As title, I'm having these few problems now as I'm having this NSIS Error message occasionally. Besides, my task manager has been disabled and neither can I run the "regedit" command at "RUN". I'm also not able to change my Internet Explorer's homepage URL, it will always stick with some chinese websites.
I'm looking forward to your help and your help will be very much appreciated.
Thank you in advance.
Cheers,
Wyatt
OTL.txt Log:
OTL logfile created on: 2013/2/10 ¤U¤È 06:23:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000404 | Country: Taiwan | Language: CHT | Date Format: yyyy/M/d
3.24 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 70.79% Memory free
6.48 Gb Paging File | 5.48 Gb Available in Paging File | 84.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244.04 Gb Total Space | 46.62 Gb Free Space | 19.10% Space Free | Partition Type: NTFS
Drive D: | 221.62 Gb Total Space | 221.52 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/02/10 18:22:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2013/01/31 20:18:00 | 001,210,408 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- C:\QvodPlayer\QvodTerminal.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/03 03:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/10/03 03:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/04 13:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/20 16:28:08 | 003,770,992 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2011/03/29 10:03:48 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\ViakaraokeSrv.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 20:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
========== Modules (No Company Name) ==========
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/20 16:27:52 | 000,623,216 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\skin.dll
MOD - [2011/06/20 16:27:50 | 000,080,496 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2011/06/20 16:27:48 | 000,113,264 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Tencent\barupdate\TBUpdate.exe /service -- (TBUpdate)
SRV - [2013/02/10 18:18:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/02/10 18:11:16 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/06 22:21:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/04 13:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/29 10:03:48 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\System32\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\Desktop\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\finclyii.sys -- (finclyii)
DRV - [2012/10/10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/03/29 10:03:44 | 001,804,400 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2011/03/22 13:44:50 | 000,069,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/11/20 20:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 20:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 20:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/09/21 09:59:02 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2009/11/12 12:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.ChatVibes.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bar.baidu.com...aultsearch.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch_sb =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_sb =
IE - HKLM\..\SearchScopes,DefaultScope = {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {B3564F28-663F-4159-AEA2-FFFC34B9F63D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8DBC72A9-25CE-42cc-A207-595E54DA4B58}: "URL" = http://www.bing.com/...=SPLBR1&pc=SPLH
IE - HKCU\..\SearchScopes\{B3564F28-663F-4159-AEA2-FFFC34B9F63D}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{E4BCB3F1-7FB2-4035-B4BA-9A0EB8E7DA4C}: "URL" = http://search.yahoo....evm&type=IEBDSV
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 22:21:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011/10/03 23:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2013/02/10 03:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/06 22:21:05 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/23 20:50:48 | 000,002,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\4shared.xml
[2013/02/06 22:21:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/06 22:21:03 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\QvodPlayer\QvodExtend\5.0.83.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {89FDCC4B-8D91-49B0-81A6-18BCFF582735} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [QvodTerminal] C:\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
O4 - HKCU..\Run: [GarenaPlus] "C:\Users\user\Desktop\Garena Plus\GarenaMessenger.exe" -autolaunch File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91B4FA9D-071F-44C0-8411-C4856534F334}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/04/11 22:54:36 | 000,000,287 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/04/11 22:54:36 | 000,000,334 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{008d1677-f263-11e0-8a17-50e549879640}\Shell - "" = AutoRun
O33 - MountPoints2\{008d1677-f263-11e0-8a17-50e549879640}\Shell\AutoRun\command - "" = G:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{d1db6a63-0813-11e1-9027-50e549879640}\Shell - "" = AutoRun
O33 - MountPoints2\{d1db6a63-0813-11e1-9027-50e549879640}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/02/10 18:22:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/02/10 18:18:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2013/02/10 18:11:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Macromedia
[2013/02/10 16:41:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{0BFE8D97-25AF-40C9-9D12-245C0134EC03}
[2013/02/10 12:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnCleaner
[2013/02/10 12:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\UnCleaner
[2013/02/10 12:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/02/10 11:57:15 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Warcraft
[2013/02/10 11:19:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2013/02/10 04:05:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013/02/10 04:03:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013/02/10 04:00:20 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2013/02/10 03:33:14 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{BFE234DE-CF69-47E3-8628-E2149A1CB0B7}
[2013/02/10 03:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013/02/10 03:23:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Apple Computer
[2013/02/10 02:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/02/10 00:00:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\WinRAR
[2013/02/10 00:00:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/02/10 00:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/02/10 00:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/02/09 19:58:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\uTorrent
[2013/02/09 16:40:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2013/02/09 15:32:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E38BF32A-E616-4D58-B26C-19423ED88F54}
[2013/02/09 15:16:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Tencent
[2013/02/09 14:09:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{21BDE2A4-F2B1-463B-94ED-4531FCE844BB}
[2013/02/07 19:13:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{05665C90-005D-44FF-838B-91EAED6FFA81}
[2013/02/06 22:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/06 19:12:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{CCA75738-6746-42D4-9060-51FF5FB5693F}
[2013/02/05 20:15:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{8DA0DFB0-F128-4FD4-837B-E94A6049F7F0}
[2013/02/04 19:19:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{32D414E5-C539-47EE-8930-F9233A2AAEF6}
[2013/02/03 12:47:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B99EC476-6161-40AF-96C7-9309D7DB5588}
[2013/02/02 18:41:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{59ECE0B8-09B6-400E-A9AC-171C31C61F6A}
[2013/02/01 19:56:42 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{1C796837-11E6-485A-82C6-4322A35576CC}
[2013/01/31 20:14:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{D414B0CB-4519-40F1-8717-502558E6F4D6}
[2013/01/31 19:30:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{3E4865B1-1E2B-45E7-B58F-FD35CB71A9AE}
[2013/01/30 19:03:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{284486B0-F831-41AA-85B0-D2415AA41E69}
[2013/01/29 19:24:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5D1D3584-B3E2-4DA4-9168-EECB6BAF9EEF}
[2013/01/28 19:40:14 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{84359548-2929-468A-8368-51FFA0A52EBE}
[2013/01/27 12:41:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{6DCA32FB-9D92-4E02-84F8-40C67F295C27}
[2013/01/26 19:43:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{A89DB724-F24F-40C4-9D9A-EF7F42576277}
[2013/01/25 19:39:42 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B7516610-1ED8-4C50-8C64-C80DEA17EA4F}
[2013/01/24 19:20:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{895BFDE3-9187-47EB-8BAB-7F9717BA7D0E}
[2013/01/23 19:30:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B8947AC4-5B2C-49DD-8E97-A87DA0F932DE}
[2013/01/22 19:27:35 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DC1FD076-8610-4934-96E3-3AEF03AD8E45}
[2013/01/21 19:40:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B69AF526-1D38-43E5-BA64-4F09DD8BF2FA}
[2013/01/20 12:29:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{871EF1B3-A567-435B-9589-9C9BCFB3588D}
[2013/01/19 20:09:42 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4905211D-2E5F-4F33-8225-2E691AF8C4B5}
[2013/01/18 19:26:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{0A1E6821-351D-4A11-BC20-32A56E4320D7}
[2013/01/17 19:43:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2AEC3021-E506-4D36-A962-F276AB3332EC}
[2013/01/16 18:58:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{3FDC3DB2-CD7C-4F78-9EDA-05A8A1CE191A}
[2013/01/15 19:37:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{CA3CA33B-DD12-4306-BBAC-53087441BFB7}
[2013/01/14 19:54:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E8CBCCD3-394B-4863-8FCB-BC7ECED1E66F}
[2013/01/13 12:35:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{6391B2E1-B00B-4A17-8CFE-3EF4B86B260A}
[2013/01/13 01:22:14 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\NFS Most Wanted
[2013/01/12 19:11:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{54B18AAC-4126-47C3-8A47-0215499C8F35}
[2013/01/11 20:03:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C04A2565-115C-4AF0-A3E3-C8B899280E9B}
[2012/09/05 19:55:00 | 006,470,852 | ---- | C] (皮皮科技 ) -- C:\Users\user\AppData\Roaming\pipi_setup_270.exe
[2012/09/05 19:54:41 | 000,101,264 | ---- | C] (PIPI Tech) -- C:\Users\user\AppData\Roaming\pipi_ins_270.exe
========== Files - Modified Within 30 Days ==========
[2013/02/10 18:22:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/02/10 18:19:32 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/10 18:19:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/10 18:19:24 | 2610,503,680 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/10 18:18:44 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/10 18:18:44 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/10 18:09:47 | 000,348,710 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/10 18:09:47 | 000,053,322 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/10 17:39:18 | 000,269,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/10 13:50:26 | 002,169,856 | ---- | M] () -- C:\Windows\System32\hale.exe
[2013/02/10 12:44:34 | 000,000,954 | ---- | M] () -- C:\Users\user\AppData\Roaming\coreavc.ini
[2013/02/10 12:30:55 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\UnCleaner.lnk
[2013/02/10 11:36:27 | 000,103,140 | ---- | M] () -- C:\qsen.pif
[2013/02/10 03:38:19 | 000,000,008 | RHS- | M] () -- C:\Users\user\ntuser.pol
[2013/02/10 01:55:55 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/02/10 01:44:43 | 000,008,171 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2013/02/09 20:03:48 | 000,000,865 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/02/09 19:57:04 | 000,045,270 | ---- | M] () -- C:\Users\user\AppData\Roaming\room_v3.dat
[2013/02/09 16:41:03 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/04 19:50:36 | 000,002,060 | ---- | M] () -- C:\Users\user\Desktop\Left 4 Dead 2.lnk
[2013/02/04 19:50:36 | 000,001,753 | ---- | M] () -- C:\Users\user\Desktop\iTunes.lnk
[2013/02/04 19:50:36 | 000,001,100 | ---- | M] () -- C:\Users\user\Desktop\Mozilla Firefox.lnk
[2013/02/04 19:50:36 | 000,001,088 | ---- | M] () -- C:\Users\user\Desktop\HD VDeck.lnk
[2013/02/04 19:50:35 | 000,001,989 | ---- | M] () -- C:\Users\user\Desktop\Adobe Reader X.lnk
[2013/02/04 19:50:35 | 000,000,769 | ---- | M] () -- C:\Users\user\Desktop\zhi kahng - Shortcut.lnk
[2013/01/31 19:36:09 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2013/01/31 19:36:09 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
========== Files Created - No Company Name ==========
[2013/02/10 18:11:17 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/10 13:49:44 | 002,169,856 | ---- | C] () -- C:\Windows\System32\hale.exe
[2013/02/10 12:30:55 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\UnCleaner.lnk
[2013/02/10 11:36:27 | 000,103,140 | ---- | C] () -- C:\qsen.pif
[2013/02/10 04:01:43 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013/02/10 04:01:28 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2013/02/10 03:59:10 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013/02/10 03:59:05 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2013/02/10 03:58:50 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2013/02/10 03:38:14 | 000,000,008 | RHS- | C] () -- C:\Users\user\ntuser.pol
[2013/02/10 01:58:06 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/02/10 01:57:19 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/02/10 01:55:55 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/02/10 01:44:43 | 000,008,171 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2013/02/09 20:03:48 | 000,000,865 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/02/09 16:41:03 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/04 19:50:36 | 000,002,060 | ---- | C] () -- C:\Users\user\Desktop\Left 4 Dead 2.lnk
[2013/02/04 19:50:36 | 000,001,753 | ---- | C] () -- C:\Users\user\Desktop\iTunes.lnk
[2013/02/04 19:50:36 | 000,001,100 | ---- | C] () -- C:\Users\user\Desktop\Mozilla Firefox.lnk
[2013/02/04 19:50:36 | 000,001,088 | ---- | C] () -- C:\Users\user\Desktop\HD VDeck.lnk
[2013/02/04 19:50:35 | 000,001,989 | ---- | C] () -- C:\Users\user\Desktop\Adobe Reader X.lnk
[2013/02/04 19:50:35 | 000,000,769 | ---- | C] () -- C:\Users\user\Desktop\zhi kahng - Shortcut.lnk
[2013/01/31 19:36:09 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2013/01/31 19:36:09 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2012/10/12 20:05:49 | 000,001,463 | ---- | C] () -- C:\Windows\System32\xz.ini
[2012/10/12 20:05:42 | 000,001,463 | ---- | C] () -- C:\Windows\System32\Config.dll
[2012/10/12 20:05:39 | 000,000,064 | ---- | C] () -- C:\Windows\VSFilter.INI
[2012/09/02 12:54:43 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat
[2012/04/30 11:55:08 | 000,110,168 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/10/18 22:52:46 | 000,045,270 | ---- | C] () -- C:\Users\user\AppData\Roaming\room_v3.dat
[2011/10/03 23:14:06 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
[2011/10/03 23:14:06 | 000,018,544 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
[2011/10/03 23:14:01 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2011/10/03 23:11:06 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/06/21 15:00:04 | 000,000,954 | ---- | C] () -- C:\Users\user\AppData\Roaming\coreavc.ini
========== ZeroAccess Check ==========
[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/09/02 12:55:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Anino Games
[2012/09/30 14:21:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\baidu
[2012/01/05 21:14:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BlackBean
[2012/06/01 21:16:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garena
[2013/02/10 00:11:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GarenaPlus
[2013/02/09 22:20:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Splashtop
[2012/06/03 11:46:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2013/02/09 15:16:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Tencent
[2013/02/10 11:15:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uservapweb
[2013/02/09 22:24:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2011/10/10 19:50:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer
[2012/12/04 20:24:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\xim
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2013/02/09 14:10:04 | 000,001,500 | ---- | M] ()(C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\??.lnk) -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk
[2013/02/09 14:10:04 | 000,001,482 | ---- | M] ()(C:\Users\Public\Desktop\??.lnk) -- C:\Users\Public\Desktop\快播.lnk
[2013/02/09 14:09:52 | 000,001,482 | ---- | C] ()(C:\Users\Public\Desktop\??.lnk) -- C:\Users\Public\Desktop\快播.lnk
[2013/02/09 14:09:52 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\快播软件
[2013/02/04 19:50:36 | 000,001,190 | ---- | M] ()(C:\Users\user\Desktop\?????~fast-BHP-18.0 - Shortcut.lnk) -- C:\Users\user\Desktop\男人就是累~fast-BHP-18.0 - Shortcut.lnk
[2013/02/04 19:50:36 | 000,001,190 | ---- | C] ()(C:\Users\user\Desktop\?????~fast-BHP-18.0 - Shortcut.lnk) -- C:\Users\user\Desktop\男人就是累~fast-BHP-18.0 - Shortcut.lnk
[2013/02/04 19:50:35 | 000,001,986 | ---- | M] ()(C:\Users\user\Desktop\????.lnk) -- C:\Users\user\Desktop\千千静听.lnk
[2013/02/04 19:50:35 | 000,001,986 | ---- | C] ()(C:\Users\user\Desktop\????.lnk) -- C:\Users\user\Desktop\千千静听.lnk
[2013/02/04 19:50:35 | 000,000,812 | ---- | M] ()(C:\Users\user\Desktop\???(?) - Shortcut.lnk) -- C:\Users\user\Desktop\电影片(英) - Shortcut.lnk
[2013/02/04 19:50:35 | 000,000,812 | ---- | C] ()(C:\Users\user\Desktop\???(?) - Shortcut.lnk) -- C:\Users\user\Desktop\电影片(英) - Shortcut.lnk
[2013/02/04 19:50:35 | 000,000,790 | ---- | M] ()(C:\Users\user\Desktop\???? - Shortcut.lnk) -- C:\Users\user\Desktop\海派甜心 - Shortcut.lnk
[2013/02/04 19:50:35 | 000,000,790 | ---- | C] ()(C:\Users\user\Desktop\???? - Shortcut.lnk) -- C:\Users\user\Desktop\海派甜心 - Shortcut.lnk
[2013/02/04 19:50:35 | 000,000,776 | ---- | M] ()(C:\Users\user\Desktop\??? - Shortcut.lnk) -- C:\Users\user\Desktop\电影片 - Shortcut.lnk
[2013/02/04 19:50:35 | 000,000,776 | ---- | C] ()(C:\Users\user\Desktop\??? - Shortcut.lnk) -- C:\Users\user\Desktop\电影片 - Shortcut.lnk
[2013/02/04 19:50:35 | 000,000,718 | ---- | M] ()(C:\Users\user\Desktop\??3D.StreetDance.3D[ED2000.COM] - Shortcut.lnk) -- C:\Users\user\Desktop\街舞3D.StreetDance.3D[ED2000.COM] - Shortcut.lnk
[2013/02/04 19:50:35 | 000,000,718 | ---- | C] ()(C:\Users\user\Desktop\??3D.StreetDance.3D[ED2000.COM] - Shortcut.lnk) -- C:\Users\user\Desktop\街舞3D.StreetDance.3D[ED2000.COM] - Shortcut.lnk
[2012/12/23 01:01:13 | 000,001,500 | ---- | C] ()(C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\??.lnk) -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk
[2012/11/12 21:13:11 | 000,000,000 | ---D | M](C:\Users\user\Desktop\????) -- C:\Users\user\Desktop\海派甜心
[2012/11/12 21:11:01 | 000,000,000 | ---D | C](C:\Users\user\Desktop\????) -- C:\Users\user\Desktop\海派甜心
[2012/11/12 21:07:03 | 000,000,000 | ---D | M](C:\Users\user\Desktop\???(?)) -- C:\Users\user\Desktop\电影片(英)
[2012/11/12 20:50:27 | 000,000,000 | ---D | C](C:\Users\user\Desktop\???(?)) -- C:\Users\user\Desktop\电影片(英)
< End of report >