Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

windows 7 reboot randomly

Started by mb05 , May 26 2013 12:46 PM

  • Please log in to reply

#1
mb05
Posted 26 May 2013 - 12:46 PM

mb05

    New Member

  • Member
  • Pip
  • 2 posts
windows 7 reboot randomly, not sure if it's spyware problem, Experts here please help me!!!

OTL logfile created on: 5/27/2013 2:40:27 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mbching\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 48.25% Memory free
8.00 Gb Paging File | 4.87 Gb Available in Paging File | 60.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 9.51 Gb Free Space | 7.98% Space Free | Partition Type: NTFS

Computer Name: MBCHING-PC | User Name: mbching | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/27 02:40:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mbching\Downloads\OTL.exe
PRC - [2013/05/27 02:24:14 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\mbching\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
PRC - [2013/05/23 13:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/05/11 13:50:03 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013/05/09 12:38:15 | 009,829,680 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
PRC - [2013/05/07 03:14:08 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2013/05/06 16:15:36 | 000,079,384 | ---- | M] (Google) -- C:\Users\mbching\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/04/30 18:56:55 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkOverlay.exe
PRC - [2013/04/27 10:21:18 | 000,321,672 | ---- | M] () -- C:\Program Files (x86)\Funshion Online\Funshion\InnerWeb.exe
PRC - [2013/04/27 10:21:08 | 004,184,712 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe
PRC - [2013/04/27 10:12:12 | 002,337,928 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Program Files (x86)\Funshion Online\Funshion\FunshionService.exe
PRC - [2013/04/25 15:20:08 | 000,335,496 | ---- | M] (Funshion) -- C:\Users\mbching\funshion\funshiontools\FSPAP.exe
PRC - [2013/04/16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/03/28 17:12:20 | 000,068,192 | ---- | M] (Robert McNeel & Associates) -- C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
PRC - [2013/03/22 22:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\mbching\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/08/16 03:14:54 | 003,491,264 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012/08/15 22:50:37 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
PRC - [2011/09/15 12:19:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
PRC - [2011/02/22 21:52:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010/10/25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/05/25 20:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2010/01/22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/12/19 02:44:10 | 001,638,400 | ---- | M] (Edimax Technology Co.) -- C:\Program Files (x86)\Edimax\Common\RaUI.exe
PRC - [2009/11/16 16:54:44 | 003,536,904 | ---- | M] (ASRock) -- C:\Program Files (x86)\ASRock Utility\InstantBoot\InstantBoot.exe
PRC - [2009/09/26 02:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
PRC - [2009/07/08 15:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
PRC - [2008/04/07 20:00:54 | 000,053,248 | ---- | M] (VT Software) -- C:\Users\mbching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WMC.exe
PRC - [2007/01/17 15:24:34 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/27 02:24:14 | 000,697,884 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0019\~df394b.tmp
MOD - [2013/05/27 02:24:14 | 000,592,896 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0019\~de6248.tmp
MOD - [2013/05/27 02:24:13 | 001,175,040 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\wx._core_.pyd
MOD - [2013/05/27 02:24:13 | 001,153,024 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\_ssl.pyd
MOD - [2013/05/27 02:24:13 | 001,022,416 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\windows._cacheinvalidation.pyd
MOD - [2013/05/27 02:24:13 | 000,811,008 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\wx._windows_.pyd
MOD - [2013/05/27 02:24:13 | 000,805,888 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\wx._gdi_.pyd
MOD - [2013/05/27 02:24:13 | 000,735,232 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\wx._misc_.pyd
MOD - [2013/05/27 02:24:13 | 000,711,680 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\_hashlib.pyd
MOD - [2013/05/27 02:24:13 | 000,557,056 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\pysqlite2._sqlite.pyd
MOD - [2013/05/27 02:24:13 | 000,364,544 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\pythoncom27.dll
MOD - [2013/05/27 02:24:13 | 000,320,512 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\win32com.shell.shell.pyd
MOD - [2013/05/27 02:24:13 | 000,128,512 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\_elementtree.pyd
MOD - [2013/05/27 02:24:13 | 000,122,368 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\wx._wizard.pyd
MOD - [2013/05/27 02:24:13 | 000,119,808 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\win32file.pyd
MOD - [2013/05/27 02:24:13 | 000,110,080 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\PyWinTypes27.dll
MOD - [2013/05/27 02:24:13 | 000,108,544 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\win32security.pyd
MOD - [2013/05/27 02:24:13 | 000,098,816 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\win32api.pyd
MOD - [2013/05/27 02:24:13 | 000,087,040 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\_ctypes.pyd
MOD - [2013/05/27 02:24:13 | 000,070,656 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\wx._html2.pyd
MOD - [2013/05/27 02:24:13 | 000,044,032 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\_socket.pyd
MOD - [2013/05/27 02:24:13 | 000,035,840 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\win32process.pyd
MOD - [2013/05/27 02:24:13 | 000,026,624 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\_multiprocessing.pyd
MOD - [2013/05/27 02:24:13 | 000,025,600 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\win32pdh.pyd
MOD - [2013/05/27 02:24:13 | 000,022,528 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\win32ts.pyd
MOD - [2013/05/27 02:24:13 | 000,017,408 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\win32profile.pyd
MOD - [2013/05/27 02:24:13 | 000,011,264 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\win32crypt.pyd
MOD - [2013/05/27 02:24:12 | 001,062,400 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\wx._controls_.pyd
MOD - [2013/05/27 02:24:12 | 000,686,080 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\unicodedata.pyd
MOD - [2013/05/27 02:24:12 | 000,127,488 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\pyexpat.pyd
MOD - [2013/05/27 02:24:12 | 000,038,912 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\win32inet.pyd
MOD - [2013/05/27 02:24:12 | 000,018,432 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\win32event.pyd
MOD - [2013/05/27 02:24:12 | 000,010,240 | ---- | M] () -- C:\Users\mbching\AppData\Local\Temp\_MEI28362\select.pyd
MOD - [2013/05/23 13:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/23 13:44:06 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013/05/23 13:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/23 13:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013/05/23 13:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013/05/23 13:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013/05/17 21:58:03 | 000,181,760 | ---- | M] () -- C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\1.2013.508.7_0\plugin\ace.dll
MOD - [2013/05/16 03:24:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/16 03:23:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/05/15 20:02:07 | 000,027,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\VersionModule.dll
MOD - [2013/05/15 15:01:55 | 001,934,640 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\bbtalk\Overlay.dll
MOD - [2013/05/09 12:38:36 | 000,827,696 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
MOD - [2013/05/09 12:38:15 | 009,829,680 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
MOD - [2013/05/03 15:34:54 | 000,184,832 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\bbtalk\ggspawn.dll
MOD - [2013/04/30 18:56:55 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\bbtalk\GarenaTalkOverlay.exe
MOD - [2013/04/27 10:21:18 | 000,321,672 | ---- | M] () -- C:\Program Files (x86)\Funshion Online\Funshion\InnerWeb.exe
MOD - [2013/04/27 10:08:04 | 000,170,120 | ---- | M] () -- C:\Program Files (x86)\Funshion Online\Funshion\ptv.dll
MOD - [2013/04/27 10:07:56 | 000,299,144 | ---- | M] () -- C:\Program Files (x86)\Funshion Online\Funshion\lsv.dll
MOD - [2013/04/27 10:07:52 | 000,294,024 | ---- | M] () -- C:\Program Files (x86)\Funshion Online\Funshion\agentd.dll
MOD - [2013/04/27 10:07:42 | 000,240,128 | ---- | M] () -- C:\Program Files (x86)\Funshion Online\Funshion\ttv.dll
MOD - [2013/04/27 10:06:12 | 000,461,312 | ---- | M] () -- C:\Program Files (x86)\Funshion Online\Funshion\gma.dll
MOD - [2013/04/27 10:05:42 | 000,302,080 | ---- | M] () -- C:\Program Files (x86)\Funshion Online\Funshion\dump.dll
MOD - [2013/04/25 19:31:02 | 001,543,984 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
MOD - [2013/04/25 19:31:00 | 000,957,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XLL.dll
MOD - [2013/04/25 19:30:56 | 000,236,336 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PluginNews.dll
MOD - [2013/04/25 19:30:54 | 000,436,528 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\GarenaTalkPlugin.dll
MOD - [2013/04/25 19:30:53 | 000,286,000 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\DailyTaskPlugin.dll
MOD - [2013/04/25 19:30:53 | 000,133,936 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\ClanBoxPlugin.dll
MOD - [2013/04/25 19:30:43 | 000,191,280 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dll
MOD - [2013/04/25 15:20:20 | 000,389,256 | ---- | M] () -- C:\Users\mbching\funshion\funshiontools\LuaInterface_mt.dll
MOD - [2013/04/10 17:23:12 | 000,170,800 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
MOD - [2013/04/10 17:22:55 | 000,155,440 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libmpg123.dll
MOD - [2013/04/10 17:22:48 | 000,794,928 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\gagmhook.dll
MOD - [2013/03/22 22:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013/03/22 22:08:36 | 002,520,016 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2013/03/13 18:05:59 | 000,374,064 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\Http.dll
MOD - [2013/03/07 10:10:42 | 000,106,288 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
MOD - [2013/03/07 10:10:39 | 000,224,560 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
MOD - [2013/03/07 10:10:22 | 000,487,216 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CxImage.dll
MOD - [2013/02/07 17:11:25 | 000,025,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginModule.dll
MOD - [2013/02/07 17:11:24 | 000,087,344 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginKernel.dll
MOD - [2013/02/07 17:11:22 | 000,192,816 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ImageModule.dll
MOD - [2013/02/07 17:11:17 | 000,051,504 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\FileLoader.dll
MOD - [2013/02/07 17:11:15 | 000,033,584 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\DibModule.dll
MOD - [2013/02/01 13:42:29 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libzmq.dll
MOD - [2013/01/30 16:26:41 | 002,941,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdownloader.dll
MOD - [2013/01/30 16:26:38 | 000,104,752 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CommonLib.dll
MOD - [2013/01/16 18:30:17 | 000,098,608 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\PlatformPlugin.dll
MOD - [2013/01/14 19:57:52 | 001,092,912 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
MOD - [2013/01/14 19:57:46 | 000,219,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
MOD - [2013/01/11 03:24:35 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 03:24:22 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/11 03:24:19 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 03:24:16 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/09/13 14:19:19 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
MOD - [2012/07/27 14:59:42 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
MOD - [2012/07/27 14:59:28 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
MOD - [2012/04/24 09:19:16 | 000,238,592 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
MOD - [2012/04/13 11:12:18 | 000,059,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
MOD - [2012/04/13 11:12:18 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
MOD - [2012/03/08 16:56:40 | 000,510,464 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
MOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lame_enc.dll
MOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\sqlite3.dll
MOD - [2012/02/22 16:52:16 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
MOD - [2012/02/22 16:52:16 | 000,122,136 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggcode.dll
MOD - [2012/01/08 21:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/10/18 09:54:25 | 000,056,832 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\bbtalk\PluginKernel.dll
MOD - [2011/10/18 09:54:24 | 000,097,792 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\bbtalk\CommonLib.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/10/07 01:35:32 | 000,901,120 | ---- | M] () -- C:\Program Files (x86)\Edimax\Common\RaWLAPI.dll
MOD - [2009/09/26 02:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/17 03:07:17 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/06/12 01:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/15 12:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe -- (mi-raysat_3dsmax2013_64)
SRV:64bit: - [2011/02/22 21:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/16 04:04:29 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/22 15:56:54 | 000,212,616 | ---- | M] () [Auto | Running] -- C:\Users\mbching\funshion\funshiontools\FunshionSvr.dll -- (FunshionSvr)
SRV - [2013/04/03 14:41:02 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)
SRV - [2013/04/03 14:41:02 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2013/04/03 14:41:02 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
SRV - [2013/04/03 14:41:02 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
SRV - [2013/04/03 14:41:02 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV - [2013/04/03 14:41:02 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)
SRV - [2013/03/28 17:12:20 | 000,068,192 | ---- | M] (Robert McNeel & Associates) [Auto | Running] -- C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe -- (McNeelUpdate)
SRV - [2013/03/22 22:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012/08/15 22:51:03 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/08/15 22:50:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/08/15 22:50:37 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2012/06/11 13:12:16 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ati\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/06 11:57:44 | 000,212,256 | ---- | M] (Ralink Technology, Corp.) [Auto | Stopped] -- C:\Program Files (x86)\Edimax\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2009/10/06 11:57:44 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Stopped] -- C:\Program Files (x86)\Edimax\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 11:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/26 01:02:24 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/02/12 12:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/10/03 06:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012/09/19 10:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/06/12 02:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/06/12 02:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/12 00:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/04/23 19:26:26 | 000,154,272 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 20:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/11/20 21:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/03/04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/07 18:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 18:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/10/06 11:57:32 | 000,737,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/08/23 22:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 09:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/11/02 16:57:04 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\pxhelp20.sys -- (PxHelp20)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-sea...88B001F1FB8B70A
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-sea...88B001F1FB8B70A
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://hk.msn.com/?r...opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA 21 0D C2 B4 14 CE 01 [binary data]
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...88B001F1FB8B70A
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mbching\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\mbching\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mbching\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mbching\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mbching\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/22 04:19:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\mbching\AppData\Roaming\IDM\idmmzcc5 [2012/08/16 03:15:20 | 000,000,000 | ---D | M]

[2013/05/26 01:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.hao123.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\mbching\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\mbching\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: Change Font Family Style = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabledekpjmoghdjnpnhfkfpmjifklpb\2.6_0\
CHR - Extension: HKG XIcons = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahfckkfkbglddndjkbjoipljedjallk\2.9.8.2_0\
CHR - Extension: Floorplanner = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag\13_0\
CHR - Extension: Google \u96F2\u7AEF\u786C\u789F = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: \u95DC\u71C8\u770B\u5F71\u7247 = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2_0\
CHR - Extension: YouTube = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google \u641C\u5C0B = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AutoCAD WS = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcjeclnkejmbepoibfnamioojinoopln\2.0_0\
CHR - Extension: Speed Dial = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.3_0\
CHR - Extension: Autocomplete = on = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh\1.0_0\
CHR - Extension: Google \u65E5\u66C6 = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: \u66FF\u6362\u5B57\u4F53\u7684\u4E2D\u6587\u90E8\u5206\u4E3A\u96C5\u9ED1 = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\enpkigfhoabjjjonanmddidnnahopmcn\0.7.54.11_0\
CHR - Extension: Mail Checker Plus for Google Mail\u2122 = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffjhibehnempbkeheiccaincokdjbfe\1.3.19_0\
CHR - Extension: AdBlock = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: Jon Klassen = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmgjhcokclngghkncjakaigpjhfhpoek\2_0\
CHR - Extension: Send to Evernote = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnilckpgiopfcokcijkhpghppekcoafm\2.6.3.3_0\
CHR - Extension: Pinterest = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0\
CHR - Extension: Feedly - Your News, RSS, Google Reader = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\14.0.490_0\
CHR - Extension: Referer Control = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkcfpcejkafcihlgbojoidoihckciin\0.47_0\
CHR - Extension: Clock = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoihofapbdnldlhecnhefifbcddgdkhm\1.2_0\
CHR - Extension: Clearly = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\9.3369.163.322_0\
CHR - Extension: Evernote \u7DB2\u9801 = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: MKG = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\leafohoceejeoglplnpcjddegfhbebcj\0.6_0\
CHR - Extension: External noreferrer = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\lobgjaciknombeehlellklmbakbphhll\0.1_0\
CHR - Extension: Google \u8F38\u5165\u5DE5\u5177 (\u7531 Google \u63D0\u4F9B) = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\mclkkofklkfljcocdinagocijmpgbhab\1.11.0.0_0\
CHR - Extension: Google Mail Checker = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: WGT Golf Game = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb\45.0.0_1\
CHR - Extension: Hangouts = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\1.2013.508.7_0\
CHR - Extension: Pocket (formerly Read It Later) = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.4_0\
CHR - Extension: \u6587\u4EF6 PDF/PowerPoint \u6AA2\u8996\u5668 (\u7531 Google \u63D0\u4F9B) = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\
CHR - Extension: Hover Zoom = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.18_1\
CHR - Extension: Checker Plus for Gmail\u2122 = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\13.5.3_0\
CHR - Extension: Force Microsoft Yahei Font = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojlocjfaheiilmgjdgnoehhdigfedhjl\0.1.0_0\
CHR - Extension: Unblock Youku = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.6.9_0\
CHR - Extension: Evernote Web Clipper = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.14_0\
CHR - Extension: Gmail = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
CHR - Extension: \u867E\u58F3 ~MusicCase~ = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\pliopboejkkmebobeabhdpmpngigicig\1.2.10_0\
CHR - Extension: We Are Hunted = C:\Users\mbching\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgdicpfcekegalffnnbhkjkkoapppga\1.0.0.0_0\

O1 HOSTS File: ([2012/09/27 23:22:28 | 000,007,443 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com #192.150.22.22
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com #192.150.14.21
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com #192.150.18.247
O1 - Hosts: 127.0.0.1 3dns-5.adobe.com #192.150.22.46
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com #192.150.11.30
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com #192.150.11.247
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com #192.150.22.30
O1 - Hosts: 127.0.0.1 adobe.activate.com #69.175.22.26
O1 - Hosts: 127.0.0.1 activate.adobe.com #192.150.22.40
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com #192.150.22.40
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com #192.150.22.40
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com #192.150.22.40
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com #192.150.14.69
O1 - Hosts: 127.0.0.1 ereg.adobe.com #192.150.18.103
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com #192.150.18.63
O1 - Hosts: 127.0.0.1 ereg.wip4.adobe.com #192.150.18.103
O1 - Hosts: 127.0.0.1 practivate.adobe.com #192.150.18.54
O1 - Hosts: 127.0.0.1 www.wip3.adobe.com #192.150.8.60
O1 - Hosts: 127.0.0.1 www.wip4.adobe.com #192.150.18.200
O1 - Hosts: 127.0.0.1 www.adobeereg.com #75.125.24.83
O1 - Hosts: 127.0.0.1 adobeereg.com #207.66.2.10
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com #192.150.14.174
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 109 more lines...
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {06433BFE-4946-4E89-823D-CD359C81CD06} - No CLSID value found.
O2 - BHO: (no name) - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - No CLSID value found.
O2 - BHO: (瑞俴弝畦溫摯狟婥郪璃) - {4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - C:\Users\mbching\funshion\funshiontools\FunshionHelper.dll (北京风行在线技术有限公司

)
O2 - BHO: (xiamistart Class) - {658D2C4F-158A-46FB-8C96-B1C8F56DBBE9} - C:\Windows\SysWOW64\XiaMiplugin.dll (XiaMi music)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ati\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\mbching\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [ASRockIES] File not found
O4 - HKCU..\Run: [ASRockOCTuner] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [Funshion] C:\Program Files (x86)\Funshion Online\Funshion\Funshion.exe (Funshion Online Technologies Ltd.)
O4 - HKCU..\Run: [GarenaPlus] C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe ()
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_146416329650E280F18CF14EF1116881] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [zASRockInstantBoot] File not found
O4 - HKCU..\RunOnce: [Application Restart #3] C:\Program Files (x86)\11game\11Item.exe ()
O4 - Startup: C:\Users\mbching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk = C:\Program Files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
O4 - Startup: C:\Users\mbching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\mbching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warcraft Config.lnk = File not found
O4 - Startup: C:\Users\mbching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warkeys Update.lnk = C:\Program Files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
O4 - Startup: C:\Users\mbching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WMC.exe (VT Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: ?????360???? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download FLV videos with IDM from 10 last requested - C:\Program Files (x86)\Internet Download Manager\IEGetVL2.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: ?????360???? - Reg Error: Value error. File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download FLV videos with IDM from 10 last requested - C:\Program Files (x86)\Internet Download Manager\IEGetVL2.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13605CF5-57F7-41C1-8A68-A0C569D0ECAB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/12/21 04:48:21 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{ec313b40-e6e8-11e1-944e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ec313b40-e6e8-11e1-944e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{ee51e3d8-c55b-11e2-9c15-0025225c335f}\Shell - "" = AutoRun
O33 - MountPoints2\{ee51e3d8-c55b-11e2-9c15-0025225c335f}\Shell\AutoRun\command - "" = E:\autoplay.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/26 02:36:45 | 000,000,000 | ---D | C] -- C:\Users\mbching\Desktop\Warcraft III
[2013/05/26 01:37:22 | 000,000,000 | ---D | C] -- C:\FunshionMedia
[2013/05/26 01:37:22 | 000,000,000 | ---D | C] -- C:\Users\mbching\funshion
[2013/05/26 01:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion
[2013/05/26 01:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funshion Online
[2013/05/26 01:07:50 | 000,000,000 | ---D | C] -- C:\Users\mbching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III Reign of Chaos & The Frozen Throne
[2013/05/26 01:03:08 | 000,000,000 | ---D | C] -- C:\Users\mbching\AppData\Local\Bundled software uninstaller
[2013/05/26 01:03:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/05/26 01:03:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/05/26 01:03:06 | 000,000,000 | ---D | C] -- C:\Users\mbching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013/05/26 01:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013/05/26 01:03:02 | 000,000,000 | ---D | C] -- C:\Users\mbching\AppData\Roaming\BabSolution
[2013/05/26 01:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013/05/26 01:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/26 01:02:56 | 000,000,000 | ---D | C] -- C:\Users\mbching\AppData\Roaming\Delta
[2013/05/26 01:02:43 | 000,000,000 | ---D | C] -- C:\Users\mbching\AppData\Roaming\Babylon
[2013/05/26 01:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/05/26 01:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013/05/26 01:02:24 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/05/26 01:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013/05/18 17:08:29 | 000,000,000 | ---D | C] -- C:\Users\mbching\Desktop\New folder
[2013/05/13 02:53:42 | 000,000,000 | ---D | C] -- C:\Users\mbching\AppData\Roaming\11Game
[2013/05/10 21:48:35 | 000,000,000 | ---D | C] -- C:\Users\mbching\AppData\Roaming\Mozilla
[25 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/27 02:41:51 | 000,004,172 | ---- | M] () -- C:\Users\mbching\funshion.ini
[2013/05/27 02:41:13 | 000,000,911 | ---- | M] () -- C:\Users\mbching\AppData\Roaming\coreavc.ini
[2013/05/27 02:30:05 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/27 02:30:05 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/27 02:30:05 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/27 02:24:22 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/27 02:24:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/27 02:24:05 | 3220,623,360 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/27 02:08:14 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2279390230-3928755398-1291465425-1000UA.job
[2013/05/27 02:08:14 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/27 02:08:07 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2279390230-3928755398-1291465425-1000Core.job
[2013/05/27 02:08:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/26 02:34:18 | 000,000,065 | ---- | M] () -- C:\prefs.js
[2013/05/26 02:19:06 | 1089,902,935 | ---- | M] () -- C:\Users\mbching\Desktop\Warcraft III.rar
[2013/05/26 02:03:23 | 000,001,374 | ---- | M] () -- C:\Users\mbching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warcraft Config.lnk
[2013/05/26 01:37:24 | 000,002,197 | ---- | M] () -- C:\Users\mbching\Application Data\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk
[2013/05/26 01:37:24 | 000,001,128 | ---- | M] () -- C:\Windows\SysWow64\funshion.ini
[2013/05/26 01:37:23 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\Funshion.lnk
[2013/05/26 01:02:35 | 000,001,914 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013/05/26 01:02:24 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013/05/25 06:08:31 | 000,024,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/25 06:08:31 | 000,024,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/17 16:03:23 | 000,000,793 | ---- | M] () -- C:\Users\mbching\Desktop\Warcraft III eSK.lnk
[2013/05/17 11:30:32 | 010,047,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/17 03:52:45 | 011,667,729 | ---- | M] () -- C:\Users\mbching\Desktop\com.google.android.talk-1.apk
[2013/05/16 17:18:08 | 011,643,815 | ---- | M] () -- C:\Users\mbching\Desktop\Hangoutsv1.0.0.1.apk
[25 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/26 02:34:18 | 000,000,065 | ---- | C] () -- C:\prefs.js
[2013/05/26 02:07:18 | 1089,902,935 | ---- | C] () -- C:\Users\mbching\Desktop\Warcraft III.rar
[2013/05/26 01:39:46 | 000,000,911 | ---- | C] () -- C:\Users\mbching\AppData\Roaming\coreavc.ini
[2013/05/26 01:37:24 | 000,002,197 | ---- | C] () -- C:\Users\mbching\Application Data\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk
[2013/05/26 01:37:23 | 000,002,165 | ---- | C] () -- C:\Users\Public\Desktop\Funshion.lnk
[2013/05/26 01:07:50 | 000,001,374 | ---- | C] () -- C:\Users\mbching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warcraft Config.lnk
[2013/05/26 01:02:35 | 000,001,914 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013/05/17 05:05:11 | 000,000,793 | ---- | C] () -- C:\Users\mbching\Desktop\Warcraft III eSK.lnk
[2013/05/17 03:51:52 | 011,667,729 | ---- | C] () -- C:\Users\mbching\Desktop\com.google.android.talk-1.apk
[2013/05/17 03:43:53 | 011,643,815 | ---- | C] () -- C:\Users\mbching\Desktop\Hangoutsv1.0.0.1.apk
[2013/04/03 14:41:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2013/04/03 14:41:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2013/03/18 13:51:36 | 000,003,654 | ---- | C] () -- C:\Windows\SysWow64\drivers\Sonyhcp.dll
[2013/01/26 01:57:46 | 000,003,032 | ---- | C] () -- C:\Users\mbching\AppData\Local\recently-used.xbel
[2012/11/30 22:24:33 | 000,000,400 | ---- | C] () -- C:\Windows\i_iclink479.ini
[2012/11/30 22:24:33 | 000,000,400 | ---- | C] () -- C:\Windows\SysWow64\drivers\fcompbg314.dat
[2012/11/15 10:57:52 | 000,004,172 | ---- | C] () -- C:\Users\mbching\funshion.ini
[2012/11/15 10:57:52 | 000,001,128 | ---- | C] () -- C:\Windows\SysWow64\funshion.ini
[2012/10/04 18:46:14 | 023,857,355 | ---- | C] () -- C:\Users\mbching\Vray for Rhino 4.0.rar
[2012/10/03 22:58:10 | 000,278,528 | ---- | C] () -- C:\Windows\SysWow64\Unhtml.dll
[2012/09/23 20:07:56 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\BongoSDK.10.v40.dll
[2012/08/20 14:35:44 | 000,000,132 | ---- | C] () -- C:\Users\mbching\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/08/16 04:28:18 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/08/16 02:59:05 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/08/16 00:32:26 | 000,044,543 | ---- | C] () -- C:\Windows\War3Unin.dat
[2012/08/15 23:55:49 | 000,045,270 | ---- | C] () -- C:\Users\mbching\AppData\Roaming\room_v3.dat
[2012/08/15 23:08:33 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/15 22:53:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/15 22:51:16 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2012/08/15 22:51:16 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2012/08/15 22:51:16 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2012/08/15 22:51:07 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/08/15 22:51:07 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/06/12 00:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/06/12 00:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/09/13 06:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 13:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 12:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/16 18:13:56 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\.Torrent Stream
[2013/05/13 02:53:42 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\11Game
[2013/04/03 14:42:52 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\360Login
[2013/04/03 14:43:20 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\360Safe
[2013/04/05 20:39:21 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\360safebox
[2013/04/11 13:42:28 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\360se
[2012/12/21 14:38:05 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\Autodesk
[2013/05/26 01:03:02 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\BabSolution
[2013/05/26 01:02:43 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\Babylon
[2013/05/26 01:03:54 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\DAEMON Tools Lite
[2013/05/26 01:02:56 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\Delta
[2013/05/25 19:14:51 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\DMCache
[2013/02/16 19:00:20 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\FileZilla
[2013/02/16 19:49:57 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\foobar2000
[2012/08/16 00:53:31 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\Garena
[2013/05/27 02:27:20 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\GarenaPlus
[2012/11/26 15:08:53 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\GeometryGym
[2012/10/06 01:43:14 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\Grasshopper
[2013/02/16 19:00:20 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\IDM
[2013/01/14 15:39:15 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\IrfanView
[2013/02/15 04:16:30 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\Leadertech
[2013/04/03 14:03:42 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\Local
[2013/04/05 17:23:35 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\LolClient
[2012/12/01 00:09:59 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\McNeel
[2013/01/29 22:44:25 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\Mouse Recorder Pro
[2013/02/16 19:01:00 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\PDAppFlex
[2013/01/30 00:28:49 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\POV-Ray
[2013/02/16 14:42:15 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\Shark
[2012/08/16 17:28:31 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\temp
[2012/08/20 00:10:09 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\TeraCopy
[2012/08/16 17:38:37 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\Twilight
[2013/05/27 02:39:43 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\uTorrent
[2012/12/01 03:17:59 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\WeaverBird
[2012/10/30 03:04:48 | 000,000,000 | ---D | M] -- C:\Users\mbching\AppData\Roaming\youku

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/05/15 20:34:44 | 000,001,077 | ---- | M] ()(C:\Users\mbching\Application Data\Microsoft\Internet Explorer\Quick Launch\?e﹐eIuAi.lnk) -- C:\Users\mbching\Application Data\Microsoft\Internet Explorer\Quick Launch\½ð¸êÌúÂí.lnk
[2013/05/15 20:34:44 | 000,001,077 | ---- | C] ()(C:\Users\mbching\Application Data\Microsoft\Internet Explorer\Quick Launch\?e﹐eIuAi.lnk) -- C:\Users\mbching\Application Data\Microsoft\Internet Explorer\Quick Launch\½ð¸êÌúÂí.lnk
[2013/05/15 20:34:44 | 000,001,053 | ---- | M] ()(C:\Users\Public\Desktop\?e﹐eIuAi.lnk) -- C:\Users\Public\Desktop\½ð¸êÌúÂí.lnk
[2013/05/15 20:34:44 | 000,001,053 | ---- | C] ()(C:\Users\Public\Desktop\?e﹐eIuAi.lnk) -- C:\Users\Public\Desktop\½ð¸êÌúÂí.lnk
[2013/04/03 12:55:02 | 000,001,007 | ---- | M] ()(C:\Users\mbching\Application Data\Microsoft\Internet Explorer\Quick Launch\11?OO?A?I‥.lnk) -- C:\Users\mbching\Application Data\Microsoft\Internet Explorer\Quick Launch\11¶Ôսƽ̨.lnk
[2013/04/03 12:55:02 | 000,001,007 | ---- | C] ()(C:\Users\mbching\Application Data\Microsoft\Internet Explorer\Quick Launch\11?OO?A?I‥.lnk) -- C:\Users\mbching\Application Data\Microsoft\Internet Explorer\Quick Launch\11¶Ôսƽ̨.lnk
[2013/04/03 12:55:02 | 000,000,983 | ---- | M] ()(C:\Users\Public\Desktop\11?OO?A?I‥.lnk) -- C:\Users\Public\Desktop\11¶Ôսƽ̨.lnk
[2013/04/03 12:55:02 | 000,000,983 | ---- | C] ()(C:\Users\Public\Desktop\11?OO?A?I‥.lnk) -- C:\Users\Public\Desktop\11¶Ôսƽ̨.lnk
[2013/02/16 18:50:43 | 027,625,992 | ---- | C] ()(C:\Users\mbching\Desktop\Grasshopper?算器教程V1.0.pdf) -- C:\Users\mbching\Desktop\Grasshopper运算器教程V1.0.pdf
[2012/10/30 03:03:04 | 000,002,086 | ---- | M] ()(C:\Users\mbching\Application Data\Microsoft\Internet Explorer\Quick Launch\OA?a?I?§?E.lnk) -- C:\Users\mbching\Application Data\Microsoft\Internet Explorer\Quick Launch\ÓÅ¿á¿Í»§¶Ë.lnk
[2012/10/30 03:03:04 | 000,002,086 | ---- | C] ()(C:\Users\mbching\Application Data\Microsoft\Internet Explorer\Quick Launch\OA?a?I?§?E.lnk) -- C:\Users\mbching\Application Data\Microsoft\Internet Explorer\Quick Launch\ÓÅ¿á¿Í»§¶Ë.lnk
[2009/12/23 05:52:54 | 027,625,992 | ---- | M] ()(C:\Users\mbching\Desktop\Grasshopper?算器教程V1.0.pdf) -- C:\Users\mbching\Desktop\Grasshopper运算器教程V1.0.pdf
(C:\Users\mbching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OA?a?I?§?E) -- C:\Users\mbching\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÓÅ¿á¿Í»§¶Ë
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\11?OO?A?I‥) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\11¶Ôսƽ̨

< End of report >
  • 0

Advertisements

#2
mb05
Posted 28 May 2013 - 11:00 AM

mb05

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
is there anyone can hlep me? :blush: :blush: :blush:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP