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000bf
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000c0
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000c1
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000c2
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000c3
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000c4
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000c5
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000c6
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000c7
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000c8
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000c9
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000ca
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000cb
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000cc
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000cd
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\f_0000ce
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cache\index
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Cookies
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\databases\Databases.db
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\databases\https_login.skype.com_0\1
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Extension Cookies
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Local Storage\https_login.skype.com_0.localstorage
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Local Storage\se-extension_com.sogou.189.eliao_0.localstorage
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Local Storage\se-extension_com.sogou.quicklink_0.localstorage
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Local Storage\se-extension_com.sogou.snapTaker_0.localstorage
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Local Storage\se-extension_com.sogou.www_0.localstorage
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Preferences
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Preferences~RF95502.TMP
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\QuotaManager
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Default\Visited Links
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Extension Cookies
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Local State
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Local Storage\http_123.sogou.com_0.localstorage
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Local Storage\http_cdn.tanx.com_0.localstorage
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Local Storage\http_ui.tudou.com_0.localstorage
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Local Storage\se-extension_com.sogou.quicklink_0.localstorage
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Local Storage\se-extension_com.sogou.snapTaker_0.localstorage
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Local Storage\se-extension_com.sogou.www_0.localstorage
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\Patches
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\SEIE\Cache\Content.IE5\index.dat
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\SEIE\Cache\desktop.ini
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\SEIE\Cookies\index.dat
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\SEIE\History\desktop.ini
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\SEIE\History\History.IE5\desktop.ini
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\SEIE\History\History.IE5\index.dat
c:\users\georgejhsu\AppData\Roaming\SogouExplorer\Webkit\VisitedLinks
c:\windows\Downloaded Program Files\514194
c:\windows\Downloaded Program Files\514194\BaiduSetupAx_3.dll
c:\windows\Downloaded Program Files\655368
c:\windows\Downloaded Program Files\655368\SetupAx.dll
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Files Created from 2013-01-24 to 2013-02-24 )))))))))))))))))))))))))))))))
.
.
2013-02-24 10:08 . 2013-02-24 10:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-23 19:58 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{551068C8-22D5-4649-9900-86CEA268053F}\mpengine.dll
2013-02-22 19:45 . 2013-02-22 19:45 -------- d-----w- c:\program files (x86)\ESET
2013-02-22 19:42 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-22 10:42 . 2013-02-22 10:42 -------- d-----w- C:\_OTL
2013-02-17 01:32 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-17 01:32 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-17 01:32 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-17 01:32 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-17 01:32 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-17 01:32 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-16 21:44 . 2013-02-16 21:44 -------- d-----w- c:\users\georgejhsu\AppData\Roaming\Malwarebytes
2013-02-16 21:43 . 2013-02-16 21:43 -------- d-----w- c:\programdata\Malwarebytes
2013-02-16 21:43 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-16 21:43 . 2013-02-16 21:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-16 21:43 . 2013-02-16 21:43 -------- d-----w- c:\users\georgejhsu\AppData\Local\Programs
2013-02-13 00:31 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 00:31 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 00:31 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 00:27 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 00:27 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 00:25 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 00:22 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 00:22 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-10 06:30 . 2013-02-10 06:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-02-10 06:26 . 2013-02-10 06:27 -------- d-----w- c:\users\georgejhsu\AppData\Roaming\Wandoujia2
2013-02-10 06:14 . 2013-02-10 06:18 -------- d-----w- C:\QMDownload
2013-02-10 06:11 . 2013-02-10 06:11 -------- d-----w- C:\KRECYCLE
2013-02-10 06:10 . 2013-02-10 06:10 -------- d-----w- c:\program files\Common Files\Tencent
2013-02-10 06:10 . 2013-01-15 09:06 73368 ----a-w- c:\windows\system32\drivers\TFsFltX64.sys
2013-02-10 06:09 . 2013-01-15 09:06 112032 ----a-w- c:\windows\system32\QQPCUrlLoader.exe
2013-02-10 06:07 . 2013-02-10 06:07 -------- d-----w- c:\users\georgejhsu\AppData\Local\Tencent
2013-02-10 06:06 . 2013-02-10 06:06 -------- d-----w- C:\10da2bdfa3d85deebcd7d44f9609928c
2013-02-10 06:06 . 2013-01-09 08:47 308112 ----a-w- c:\windows\SysWow64\MMInstaller.dll
2013-02-10 06:05 . 2012-07-31 20:49 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-02-10 06:05 . 2012-07-31 20:49 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
2013-02-10 06:05 . 2013-02-11 03:50 -------- d-----w- c:\program files\Tencent
2013-02-10 05:59 . 2013-02-10 06:05 -------- d-----w- c:\program files (x86)\Common Files\Tencent
2013-02-10 05:59 . 2013-02-16 23:31 -------- d-----w- c:\program files (x86)\Tencent
2013-02-10 05:59 . 2013-02-10 06:10 -------- d-----w- c:\programdata\Tencent
2013-02-10 05:59 . 2013-02-16 22:28 -------- d-----w- c:\users\georgejhsu\AppData\Roaming\Tencent
2013-02-10 05:59 . 2009-02-18 06:51 18760 ----a-w- c:\windows\SysWow64\QQVistaHelper.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-19 05:02 . 2012-05-07 14:02 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-13 00:37 . 2012-04-19 18:34 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-13 00:37 . 2012-01-24 05:46 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2012-12-25 03:12 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-17 01:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-25 03:12 . 2012-12-25 03:13 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DAE8F12D-2861-4186-840F-06EDE7CF3139}\gapaengine.dll
2012-12-16 17:11 . 2012-12-21 20:38 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 20:38 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 20:38 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 20:38 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{452ADB5B-00BE-469D-A65F-3046146B2ED5}]
2013-02-05 05:54 253880 ----a-w- c:\program files (x86)\ËѺüÓ°Òô\SoHuAutoDetector.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XDict"="c:\program files (x86)\Kingsoft\PowerWordDict\xdict.exe" [2012-12-27 3320328]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-06 222496]
"YodaoDict"="c:\program files (x86)\Youdao\Dict4\RunDict.exe" [2011-10-25 399040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"wdcertm_ccb"="c:\windows\system32\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exe" [2008-10-07 53365]
"bosh_certd"="c:\program files (x86)\bosh_feitian\certd_bosh.exe" [2011-04-15 118784]
"·çÔÆ"="c:\program files (x86)\shidtv\play.exe" [2012-02-03 323584]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-21 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"HengBao UranuSafe CSP V3.0 For SHBANK[bosh_keyDriver01]"="c:\program files (x86)\bosh_hengbao\bosh_keyDriver01.exe" [2010-01-28 07:22 176128]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
.
c:\users\georgejhsu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ GOOGLEPINYIN2.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 CntvCBoxService;CNTV CBox Service;c:\program files (x86)\CNTV\CBox\CntvCBoxService.exe [2012-07-23 1241000]
R3 KSVSDRV;KSVSDRV;c:\program files (x86)\Common Files\KuaiKuai\ksvs\ksvsdrv.sys [2011-08-10 174712]
R3 KSVSSVC;Kuaikuai Streaming and Virtualization Service;c:\program files (x86)\Common Files\KuaiKuai\ksvs\ksvssvc.exe [2011-08-10 971120]
R3 KSVSUPD;Kuaikuai Runtime Update Service;c:\program files (x86)\Common Files\KuaiKuai\ksvs\ksvsupd.exe [2011-08-10 211312]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-11 1255736]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-06 865824]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
S2 WDMonitorCCB;WatchData ccb V3.2;c:\windows\SysWOW64\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe [2008-10-07 65536]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
xbsvc REG_MULTI_SZ XiaobaiSvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 00:37]
.
2013-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-640966529-1850517452-3910458341-1000Core1ce10ea68cc8ad5.job
- c:\users\georgejhsu\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 00:28]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-640966529-1850517452-3910458341-1000UA.job
- c:\users\georgejhsu\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 00:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-23 10134560]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-15 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-15 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-15 365592]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-06 860192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.qq.com/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.le123.com/hao123.html
mStart Page = hxxp://www.le123.com/hao123.html
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Ìí¼ÓÍøÖ·µ½360°²È«×ÀÃæ - c:\program files (x86)\360\360Desktop\Bin\addapp.html
IE: ??????? - c:\program files (x86)\ËѺüÓ°Òô\SohuStore.html
IE: ???????? - c:\program files (x86)\Youdao\YoudaoNote\ieext_menu.htm
IE: {{65D09F88-CE18-4A95-B8AF-311C3311DB03} - c:\program files (x86)\Youdao\YoudaoNote\ieext_btn.htm
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: bankofshanghai.com\*
Trusted Zone: bankofshanghai.com\ebank
Trusted Zone: bankofshanghai.com\ebanks
Trusted Zone: bankofshanghai.com\epay
Trusted Zone: bankofshanghai.com\ibank
Trusted Zone: bankofshanghai.com\www
Trusted Zone: bankofshanghai.com.cn\www
Trusted Zone: ccb.cn\b2b
Trusted Zone: ccb.com\www
Trusted Zone: ccb.com.cn\*
Trusted Zone: ccb.com.cn\ca2
Trusted Zone: ccb.com.cn\ca3
Trusted Zone: ccb.com.cn\ibsbjstar
Trusted Zone: ccb.com.cn\mybank
Trusted Zone: taobao.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: qq.com\cache.tv
Trusted Zone: qq.com\qqlivecaption
Trusted Zone: qq.com\qqlivehabit
Trusted Zone: qq.com\qqlivesearch
Trusted Zone: qq.com\video_1
Trusted Zone: taobao.com
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{6252875D-0A79-6B27-BC6A-E3BC86BDAE78} - c:\progra~2\Letv\letvlive\IEMINI~1.DLL
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Loader - c:\program files (x86)\Letv\letvlive\LeTVLoader.exe
Wow6432Node-HKLM-Run-LetvHClient.exe - c:\program files (x86)\Letv\letvlive\LetvHClient.exe
SafeBoot-QQPCRTP
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-½ðɽ¿ì¿ìÓÎÏ·ÊÀ½ç - c:\program files (x86)\KuaiKuai\KKGame\kkuninst.exe
AddRemove-ÉϺ£ÒøÐа²È«¿Í»§¶Ë³ÌÐòft - c:\program files (x86)\ÉϺ£ÒøÐа²È«¿Í»§¶Ë³ÌÐòft\uninst.exe
AddRemove-ÒæÃ˲ÙÅÌÊÖ T1.0.5.1 - c:\progra~2\YMLEVE~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-640966529-1850517452-3910458341-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-640966529-1850517452-3910458341-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-24 02:24:04 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-24 10:24
.
Pre-Run: 214,167,191,552 bytes free
Post-Run: 213,842,665,472 bytes free
.
- - End Of File - - FF9EC2FA6AF9165CE3E947D8A7A97574


I was scared momentarily when, after running ComboFix, the computer told me that Chrome, explorer, and Internet Explorer were all marked for deletion. I restarted and luckily they weren't. Is that normal?
  • 0

#12
emeraldnzl
Posted 24 February 2013 - 02:21 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I was scared momentarily when, after running ComboFix, the computer told me that Chrome, explorer, and Internet Explorer were all marked for deletion. I restarted and luckily they weren't. Is that normal?


It's normal for ComboFix to disconnect from the internet. Some of the methods it uses can appear to be deleting programs and data but everything should be returned to normal on reboot.

Now

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#13
sonicshadow
Posted 24 February 2013 - 03:58 PM

sonicshadow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I ran MBAM, here is the log:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
georgejhsu :: GEORGEJHSU-PC [administrator]

24/2/2013 12:34:13
mbam-log-2013-02-24 (12-34-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210758
Time elapsed: 21 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 30
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AppID\{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A33CE9E-4F33-4B4E-B263-6AEEAB6C3DC2} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.JsObject (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{FDAEAB93-6DC0-4A63-81C6-95C88ED36F6A} (Adware.Sogou) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FDAEAB93-6DC0-4A63-81C6-95C88ED36F6A} (Adware.Sogou) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage.2 (PUP.Baidu) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage.3 (PUP.Baidu) -> Quarantined and deleted successfully.
HKCR\BaiduBarEx.BDHomePage.4 (PUP.Baidu) -> Quarantined and deleted successfully.
HKCR\fsp (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Funshion Task (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\SogouExplorer.AssocFile.HTM (Adware.Sogou) -> Quarantined and deleted successfully.
HKCR\SogouExplorer.HTTP (Adware.Sogou) -> Quarantined and deleted successfully.
HKCR\SogouExplorerHTML (Adware.Sogou) -> Delete on reboot.
HKLM\SOFTWARE\Clients\StartMenuInternet\SogouExplorer.exe (Adware.Sogou) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funshion (PUP.Funshion) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} (Trojan.Agent) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 23
C:\Program Files (x86)\Funshion Online (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\icon (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\Media (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family (PUP.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\Baiduflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\Baiduflash\subflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\Cacheflash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flash (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashStamp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\popwind (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\control (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\download (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\historyTorrent (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\Seed (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\update (PUP.Funshion) -> Quarantined and deleted successfully.

Files Detected: 347
C:\Users\georgejhsu\AppData\Roaming\SogouExplorer_silent_3.1.0.4246_6304.exe (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\System32\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\agentd.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\cook.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\CoreAAC.ax (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\coreavc.ax (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\CrashReport.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\dbghelp.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\drvc.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\dump.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\fptassrv.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\Funshion-install.ico (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\FunShion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\funshionplugin2.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\FunshionService.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\FunshionUpgrade.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\gma.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\LangResEnAmerican.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\lsv.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\nicdescr.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\pncrt.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\pndx5032.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\pos.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\ptv.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\quality.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\rmoc3260.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\ttv.dll (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\Uninstall.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\icon\MP4.ico (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\icon\RMVB.ico (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\Media\Install Latest Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\Media\Start Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\AbnormalPopWndCloseBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\AddListFile.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\AddMore.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ArrowsTipBk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\bmpCleanFile.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\bmpClearDisk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\bmpError.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\bmpError_IE.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\bmpPlayBarTip.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\bmpPrompt.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\bmpQuestion.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\bmpTimerClose.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\bmpYellowQuestion.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\BtmLeftCornor.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\BtmRightCornor.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Buffering.gif (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\CaptionCloseBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\CaptionMaxBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\CaptionMenuBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\CaptionMenuBtnEn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\CaptionMinBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\CaptionModeBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\CaptionNormalBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\CaptionText.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\CaptionTextEn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\CheckBox_Box.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\CheckBox_Check.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ClearFile.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\DelListFile.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\DiskWarnning.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\HidePlayInfoBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\IErrorReshBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\IErrorWndBk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\IeToolBarBack.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\IeToolBarBkgnd.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\IeToolBarForward.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\IeToolBarGamePage.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\IeToolBarHomePage.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\IeToolBarRefresh.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\IeToolBarShopPage.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\imgCleanFileBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\imgCloseMini.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\imgFullViewMini.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\imgMinViewMini.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\imgNonTopViewMini.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\imgNormalViewMini.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\imgStandardMini.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\imgStandardMiniEn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\imgTopViewMini.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\imgVolCtrlBarThumb.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\imgVolCtrlBarThumbSel.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\IntergrateModeBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\LibraryStatus.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\LibraryStatusEn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\list_expend.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\LogoMini.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\LogoMiniEn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\OptionBtnArrow.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\OptionBtnBk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\OptionBtnDownArrow.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\OptionBtnUpArrow.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\OptionSplidBarHead.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\OptionSplidBarTrail.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\OptionSplideBarBkgnd.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\OptionSplideBarThumb.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\OptionText.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\OptionTextEn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PauseAdCloseBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PauseFlickerBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnFullView.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnNext.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnNextMini.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnNonTop.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnNormal.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnPause.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnPauseMini.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnPlay.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnPlayList.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnPlayMini.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnPre.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnPreMini.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnSimple.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnSimpleEn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnStop.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnStopMini.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnTop.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnVolMute.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnVolume.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarBtnVolumeMini.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerBarOpenFile.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerStatus.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerStatusEn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayerTipCloseBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayInfoCurPlay.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayList.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayListEn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayTrackBarThumb.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PlayTrackBarThumbSel.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PopUrlCheckBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PopUrlCheckBtnCheck.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PopUrlCloseBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PopUrlCloseBtnAbnormal.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PopUrlIcon.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\PopUrlMiniBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\RadioBtnBox.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\RadioBtnPt.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\RpcLoading.gif (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\RpcStartDlgBk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Scroll.gif (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ScrollBarDownArrow.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ScrollBarDownArrowOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ScrollBarUpArrow.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ScrollBarUpArrowOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ScrollBarVerBkgnd.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ScrollBarVerBkgndOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ScrollBarVerWidgetBkgnd.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ScrollBarVerWidgetBkgndOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ScrollBarVerWidgetHead.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ScrollBarVerWidgetHeadOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ScrollBarVerWidgetMid.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ScrollBarVerWidgetMidOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ScrollBarVerWidgetTrail.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ScrollBarVerWidgetTrailOption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ScrollLinkBkgnd.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ScrollLinkFrm.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\ShowPlayInfoBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\switchToLibrary.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\switchToLibraryEn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\switchToPlayer.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\switchToPlayerEn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\TabModeBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\TaskBarTipDownArrow.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\TaskDelete.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\TaskDownLoad.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\TaskList.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\TaskListEn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\TaskListStatIcons.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\TaskListStatSelIcon.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\TaskManagerCloseBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\TaskManagerCloseTxtBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\TaskPaused.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\TextBtnBk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\TipBottomArrow.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\TipRightArrow.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\TipTopArrow.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\TopLeftCornor.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\TopRightCornor.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\UpdateBtmBkgnd.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\UpdateBtmCloseBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\UpdateBtmIgoreBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\UpdateBtmUpdateBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\UpdateCapBkgnd.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\UpdateCaption.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\UpdateIconFail.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\UpdateIconInit.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\UpdateIconSuc.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\WebCloseBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\WebCloseBtnRgn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\WebToolBarBk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\WndCloseBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\CaptionCloseBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\CaptionFamilyBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\CaptionFamilyBtnEn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\CaptionMaxBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\CaptionMenuBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\CaptionMinBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\CaptionModeBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\CaptionNormalBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\IeToolBarBack.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\IeToolBarForward.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\IeToolBarGamePage.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\IeToolBarHomePage.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\IeToolBarRefresh.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\IeToolBarShopPage.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\switchToLibrary.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\switchToLibraryEn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\switchToPlayer.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\switchToPlayerEn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\WebToolBarBk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Default\wndBkgnd.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\CaptionCloseBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\CaptionFamilyBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\CaptionFamilyBtnEn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\CaptionMaxBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\CaptionMenuBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\CaptionMinBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\CaptionModeBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\CaptionNormalBtn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\IeToolBarBack.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\IeToolBarForward.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\IeToolBarGamePage.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\IeToolBarHomePage.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\IeToolBarRefresh.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\IeToolBarShopPage.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\switchToLibrary.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\switchToLibraryEn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\switchToPlayer.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\switchToPlayerEn.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\WebToolBarBk.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin\Family\wndBkgnd.bmp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion Use Help.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Uninstall Funshion.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\Update History.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\install.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\Cacheflash\blankFs.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\Cacheflash\donghuanew_18.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flash\B0553E07_BC99_DCE3_5689_BA5484C2B68F.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\0199DD58_4A71_427E_9EC3_307A84D9E90E.date1342885421.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\02E89049_1B92_6CEA_7673_30857D35C4D5.date1342590505.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\0A8850AC_66B3_FBE2_4546_1D68730B65E2.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\16C0BB73_D44F_2246_F085_4BEE5D17A4E1.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\245F2C16_4494_50D6_6FA4_D6A406B3C87F.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\2B33C3A0_FF80_48AF_3220_DDDA2D3747AA.date1343368254.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\2B63992D_8136_261F_A197_7584A1B93130.date1342419879.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\2B93547D_1CE7_0F4B_BF65_23634988ACA4.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\2F00944F_1C6A_C722_166B_358F79A53C5B.date1343368254.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\32249351_A217_698D_1A8A_61304F2D64D9.date1342376955.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\39262C52_1F96_D2C5_B92C_1C69289C9C8A.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\3A073DC9_0734_695B_25A3_C8546685BD1D.date1341195355.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\47D56B58_0D3F_8042_BAA0_632C0F6BC7BE.date1342590504.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\485A45BA_2E55_9471_177C_B65F143D80E3.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\4D39FE61_7E17_FBC0_63EA_B0E75486653F.date1341195355.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\4F5B6D70_ADA8_4F2B_4B4B_86ED3F9EB1D9.date1341195355.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\52DB2370_ABE7_EF99_BE0F_67A5FA544EB0.date1342202533.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\53A75E53_99CE_52AF_54AE_28E722EFD1E5.date1341705157.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\55C20688_D127_B4F7_F8AC_59048551B747.date1343368254.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\56EE6E03_D674_C7A4_EB3E_BF01B436DCC1.date1341705157.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\5A140FB4_16F3_B60D_52D5_36AE3E2373C3.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\5E117964_0F95_ECE2_5E06_120461320B15.date1342590504.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\618611C4_73C6_F22C_A138_7081291C6E66.date1342376955.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\7385399B_4AA7_9390_B8A7_852C28B79A90.date1342885421.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\75039C35_3A4A_B7A9_BA43_97E28059D1BE.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\7982242E_EBDB_388C_4516_56D879ABDBEB.date1342419878.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\7C984A0F_8CF1_AFA9_9A0C_149DB4BF9C9D.date1341780050.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\7CA1705A_2368_D625_26A4_57AFC351993F.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\8518408B_DEFE_3E9F_8EB3_3255EC017706.date1342376955.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\867650BA_5A18_3385_6464_B3B78DA513CF.date1342885421.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\8721F182_D08F_3208_0E64_61899BDDF837.date1341195355.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\8CC1696F_D631_5B19_18BC_BB86EE346955.date1342202533.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\8CC9F8AE_7199_D4CA_9A33_025962CD229C.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\93401DA1_4AA4_2A43_088A_6AE1F069A9DD.date1342376955.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\943DE940_1A99_90B4_101A_C81CCFCF8AE3.date1342202533.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\97FA44D3_A760_AC73_9B73_1C54B2DC498F.date1343368254.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\9A04C410_5DE8_01E0_5522_87EC5A02C1FB.date1342419878.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\A02FEDD8_D1F5_B33D_85B5_A8B5D842E4DE.date1342419878.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\A321EB56_D06B_27D0_0617_FEB54BD39671.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\A514AEDE_6483_E8A0_53D1_8EE7FE1B4BBC.date1343368254.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\AF496056_0431_2F86_0270_8347863AFE59.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\B410A2BE_CF31_10DB_870A_5E2152A9B6AB.date1342202533.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\B52509AC_A0A5_80A9_DE93_F99449FC26DD.date1342202533.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\BB0ED6B4_3F65_1848_A3AB_9C3C338528E6.date1343368254.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\BB702686_5C8D_6D03_347A_ACFE477136CA.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\C0F539D2_5B1A_8B48_8D1B_46CE7C6DE964.date1343368254.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\C5338AF6_9B08_C405_0BB2_3703A451B18F.date1341705157.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\CC22A7EA_DA17_D778_01CD_16E28964DE74.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\CD48E4DE_B340_82A4_DE47_FE0F04629C82.date1342376954.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\D144F609_83B3_15E4_C736_66BA047E2AA0.date1341705157.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\D28F0325_1AEB_A42A_553D_C21856AA042A.date1341705157.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\D5D0A12F_DD03_026A_FEBF_9D4FA4A3DAA0.date1343368253.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\D8DC8FA0_4BCD_94BE_8474_F1E27C71191C.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\DB04592F_1F0B_CDD2_871C_30FDA9F0F247.date1342376954.flv (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\EA868B95_2CB0_9A7F_FE42_9D7A82E3F1B4.date1342419877.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\F3122240_A867_31F5_AF40_3AC1E7DB0FCC.date1343368253.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\FB117893_10CE_5F78_B290_B83FDA82A9A4.date1342202533.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\FB451804_6BD5_388E_71AB_D8B1AEC6F4C4.date1342885420.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\flashNew\FBA04F6F_E180_ED2C_D078_E5BDA7371887.date1342590502.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\popwind\1F1479D1_3BFE_18C6_647B_9FE2EC029905.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\popwind\283526E7_A375_342F_FA2B_18519DF19C79.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\popwind\38BC5D8F_9840_3F00_F7FF_AEF54072FA74.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\popwind\3BE7316C_D72F_04E9_8FD6_B96924FCE9C7.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\popwind\47C2CAE1_8CE8_36F8_3E65_F4ECAF2C14B9.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\popwind\58EDE856_88FE_33C8_DFDD_1C6F49EA5A43.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\popwind\7283A45E_36BE_6AE3_4FC7_7AB6DBA75F50.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\popwind\76F8F7C0_3082_D514_2BFB_6E5F606DFAF1.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\popwind\81CB9AA7_C215_FE29_5647_DE377BF9A56F.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\popwind\8F8AE06C_C9A6_E4DA_191E_A2F699E04C0F.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\popwind\ADE8AFE3_3CDC_41F3_414E_25C2CA16D33F.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\popwind\C87D6D61_F9A1_0577_3784_6F29ED46FD28.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\popwind\CCA3BA2E_0BA8_1BE9_EABB_BDFBCD326A56.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\cache\popwind\DA503922_29A7_E0A2_8669_48AAE60D1D5B.swf (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\control\1336442265_1336442264_.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\control\1336442265_1336442264_.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\control\1337034175_1337034168_.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\control\1337034175_1337034168_.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\control\1337034175_1337034168_.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\control\1337034175_1337034168_.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\control\1337034293_1337034291_.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\control\1337034293_1337034291_.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\control\1337034344_1337034342_.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\control\1337034344_1337034342_.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\control\1338409630_1338409629_.dat (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\control\1338409630_1338409629_.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\control\1338409630_1338409629_.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\control\1338409630_1338409629_.json_backup (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\download\FunshionInstall2.6.1.25_kuwo.exe (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\ini\httpfile.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\ini\temp_config.ini (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\update\AdLinkParamFile.fax (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\update\ad_define.fai (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\update\ad_define.fai.bak (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\update\ad_material.fax (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\update\flashParam.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\update\flashParam.txt.bak (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\update\localad.fax (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\update\Pop Game.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\update\popwind.json (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\update\Shopping Sites.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\update\StampPolicy.txt (PUP.Funshion) -> Quarantined and deleted successfully.
C:\Users\georgejhsu\funshion\update\updatexmlfile.txt (PUP.Funshion) -> Quarantined and deleted successfully.

(end)
  • 0

#14
emeraldnzl
Posted 24 February 2013 - 04:09 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Looks like we are making progress now. :)

Please run an online AV scan again and post back the results. Seeing you used the ESET one before it would probably be faster to use it again.
  • 0

#15
sonicshadow
Posted 24 February 2013 - 07:47 PM

sonicshadow

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Using ESET again:

C:\Users\georgejhsu\Downloads\iqy_offline_2.4.0.0_p2.exe a variant of Win32/Hao123.A application
C:\Users\georgejhsu\Downloads\LeTV_setup (1).exe a variant of Win32/Hao123.A application
C:\Users\georgejhsu\Downloads\LeTV_setup.exe a variant of Win32/Hao123.A application

Should I delete these manually?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP