Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Delta Search Virus-tried malwarebytes anti-malware and detected nothin

Started by Kenneth2001 , Apr 21 2013 09:36 AM

  • Please log in to reply

#1
Kenneth2001
Posted 21 April 2013 - 09:36 AM

Kenneth2001

    Member

  • Member
  • PipPip
  • 14 posts
I downloaded something and a delta search piggybacked it and its become my homepage on chrome,and norton security can't detect it either.
  • 0

Advertisements

#2
Phel
Posted 21 April 2013 - 09:48 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, Kenneth2001 and welcome to GeeksToGo!

You can call me Phel and today I will help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.;)

Okay, I need some logs from you to help you solve this problem, Please follow these steps:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#3
Kenneth2001
Posted 21 April 2013 - 10:00 AM

Kenneth2001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL logfile created on: 4/21/2013 10:55:10 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chiu\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 38.41% Memory free
7.61 Gb Paging File | 5.05 Gb Available in Paging File | 66.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.70 Gb Total Space | 401.55 Gb Free Space | 89.89% Space Free | Partition Type: NTFS
Drive D: | 18.76 Gb Total Space | 3.03 Gb Free Space | 16.14% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 99.02 Mb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: CHIU-PC | User Name: Chiu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/21 10:54:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chiu\Downloads\OTL (1).exe
PRC - [2013/04/09 03:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/31 16:20:50 | 000,015,344 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/06/15 21:24:20 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ccsvchst.exe
PRC - [2011/11/03 13:10:42 | 000,008,704 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2009/09/30 23:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 23:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 03:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 03:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 03:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 03:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 03:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/31 16:20:50 | 000,015,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2009/10/21 02:35:26 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009/07/13 20:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV:64bit: - [2009/07/08 16:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/03 05:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe -- (AESTFilters)
SRV - [2013/04/14 11:11:23 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/06/15 21:24:20 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2011/11/03 13:10:42 | 000,008,704 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/06/21 15:09:44 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/21 02:35:26 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe -- (STacSV)
SRV - [2009/09/30 23:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 23:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/03 05:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/27 22:43:29 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/01/31 16:20:10 | 000,652,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/01/31 16:20:10 | 000,028,656 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/07/05 21:17:58 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/16 22:38:00 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/11/16 22:17:50 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/08/16 01:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/11/12 15:07:18 | 000,200,736 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2009/11/12 15:07:10 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/06 01:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/30 14:23:16 | 007,770,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/21 02:35:26 | 000,501,760 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/10/12 21:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/26 09:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/07 08:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/07/08 16:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 16:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/29 13:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/12 21:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2013/04/12 18:53:05 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130412.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/03/27 22:58:10 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130420.003\ex64.sys -- (NAVEX15)
DRV - [2013/03/27 22:58:10 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/03/27 22:58:10 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/03/27 22:58:10 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130420.003\eng64.sys -- (NAVENG)
DRV - [2013/03/27 16:35:32 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130419.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {06374B48-855E-49C0-A10B-A5C1F578241C}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{06374B48-855E-49C0-A10B-A5C1F578241C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{8979926D-8102-4087-8579-0E007D0CFE42}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {06374B48-855E-49C0-A10B-A5C1F578241C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{06374B48-855E-49C0-A10B-A5C1F578241C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{8979926D-8102-4087-8579-0E007D0CFE42}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{06374B48-855E-49C0-A10B-A5C1F578241C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...A6B904CE59D5ECB
IE - HKCU\..\SearchScopes\{715B8314-790A-4594-A46F-8751A718429E}: "URL" = http://www.google.co...Encoding?}&rlz=
IE - HKCU\..\SearchScopes\{8979926D-8102-4087-8579-0E007D0CFE42}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{FEDB6A79-FFAE-41D7-9972-AB2DBB92CE47}: "URL" = http://us.yhs4.searc...0000,0,0,0,7068
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npchrome: C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll ()
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.95\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Chiu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2013/03/27 22:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2013/04/21 08:46:32 | 000,000,000 | ---D | M]

[2013/04/19 14:56:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.condui...9111938915&UM=2
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Chiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Chiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Chiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Facebook = C:\Users\Chiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Google Search = C:\Users\Chiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Facebook for Chrome = C:\Users\Chiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp\6.2.2_0\
CHR - Extension: Norton Identity Protection = C:\Users\Chiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: Gmail = C:\Users\Chiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [SpUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f File not found
O4 - HKCU..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\Users\Chiu\AppData\Roaming\SearchProtect" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect125.cab (GMNRev Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9757A6A0-93FA-4AD9-8A52-E57CE9DD1916}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE969B20-1967-4B32-9D46-2DF5E33972FB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/04/21 08:59:09 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{27dbc58a-9972-11e2-8315-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{27dbc58a-9972-11e2-8315-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SeagateDashboardSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/21 09:47:54 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Malwarebytes
[2013/04/21 09:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/21 09:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/21 09:47:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/21 09:47:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/21 09:47:21 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\Programs
[2013/04/21 09:35:00 | 000,000,000 | ---D | C] -- C:\components
[2013/04/21 09:32:20 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\CRE
[2013/04/21 08:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/04/21 08:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/04/21 08:51:24 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\SpeedyPC Software
[2013/04/21 08:51:24 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\DriverCure
[2013/04/21 08:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/04/21 08:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\BackupPCFiles
[2013/04/21 08:15:54 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Open Download Manager
[2013/04/21 08:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/04/21 08:14:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/04/21 08:14:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/04/21 08:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDownloaderManager
[2013/04/21 08:00:15 | 000,000,000 | ---D | C] -- C:\Users\Chiu\Documents\BackupPCFiles Folder
[2013/04/21 07:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/04/21 07:58:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/04/20 11:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2013/04/19 14:59:32 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Mipony
[2013/04/19 14:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/19 14:55:59 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\DSite
[2013/04/19 14:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/04/19 14:55:49 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Babylon
[2013/04/13 09:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/04/13 09:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/04/13 09:01:59 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Real
[2013/04/13 09:00:51 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Strongvault
[2013/04/13 09:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/04/13 09:00:09 | 000,000,000 | ---D | C] -- C:\Users\Chiu\Documents\My Cheat Tables
[2013/04/13 08:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2013/04/13 08:59:51 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\OpenCandy
[2013/04/13 08:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2
[2013/04/13 08:59:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/04/13 08:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/04/13 08:59:40 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/04/08 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Memeo
[2013/04/08 15:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
[2013/04/08 15:12:57 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Seagate
[2013/04/08 15:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2013/04/08 15:12:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Memeo
[2013/04/08 15:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Memeo
[2013/04/08 15:10:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2013/04/01 00:25:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/04/01 00:06:43 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013/04/01 00:06:17 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013/03/31 01:00:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/03/31 01:00:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/03/30 18:28:02 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\Diagnostics
[2013/03/30 14:42:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013/03/30 14:42:09 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Intel Corporation
[2013/03/30 14:41:59 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013/03/30 14:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013/03/30 14:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013/03/30 14:41:21 | 000,000,000 | ---D | C] -- C:\Users\Chiu\Intel
[2013/03/30 14:38:41 | 000,000,000 | ---D | C] -- C:\Users\Chiu\Documents\DriverGenius
[2013/03/30 14:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
[2013/03/30 14:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2013/03/30 14:31:27 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/03/30 11:14:21 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\WindowsUpdate
[2013/03/30 00:39:25 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\360SuperKiller
[2013/03/29 23:37:37 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\360DiagnoseScan
[2013/03/29 15:06:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/03/29 11:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/03/29 11:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/03/29 11:28:38 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\Adobe
[2013/03/29 11:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/29 11:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\360safe
[2013/03/29 11:17:19 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\360Login
[2013/03/29 11:17:06 | 000,019,800 | ---- | C] (360安全中心) -- C:\Windows\SysNative\drivers\efimon.sys
[2013/03/29 10:48:39 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\HP
[2013/03/29 10:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2013/03/29 10:17:29 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2013/03/29 10:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/03/29 10:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/03/29 09:29:40 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\Facebook
[2013/03/28 18:52:17 | 000,000,000 | ---D | C] -- C:\Users\Chiu\Documents\OneNote Notebooks
[2013/03/27 23:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/03/27 22:57:53 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa64.sys
[2013/03/27 22:57:53 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.sys
[2013/03/27 22:57:53 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds64.sys
[2013/03/27 22:57:53 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnets.sys
[2013/03/27 22:57:53 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ironx64.sys
[2013/03/27 22:57:53 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.sys
[2013/03/27 22:57:53 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.sys
[2013/03/27 22:57:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0604000.009
[2013/03/27 22:43:29 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/03/27 22:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/03/27 22:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/03/27 22:43:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013/03/27 22:43:02 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2013/03/27 22:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2013/03/27 22:42:51 | 000,000,000 | ---D | C] -- C:\Users\Chiu\Documents\Symantec
[2013/03/27 22:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/03/27 00:53:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tencent
[2013/03/27 00:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tencent
[2013/03/27 00:52:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tencent
[2013/03/27 00:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Tencent
[2013/03/27 00:52:05 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Tencent
[2013/03/26 17:48:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/03/26 17:33:29 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\CrashDumps
[2013/03/26 16:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/03/26 16:54:51 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/03/26 16:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/03/26 16:51:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013/03/26 16:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/03/26 16:51:19 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\Microsoft Help
[2013/03/26 16:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/03/26 16:50:29 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\Google
[2013/03/26 16:50:20 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\Deployment
[2013/03/26 16:50:20 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\Apps
[2013/03/26 09:30:22 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\InstallShield
[2013/03/26 01:03:38 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\ElevatedDiagnostics
[2013/03/25 23:40:26 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2013/03/25 23:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2013/03/25 23:29:34 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\hpqLog
[2013/03/25 23:20:52 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\HP Support Assistant
[2013/03/25 23:17:17 | 000,000,000 | ---D | C] -- C:\Users\Chiu\Documents\Notes
[2013/03/25 22:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Wild Tangent
[2013/03/25 22:11:05 | 000,000,000 | RH-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2013/03/25 22:06:58 | 000,000,000 | ---D | C] -- C:\00af2b249cf7b786b5
[2013/03/25 21:59:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2013/03/25 21:59:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\msmq
[2013/03/25 21:59:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2013/03/25 21:59:40 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/03/25 21:46:03 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\HuluDesktop
[2013/03/25 21:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/03/25 21:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/03/25 21:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/03/25 21:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/03/25 21:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Chiu\*.tmp files -> C:\Users\Chiu\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/21 10:06:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/21 09:47:41 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/21 09:38:06 | 000,000,162 | ---- | M] () -- C:\Windows\Reimage.ini
[2013/04/21 08:59:09 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/04/21 08:54:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/21 08:54:08 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/21 08:51:22 | 000,854,258 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/21 08:51:22 | 000,715,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/21 08:51:22 | 000,139,428 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/21 08:43:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/21 08:43:27 | 3063,025,664 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/21 08:32:43 | 000,002,239 | ---- | M] () -- C:\Users\Chiu\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/21 08:32:43 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 15:14:52 | 000,390,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/09 15:12:53 | 001,816,543 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\Cat.DB
[2013/04/08 15:14:52 | 000,001,241 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/31 00:56:34 | 000,001,397 | ---- | M] () -- C:\Users\Chiu\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/31 00:51:47 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/31 00:51:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/30 14:42:12 | 000,857,232 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/30 14:37:32 | 000,001,071 | ---- | M] () -- C:\Users\Chiu\Desktop\Driver Genius Professional Edition.lnk
[2013/03/29 11:53:54 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/03/28 18:52:13 | 000,002,879 | ---- | M] () -- C:\Users\Chiu\Desktop\Microsoft OneNote 2010.lnk
[2013/03/28 15:48:42 | 000,003,021 | ---- | M] () -- C:\Users\Chiu\Desktop\Microsoft Word 2010.lnk
[2013/03/28 15:48:37 | 000,002,937 | ---- | M] () -- C:\Users\Chiu\Desktop\Microsoft PowerPoint 2010.lnk
[2013/03/28 15:48:22 | 000,002,951 | ---- | M] () -- C:\Users\Chiu\Desktop\Microsoft Excel 2010.lnk
[2013/03/27 23:00:27 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2013/03/27 22:58:10 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\VT20130115.021
[2013/03/27 22:43:29 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/03/27 22:43:29 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/03/27 22:43:29 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/03/27 22:40:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/03/26 17:25:03 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Pavilion dv4 Notebook PC_Y5335KV_0U_QCND0012JHB_E584329-002_4A_I140A_SHP_V50.16_F.05_T091210_WU3-0_L409_M3895_J500_7Intel_8652_92.13_#100107_N168C002B;10EC8136_(WA684UA#ABA)_XMOBILE_CN10_Z.MRK
[2013/03/26 17:25:03 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Pavilion dv4 Notebook PC_Y5335KV_0U_QCND0012JHB_E584329-002_4A_I140A_SHP_V50.16_F.05_T091210_WU3-0_L409_M3895_J500_7Intel_8652_92.13_#100107_N168C002B;10EC8136_(WA684UA#ABA)_XMOBILE_CN10_Z.MRK
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Chiu\*.tmp files -> C:\Users\Chiu\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/21 09:47:41 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/21 09:36:08 | 000,000,162 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/04/21 08:59:09 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/04/08 15:12:48 | 000,001,241 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2013/04/01 00:07:52 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013/04/01 00:05:49 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013/04/01 00:04:25 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013/04/01 00:04:25 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013/04/01 00:04:15 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013/03/31 01:04:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/03/31 00:51:47 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/31 00:51:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/31 00:39:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/03/30 14:37:32 | 000,001,071 | ---- | C] () -- C:\Users\Chiu\Desktop\Driver Genius Professional Edition.lnk
[2013/03/29 11:53:54 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/03/29 11:53:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/03/28 18:52:13 | 000,002,879 | ---- | C] () -- C:\Users\Chiu\Desktop\Microsoft OneNote 2010.lnk
[2013/03/28 15:48:42 | 000,003,021 | ---- | C] () -- C:\Users\Chiu\Desktop\Microsoft Word 2010.lnk
[2013/03/28 15:48:37 | 000,002,937 | ---- | C] () -- C:\Users\Chiu\Desktop\Microsoft PowerPoint 2010.lnk
[2013/03/28 15:48:22 | 000,002,951 | ---- | C] () -- C:\Users\Chiu\Desktop\Microsoft Excel 2010.lnk
[2013/03/27 23:00:00 | 001,816,543 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\Cat.DB
[2013/03/27 22:58:30 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\VT20130115.021
[2013/03/27 22:57:53 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds64.cat
[2013/03/27 22:57:53 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnet64.cat
[2013/03/27 22:57:53 | 000,007,450 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\iron.cat
[2013/03/27 22:57:53 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.cat
[2013/03/27 22:57:53 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa64.cat
[2013/03/27 22:57:53 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.cat
[2013/03/27 22:57:53 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.cat
[2013/03/27 22:57:53 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa.inf
[2013/03/27 22:57:53 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds.inf
[2013/03/27 22:57:53 | 000,001,441 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnet.inf
[2013/03/27 22:57:53 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.inf
[2013/03/27 22:57:53 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.inf
[2013/03/27 22:57:53 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.inf
[2013/03/27 22:57:53 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\iron.inf
[2013/03/27 22:57:48 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\isolate.ini
[2013/03/27 22:43:29 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/03/27 22:43:29 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/03/27 22:43:26 | 000,002,380 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2013/03/27 22:40:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/03/27 00:52:05 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2013/03/26 17:49:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/26 17:25:03 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Pavilion dv4 Notebook PC_Y5335KV_0U_QCND0012JHB_E584329-002_4A_I140A_SHP_V50.16_F.05_T091210_WU3-0_L409_M3895_J500_7Intel_8652_92.13_#100107_N168C002B;10EC8136_(WA684UA#ABA)_XMOBILE_CN10_Z.MRK
[2013/03/26 17:25:03 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Pavilion dv4 Notebook PC_Y5335KV_0U_QCND0012JHB_E584329-002_4A_I140A_SHP_V50.16_F.05_T091210_WU3-0_L409_M3895_J500_7Intel_8652_92.13_#100107_N168C002B;10EC8136_(WA684UA#ABA)_XMOBILE_CN10_Z.MRK
[2013/03/26 16:51:28 | 000,002,239 | ---- | C] () -- C:\Users\Chiu\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/26 16:51:28 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/25 22:00:37 | 000,857,232 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/25 21:15:33 | 3063,025,664 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/29 23:40:10 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\360DiagnoseScan
[2013/03/29 11:17:19 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\360Login
[2013/03/30 00:39:25 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\360SuperKiller
[2013/04/19 14:55:49 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\Babylon
[2013/04/21 08:51:24 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\DriverCure
[2013/04/19 14:55:59 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\DSite
[2010/02/28 11:25:40 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\Kingsoft
[2013/04/08 15:16:17 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\Memeo
[2013/04/19 15:00:06 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\Mipony
[2013/04/21 08:27:39 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\Open Download Manager
[2013/04/13 08:59:51 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\OpenCandy
[2013/04/08 15:12:57 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\Seagate
[2013/04/21 08:51:24 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\SpeedyPC Software
[2013/04/14 07:14:38 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\Strongvault
[2013/03/27 00:54:04 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\Tencent
[2010/02/28 13:59:56 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\Tific

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/03/27 00:53:02 | 000,002,176 | ---- | M] ()(C:\Users\Chiu\Application Data\Microsoft\Internet Explorer\Quick Launch\??QQ.lnk) -- C:\Users\Chiu\Application Data\Microsoft\Internet Explorer\Quick Launch\腾讯QQ.lnk
[2013/03/27 00:53:02 | 000,002,176 | ---- | C] ()(C:\Users\Chiu\Application Data\Microsoft\Internet Explorer\Quick Launch\??QQ.lnk) -- C:\Users\Chiu\Application Data\Microsoft\Internet Explorer\Quick Launch\腾讯QQ.lnk
[2013/03/27 00:53:02 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件

< End of report >
  • 0

#4
Kenneth2001
Posted 21 April 2013 - 10:01 AM

Kenneth2001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL Extras logfile created on: 4/21/2013 10:55:10 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chiu\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 38.41% Memory free
7.61 Gb Paging File | 5.05 Gb Available in Paging File | 66.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.70 Gb Total Space | 401.55 Gb Free Space | 89.89% Space Free | Partition Type: NTFS
Drive D: | 18.76 Gb Total Space | 3.03 Gb Free Space | 16.14% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 99.02 Mb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: CHIU-PC | User Name: Chiu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01357FDA-CD6F-494F-A6B6-2B55989BE3D7}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{03E20FC1-A315-4C82-8F94-5AD70DEBD9CA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{1029B64B-9D0A-4A93-AC76-35D4AEEF3B5F}" = protocol=6 | dir=in | app=c:\users\chiu\appdata\roaming\tencent\qq\stemp\backupdltmp\download\miniqtupdate.exe |
"{12153658-C503-4015-8D40-A5A6EA143E2F}" = protocol=17 | dir=in | app=c:\users\chiu\appdata\roaming\tencent\qq\stemp\backupdltmp\download\miniqtupdate.exe |
"{14C47637-EC32-43C9-83CF-5B0BC9C17043}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{16451AC1-ACAD-4010-A470-087669D15C46}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{16E2353A-BB84-4FEC-A2A2-CE988F1F5A65}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\qqprotect\bin\qqprotect.exe |
"{1BE8E42F-84ED-4CA7-BBD0-5F09E9896C67}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{1D81EBCC-2901-44E9-B33F-1D44F169B14E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{1F1C8342-ACAB-444C-B0B4-A76B978481BC}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{285F17F7-0E4A-4DED-A822-2F6EBFF7EA6A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2947FD81-5706-46BE-9FDD-A0EC5A0A57A8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{2AB56149-C200-4FB5-8BB6-F5BF727F629A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{30581AA8-0243-455C-A5EB-F844F31726D5}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qzonemusic\qzonemusic.exe |
"{3328167D-E29B-4A17-96E1-6FF9114A9581}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qqmusicinstall\qqmusicmminstaller.exe |
"{387C6811-C86C-4DD3-A11B-1906D82278DD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{3BF9E4FE-7EF2-4F2F-AFF3-C9523910CA91}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{403B422F-274F-4BAE-B3C0-13B14D83FBE2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{488422C3-EFA0-42EA-8068-4C8527B9F914}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{4F928E24-457A-4824-B671-3092ABAD48EE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{516619E2-4059-4A54-83C1-80A4BB73BC02}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qpservice.exe |
"{55AA33F5-BA45-4634-8671-23C86F6570C5}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qzonemusic\qzonemusic.exe |
"{566EE245-E0AD-45F0-A8DE-6CCA17068AD7}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe |
"{5DF13B5B-E494-45D0-B46F-94BB6EB7C878}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{623D2C60-9A2A-44BA-9571-41ECFB62D07F}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{635E098C-A65C-4825-A705-08A1AEFD014C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{637B43F4-294E-4F99-B104-25C23E726AC2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe |
"{63934AE0-B1B8-4A8D-BA80-D7633E01EBDB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{666BA1EA-80F7-4C59-B195-05B07ECF1DAD}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |
"{7131A12D-FCB0-40B2-85E3-442319D9A328}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{7EE77096-DE5E-4E5B-8C73-E76DC6476549}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{8628E37F-9ABD-4A1D-B5F2-FB0E5885C25A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{87EDAEC1-CA90-4054-BC04-1F546F4150F5}" = dir=in | app=c:\users\chiu\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{88AEDA94-4F57-4E1A-A8B6-B51320A343C4}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe |
"{8A83E170-431A-4E15-81DC-B303AA5B0780}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{8AEC5ED5-B3F9-4061-ACFC-EA8A691B7EC4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{8DC30B21-BFAA-404B-99F3-FA46E7B7AB16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{8FA5E7CB-52E3-442A-9A8F-5DF7FB7A186A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{90EB2293-6079-4DF2-8391-AD67B75641A5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{962B34B9-EDB7-4AB0-8F5E-64167F9433F0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9C4A01F4-5A9E-4AB2-B828-A82640989DB4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{A4F37117-5294-411E-ACBA-ADECD48D3842}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{A6099756-8435-4B32-ABDA-70FD613E9AA2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{AF7B3B62-06D4-4596-A1E8-830A0F4DA132}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\live tv\qp.exe |
"{B327BA1C-3CC1-42CD-B087-5C6634A02F16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{B4B71E39-1218-4A98-AA0E-FED4F5D03402}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{B85C963B-4137-459E-8B87-E7958B1D1E69}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{BDCB7858-678A-4563-A93C-E0CB80B05BBB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{BE3EFCD2-5C0D-4022-A2BC-883553A37581}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |
"{C4211A60-19A2-47CD-B495-E5CC65934E79}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe |
"{CAC392E8-8957-4546-83A1-DD768BAB0232}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CC829F2A-AF83-4DB0-AD1A-1E3379701709}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{CDB0C7C7-DA91-40EF-91BD-127CA9821429}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe |
"{DB7F65E4-A297-4C9A-AD2E-5230FF652D7F}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qqmusicinstall\qqmusicmminstaller.exe |
"{DBE9164C-099B-4B37-9FA8-0C036EFF1719}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{E171F788-2D66-4A58-9D18-2717239691ED}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\auclt.exe |
"{E47E2CEA-4988-43D3-9620-C90D9F49D665}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\qqprotect\bin\qqprotect.exe |
"{E47E2ECC-0C16-4A77-973A-4376F1EF4AA9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{E81EFF7C-2256-4C04-856A-34CEA48A4DFF}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\auclt.exe |
"{E8B3E206-9D71-4250-A986-C66DF4D19207}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe |
"{F14B1C3A-FAC2-402F-9292-0ADB9985DCB8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{F2D2016B-41D6-40A8-8E8B-9E69EAB57F0F}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe |
"{F5BCEA9F-9C3E-4279-830D-3B5EEF93BBA8}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe |
"{FB18C39F-BBD4-4556-8B04-D975810F30E3}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"TCP Query User{0F69FFC8-742F-4799-8B95-EC3C6CFCFEA8}C:\program files (x86)\tencent\qq\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |
"UDP Query User{AEBEDC6D-F568-4AA0-AB60-3DAAF17C1FFA}C:\program files (x86)\tencent\qq\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java™ 6 Update 15 (64-bit)
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java™ SE Development Kit 6 Update 15 (64-bit)
"{7629623D-F0D0-4AC6-A763-FBE06ED8288C}" = Intel® Rapid Storage Technology
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = 腾讯QQ2013
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1747DF05-6890-440B-B094-2146F5DC50E0}" = HP MediaSmart SlingPlayer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78915DBA-4FD6-4B85-AC4C-5862BB4D884F}" = HP User Guides 0186
"{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB2.0&PCIE Card Reader
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AF5D2519-C6B4-4AFD-9A8D-FBF74DD4F0A0}" = HP Product Detection
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"N360" = Norton Security Suite
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/31/2013 2:49:05 AM | Computer Name = Chiu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ccSvcHst.exe, version: 11.2.3.6, time stamp:
0x4fdbcf1d Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x70e36a64 Faulting process id: 0xa74 Faulting application
start time: 0x01ce2ddb7b99b3e3 Faulting application path: C:\Program Files (x86)\Norton
Security Suite\Engine\6.4.0.9\ccSvcHst.exe Faulting module path: unknown Report Id:
13c8d16e-99cf-11e2-8946-c15cdf067953

Error - 3/31/2013 2:49:07 AM | Computer Name = Chiu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: perfhost.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bbf05 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x70e36a64 Faulting process id:
0xbb4 Faulting application start time: 0x01ce2ddb7bc6ee08 Faulting application path:
C:\Windows\SysWow64\perfhost.exe Faulting module path: unknown Report Id: 150c8c94-99cf-11e2-8946-c15cdf067953

Error - 3/31/2013 2:49:07 AM | Computer Name = Chiu-PC | Source = Application Error | ID = 1000
Error - 3/31/2013 2:49:10 AM | Computer Name = Chiu-PC | Source = Application Error
| ID = 1000

Description = Faulting application name: UNS.exe, version: 6.0.0.1184, time stamp: 0x4ac4152b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x70e36a64
Faulting process id: 0x12e8
Faulting application start time: 0x01ce2ddbd3e5bf0d
Faulting application path: C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
Faulting module path: unknown
Report Id: 170791ae-99cf-11e2-8946-c15cdf067953
Error - 3/31/2013 10:14:18 AM | Computer Name = Chiu-PC | Source = Application Hang
| ID = 1002

Description = The program Explorer.EXE version 6.1.7600.16768 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 840

Start Time: 01ce2e19cea62104

Termination Time: 15

Application Path: C:\Windows\Explorer.EXE

Report Id: 4103674f-9a0d-11e2-b6f4-e394e8d97751

Error - 3/31/2013 10:14:37 AM | Computer Name = Chiu-PC | Source = Application Error
| ID = 1000

Description = Faulting application name: DrvInst.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc2c6
Faulting module name: hpzids40.dll, version: 13.0.338.0, time stamp: 0x4a1cacc1
Exception code: 0xc0000417
Fault offset: 0x000000000003f320
Faulting process id: 0x1774
Faulting application start time: 0x01ce2e1a11e5fac8
Faulting application path: C:\Windows\system32\DrvInst.exe
Faulting module path: C:\Windows\system32\hpzids40.dll
Report Id: 512b2742-9a0d-11e2-b6f4-e394e8d97751
Error - 4/1/2013 9:27:26 AM | Computer Name = Chiu-PC | Source = ESENT | ID = 215

Description = WinMail (4448) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
Error - 4/1/2013 9:27:32 AM | Computer Name = Chiu-PC | Source = ESENT | ID = 215

Description = WinMail (2184) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
Error - 4/2/2013 3:42:04 PM | Computer Name = Chiu-PC | Source = Application Hang
| ID = 1002

Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a90

Start Time: 01ce2fda08f2eb8c

Termination Time: 16

Application Path: C:\Windows\Explorer.EXE

Report Id: 62537477-9bcd-11e2-9710-a982178db251

Error - 4/10/2013 10:43:48 PM | Computer Name = Chiu-PC | Source = Application Hang
| ID = 1002

Description = The program InstantBackup.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13d4

Start Time: 01ce365d86882ddd

Termination Time: 0

Application Path: C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

Report Id: 99311c1e-a251-11e2-81ab-b27548ecd059

Error - 4/10/2013 11:41:24 PM | Computer Name = Chiu-PC | Source = Windows Activation
Technologies | ID = 3

Description = Health check failure:
hr = 0x8004FE22, HealthStatus: 0x0002000000000000

Error encountered while reading event logs.

< End of report >
  • 0

#5
Kenneth2001
Posted 21 April 2013 - 10:03 AM

Kenneth2001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Was that what you wanted?
  • 0

#6
Phel
Posted 21 April 2013 - 10:25 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Yup, absolutely. Now I'm analyzing your logs. Please note that my answers could come with a slight delay, because they are checked by my teacher.
  • 0

#7
Phel
Posted 22 April 2013 - 11:30 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Fix is here!

Please, follow these steps:

Step 1. Changing Chrome Search provider and Homepage.

Your current Chrome Search provider and Home page are malicious.

Please, follow this instruction and set your Search provider to www.google.com or to something else, what you you want. For Homepage, please, follow this instruction.

Step 2. AdwCleaner scan.

  • Please, download AdwCleaner from here to your Desktop.
  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Delete button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.
  • After fix Notepad window with report should appear. Post the contents of the report in your next message.

Step 3. OTL fix.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...A6B904CE59D5ECB
IE - HKCU\..\SearchScopes\{8979926D-8102-4087-8579-0E007D0CFE42}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKLM..\RunOnce: [SpUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f File not found
O4 - HKCU..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\Users\Chiu\AppData\Roaming\SearchProtect" File not found
[2013/04/21 08:15:54 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Open Download Manager
[2013/04/21 08:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/04/21 08:14:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/04/21 08:14:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/04/21 08:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDownloaderManager
[2013/04/21 09:32:20 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\CRE
[2013/04/19 14:55:59 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\DSite
[2013/04/19 14:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/04/19 14:55:49 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Babylon
[2013/04/13 09:00:51 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Strongvault

:Commands
[REBOOT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

So, please, don't forget to post in your next message:

  • AdwCleaner log
  • OTL log

  • 0

#8
Kenneth2001
Posted 22 April 2013 - 02:00 PM

Kenneth2001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
# AdwCleaner v2.201 - Logfile created 04/22/2013 at 14:56:00
# Updated 21/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Chiu - CHIU-PC
# Boot Mode : Normal
# Running from : C:\Users\Chiu\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Chiu\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Chiu\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Chiu\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Chiu\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKCU\Software\5957d88be56fb940
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5957d88be56fb940
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Chiu\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2568] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3297947&SearchSource=48&CUI[...]

File : C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3662 octets] - [22/04/2013 14:56:00]

########## EOF - C:\AdwCleaner[S1].txt - [3722 octets] ##########
  • 0

#9
Kenneth2001
Posted 22 April 2013 - 02:17 PM

Kenneth2001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL logfile created on: 4/22/2013 3:06:44 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chiu\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 61.22% Memory free
7.61 Gb Paging File | 5.89 Gb Available in Paging File | 77.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.70 Gb Total Space | 402.21 Gb Free Space | 90.04% Space Free | Partition Type: NTFS
Drive D: | 18.76 Gb Total Space | 3.03 Gb Free Space | 16.14% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 99.02 Mb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: CHIU-PC | User Name: Chiu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/21 10:54:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chiu\Downloads\OTL (1).exe
PRC - [2013/04/09 03:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/06/15 21:24:20 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ccsvchst.exe
PRC - [2011/11/03 13:10:42 | 000,008,704 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2009/09/30 23:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 03:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 03:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 03:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 03:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 03:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/31 16:20:50 | 000,015,344 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2009/10/21 02:35:26 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009/07/13 20:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV:64bit: - [2009/07/08 16:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/03 05:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe -- (AESTFilters)
SRV - [2013/04/14 11:11:23 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/06/15 21:24:20 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2011/11/03 13:10:42 | 000,008,704 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/06/21 15:09:44 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/21 02:35:26 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe -- (STacSV)
SRV - [2009/09/30 23:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 23:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/03 05:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/27 22:43:29 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/01/31 16:20:10 | 000,652,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/01/31 16:20:10 | 000,028,656 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/07/05 21:17:58 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/16 22:38:00 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/11/16 22:17:50 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/08/16 01:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/11/12 15:07:18 | 000,200,736 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2009/11/12 15:07:10 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/06 01:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/30 14:23:16 | 007,770,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/21 02:35:26 | 000,501,760 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/10/12 21:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/26 09:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/07 08:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/07/08 16:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 16:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/29 13:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/12 21:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2013/04/12 18:53:05 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130412.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/03/27 22:58:10 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130421.007\ex64.sys -- (NAVEX15)
DRV - [2013/03/27 22:58:10 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/03/27 22:58:10 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/03/27 22:58:10 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130421.007\eng64.sys -- (NAVENG)
DRV - [2013/03/27 16:35:32 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130419.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{06374B48-855E-49C0-A10B-A5C1F578241C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{8979926D-8102-4087-8579-0E007D0CFE42}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{06374B48-855E-49C0-A10B-A5C1F578241C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{8979926D-8102-4087-8579-0E007D0CFE42}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{06374B48-855E-49C0-A10B-A5C1F578241C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{715B8314-790A-4594-A46F-8751A718429E}: "URL" = http://www.google.co...Encoding?}&rlz=
IE - HKCU\..\SearchScopes\{FEDB6A79-FFAE-41D7-9972-AB2DBB92CE47}: "URL" = http://us.yhs4.searc...0000,0,0,0,7068
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npchrome: C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll ()
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.95\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Chiu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2013/03/27 22:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2013/04/22 15:06:14 | 000,000,000 | ---D | M]

[2013/04/19 14:56:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: about:blank
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: QQ2013 Firefox Plugin (Enabled) = C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll
CHR - plugin: QQ2013 Chrome Plugin for Chrome V23.0.1271.64 or latest version (Enabled) = C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll
CHR - plugin: Tencent SSO Platform (Enabled) = C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.95\Bin\npSSOAxCtrlForPTLogin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: QQMusic (Enabled) = C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll
CHR - plugin: npQQPhotoDrawEx (Enabled) = C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Chiu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Facebook = C:\Users\Chiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Facebook for Chrome = C:\Users\Chiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp\6.2.2_0\
CHR - Extension: Norton Identity Protection = C:\Users\Chiu\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect125.cab (GMNRev Class)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9757A6A0-93FA-4AD9-8A52-E57CE9DD1916}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE969B20-1967-4B32-9D46-2DF5E33972FB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/04/21 08:59:09 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{27dbc58a-9972-11e2-8315-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{27dbc58a-9972-11e2-8315-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SeagateDashboardSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/22 15:04:41 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013/04/22 15:02:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/21 09:47:54 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Malwarebytes
[2013/04/21 09:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/21 09:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/21 09:47:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/21 09:47:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/21 09:47:21 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\Programs
[2013/04/21 09:35:00 | 000,000,000 | ---D | C] -- C:\components
[2013/04/21 08:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/04/21 08:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/04/21 08:51:24 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\SpeedyPC Software
[2013/04/21 08:51:24 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\DriverCure
[2013/04/21 08:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/04/21 08:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\BackupPCFiles
[2013/04/21 08:00:15 | 000,000,000 | ---D | C] -- C:\Users\Chiu\Documents\BackupPCFiles Folder
[2013/04/21 07:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/04/21 07:58:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/04/20 11:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2013/04/19 14:59:32 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Mipony
[2013/04/19 14:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/13 09:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/04/13 09:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/04/13 09:01:59 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Real
[2013/04/13 09:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/04/13 09:00:09 | 000,000,000 | ---D | C] -- C:\Users\Chiu\Documents\My Cheat Tables
[2013/04/13 08:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2013/04/13 08:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2
[2013/04/13 08:59:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/04/13 08:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/04/13 08:59:40 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/04/08 15:16:17 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Memeo
[2013/04/08 15:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
[2013/04/08 15:12:57 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Seagate
[2013/04/08 15:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2013/04/08 15:12:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Memeo
[2013/04/08 15:12:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Memeo
[2013/04/08 15:10:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2013/04/01 00:25:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/04/01 00:06:43 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013/04/01 00:06:17 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013/03/31 01:00:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/03/31 01:00:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/03/30 18:28:02 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\Diagnostics
[2013/03/30 14:42:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013/03/30 14:42:09 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Intel Corporation
[2013/03/30 14:41:59 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2013/03/30 14:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013/03/30 14:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013/03/30 14:41:21 | 000,000,000 | ---D | C] -- C:\Users\Chiu\Intel
[2013/03/30 14:38:41 | 000,000,000 | ---D | C] -- C:\Users\Chiu\Documents\DriverGenius
[2013/03/30 14:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
[2013/03/30 14:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2013/03/30 14:31:27 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/03/30 11:14:21 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\WindowsUpdate
[2013/03/30 00:39:25 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\360SuperKiller
[2013/03/29 23:37:37 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\360DiagnoseScan
[2013/03/29 15:06:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/03/29 11:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/03/29 11:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/03/29 11:28:38 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\Adobe
[2013/03/29 11:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/29 11:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\360safe
[2013/03/29 11:17:19 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\360Login
[2013/03/29 11:17:06 | 000,019,800 | ---- | C] (360安全中心) -- C:\Windows\SysNative\drivers\efimon.sys
[2013/03/29 10:48:39 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\HP
[2013/03/29 10:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2013/03/29 10:17:29 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2013/03/29 10:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/03/29 10:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/03/29 09:29:40 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\Facebook
[2013/03/28 18:52:17 | 000,000,000 | ---D | C] -- C:\Users\Chiu\Documents\OneNote Notebooks
[2013/03/27 23:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/03/27 22:57:53 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa64.sys
[2013/03/27 22:57:53 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.sys
[2013/03/27 22:57:53 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds64.sys
[2013/03/27 22:57:53 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnets.sys
[2013/03/27 22:57:53 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ironx64.sys
[2013/03/27 22:57:53 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.sys
[2013/03/27 22:57:53 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.sys
[2013/03/27 22:57:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0604000.009
[2013/03/27 22:43:29 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/03/27 22:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/03/27 22:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/03/27 22:43:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013/03/27 22:43:02 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2013/03/27 22:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2013/03/27 22:42:51 | 000,000,000 | ---D | C] -- C:\Users\Chiu\Documents\Symantec
[2013/03/27 22:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/03/27 00:53:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tencent
[2013/03/27 00:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tencent
[2013/03/27 00:52:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tencent
[2013/03/27 00:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Tencent
[2013/03/27 00:52:05 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\Tencent
[2013/03/26 17:48:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/03/26 17:33:29 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\CrashDumps
[2013/03/26 16:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/03/26 16:54:51 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/03/26 16:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/03/26 16:51:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013/03/26 16:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/03/26 16:51:19 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\Microsoft Help
[2013/03/26 16:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/03/26 16:50:29 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\Google
[2013/03/26 16:50:20 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\Deployment
[2013/03/26 16:50:20 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\Apps
[2013/03/26 09:30:22 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\InstallShield
[2013/03/26 01:03:38 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\ElevatedDiagnostics
[2013/03/25 23:40:26 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2013/03/25 23:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2013/03/25 23:29:34 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\hpqLog
[2013/03/25 23:20:52 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Roaming\HP Support Assistant
[2013/03/25 23:17:17 | 000,000,000 | ---D | C] -- C:\Users\Chiu\Documents\Notes
[2013/03/25 22:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Wild Tangent
[2013/03/25 22:11:05 | 000,000,000 | RH-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2013/03/25 22:06:58 | 000,000,000 | ---D | C] -- C:\00af2b249cf7b786b5
[2013/03/25 21:59:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2013/03/25 21:59:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\msmq
[2013/03/25 21:59:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2013/03/25 21:59:40 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/03/25 21:46:03 | 000,000,000 | ---D | C] -- C:\Users\Chiu\AppData\Local\HuluDesktop
[2013/03/25 21:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/03/25 21:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/03/25 21:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/03/25 21:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/03/25 21:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Chiu\*.tmp files -> C:\Users\Chiu\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/22 15:06:40 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/22 15:04:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/22 15:04:03 | 3063,025,664 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/22 14:56:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/22 14:56:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/21 09:47:41 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/21 09:38:06 | 000,000,162 | ---- | M] () -- C:\Windows\Reimage.ini
[2013/04/21 08:59:09 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/04/21 08:51:22 | 000,854,258 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/21 08:51:22 | 000,715,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/21 08:51:22 | 000,139,428 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/21 08:32:43 | 000,002,239 | ---- | M] () -- C:\Users\Chiu\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/21 08:32:43 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 15:14:52 | 000,390,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/09 15:12:53 | 001,816,543 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\Cat.DB
[2013/04/08 15:14:52 | 000,001,241 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/31 00:56:34 | 000,001,397 | ---- | M] () -- C:\Users\Chiu\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/31 00:51:47 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/31 00:51:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/30 14:42:12 | 000,857,232 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/30 14:37:32 | 000,001,071 | ---- | M] () -- C:\Users\Chiu\Desktop\Driver Genius Professional Edition.lnk
[2013/03/29 11:53:54 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/03/28 18:52:13 | 000,002,879 | ---- | M] () -- C:\Users\Chiu\Desktop\Microsoft OneNote 2010.lnk
[2013/03/28 15:48:42 | 000,003,021 | ---- | M] () -- C:\Users\Chiu\Desktop\Microsoft Word 2010.lnk
[2013/03/28 15:48:37 | 000,002,937 | ---- | M] () -- C:\Users\Chiu\Desktop\Microsoft PowerPoint 2010.lnk
[2013/03/28 15:48:22 | 000,002,951 | ---- | M] () -- C:\Users\Chiu\Desktop\Microsoft Excel 2010.lnk
[2013/03/27 23:00:27 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2013/03/27 22:58:10 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\VT20130115.021
[2013/03/27 22:43:29 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/03/27 22:43:29 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/03/27 22:43:29 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/03/27 22:40:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/03/26 17:25:03 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Pavilion dv4 Notebook PC_Y5335KV_0U_QCND0012JHB_E584329-002_4A_I140A_SHP_V50.16_F.05_T091210_WU3-0_L409_M3895_J500_7Intel_8652_92.13_#100107_N168C002B;10EC8136_(WA684UA#ABA)_XMOBILE_CN10_Z.MRK
[2013/03/26 17:25:03 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Pavilion dv4 Notebook PC_Y5335KV_0U_QCND0012JHB_E584329-002_4A_I140A_SHP_V50.16_F.05_T091210_WU3-0_L409_M3895_J500_7Intel_8652_92.13_#100107_N168C002B;10EC8136_(WA684UA#ABA)_XMOBILE_CN10_Z.MRK
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Chiu\*.tmp files -> C:\Users\Chiu\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/21 09:47:41 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/21 09:36:08 | 000,000,162 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/04/21 08:59:09 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/04/08 15:12:48 | 000,001,241 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2013/04/01 00:07:52 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013/04/01 00:05:49 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013/04/01 00:04:25 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013/04/01 00:04:25 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013/04/01 00:04:15 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013/03/31 01:04:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/03/31 00:51:47 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/03/31 00:51:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/03/31 00:39:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/03/30 14:37:32 | 000,001,071 | ---- | C] () -- C:\Users\Chiu\Desktop\Driver Genius Professional Edition.lnk
[2013/03/29 11:53:54 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/03/29 11:53:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/03/28 18:52:13 | 000,002,879 | ---- | C] () -- C:\Users\Chiu\Desktop\Microsoft OneNote 2010.lnk
[2013/03/28 15:48:42 | 000,003,021 | ---- | C] () -- C:\Users\Chiu\Desktop\Microsoft Word 2010.lnk
[2013/03/28 15:48:37 | 000,002,937 | ---- | C] () -- C:\Users\Chiu\Desktop\Microsoft PowerPoint 2010.lnk
[2013/03/28 15:48:22 | 000,002,951 | ---- | C] () -- C:\Users\Chiu\Desktop\Microsoft Excel 2010.lnk
[2013/03/27 23:00:00 | 001,816,543 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\Cat.DB
[2013/03/27 22:58:30 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\VT20130115.021
[2013/03/27 22:57:53 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds64.cat
[2013/03/27 22:57:53 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnet64.cat
[2013/03/27 22:57:53 | 000,007,450 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\iron.cat
[2013/03/27 22:57:53 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.cat
[2013/03/27 22:57:53 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa64.cat
[2013/03/27 22:57:53 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.cat
[2013/03/27 22:57:53 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.cat
[2013/03/27 22:57:53 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa.inf
[2013/03/27 22:57:53 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds.inf
[2013/03/27 22:57:53 | 000,001,441 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnet.inf
[2013/03/27 22:57:53 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.inf
[2013/03/27 22:57:53 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.inf
[2013/03/27 22:57:53 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.inf
[2013/03/27 22:57:53 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\iron.inf
[2013/03/27 22:57:48 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\isolate.ini
[2013/03/27 22:43:29 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/03/27 22:43:29 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/03/27 22:43:26 | 000,002,380 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2013/03/27 22:40:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/03/27 00:52:05 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2013/03/26 17:49:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/26 17:25:03 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Pavilion dv4 Notebook PC_Y5335KV_0U_QCND0012JHB_E584329-002_4A_I140A_SHP_V50.16_F.05_T091210_WU3-0_L409_M3895_J500_7Intel_8652_92.13_#100107_N168C002B;10EC8136_(WA684UA#ABA)_XMOBILE_CN10_Z.MRK
[2013/03/26 17:25:03 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Pavilion dv4 Notebook PC_Y5335KV_0U_QCND0012JHB_E584329-002_4A_I140A_SHP_V50.16_F.05_T091210_WU3-0_L409_M3895_J500_7Intel_8652_92.13_#100107_N168C002B;10EC8136_(WA684UA#ABA)_XMOBILE_CN10_Z.MRK
[2013/03/26 16:51:28 | 000,002,239 | ---- | C] () -- C:\Users\Chiu\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/26 16:51:28 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/25 22:00:37 | 000,857,232 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/25 21:15:33 | 3063,025,664 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/29 23:40:10 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\360DiagnoseScan
[2013/03/29 11:17:19 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\360Login
[2013/03/30 00:39:25 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\360SuperKiller
[2013/04/21 08:51:24 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\DriverCure
[2010/02/28 11:25:40 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\Kingsoft
[2013/04/08 15:16:17 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\Memeo
[2013/04/19 15:00:06 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\Mipony
[2013/04/08 15:12:57 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\Seagate
[2013/04/21 08:51:24 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\SpeedyPC Software
[2013/03/27 00:54:04 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\Tencent
[2010/02/28 13:59:56 | 000,000,000 | ---D | M] -- C:\Users\Chiu\AppData\Roaming\Tific

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/03/27 00:53:02 | 000,002,176 | ---- | M] ()(C:\Users\Chiu\Application Data\Microsoft\Internet Explorer\Quick Launch\??QQ.lnk) -- C:\Users\Chiu\Application Data\Microsoft\Internet Explorer\Quick Launch\腾讯QQ.lnk
[2013/03/27 00:53:02 | 000,002,176 | ---- | C] ()(C:\Users\Chiu\Application Data\Microsoft\Internet Explorer\Quick Launch\??QQ.lnk) -- C:\Users\Chiu\Application Data\Microsoft\Internet Explorer\Quick Launch\腾讯QQ.lnk
[2013/03/27 00:53:02 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件

< End of report >
  • 0

#10
Kenneth2001
Posted 22 April 2013 - 02:18 PM

Kenneth2001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for helping me remove the virus!
  • 0

Advertisements

#11
Phel
Posted 23 April 2013 - 11:50 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hey, follow these steps:

Step 1. AdwCleaner scan.

  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • AdwCleaner window should appear.
  • Click on the Search button.
  • After scan Notepad window with report should appear. Post the contents of the report in your next message.

Step 2. MBAM scan.

Run Malwarebytes Anti-Malware.
  • Go to the Update tab.
  • Click on the Check for updates button. New small window should appear.
  • If an update is found, it will download and install the latest definitions.
  • Go back to the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3. ESET Online Scanner scan.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

So, please, don't forget to post in your next message:

  • AdwCleaner log
  • ESET Online Scanner's log
  • MBAM log

  • 0

#12
Kenneth2001
Posted 27 April 2013 - 06:15 AM

Kenneth2001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
# AdwCleaner v2.202 - Logfile created 04/27/2013 at 07:15:13
# Updated 23/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Chiu - CHIU-PC
# Boot Mode : Normal
# Running from : C:\Users\Chiu\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Common Files\Tencent
Folder Found : C:\Program Files (x86)\Tencent
Folder Found : C:\ProgramData\Tencent
Folder Found : C:\Users\Chiu\AppData\Roaming\Tencent
Folder Found : C:\Users\Lin\AppData\Local\Tencent
Folder Found : C:\Users\Lin\AppData\LocalLow\Tencent
Folder Found : C:\Users\Lin\AppData\Roaming\Tencent

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Chiu\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Lin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1116 octets] - [27/04/2013 07:15:13]
AdwCleaner[S1].txt - [3785 octets] - [22/04/2013 14:56:00]

########## EOF - C:\AdwCleaner[R1].txt - [1236 octets] ##########
  • 0

#13
Kenneth2001
Posted 27 April 2013 - 06:30 AM

Kenneth2001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.27.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chiu :: CHIU-PC [administrator]

Protection: Enabled

4/27/2013 7:16:46 AM
mbam-log-2013-04-27 (07-16-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256081
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#14
Phel
Posted 27 April 2013 - 08:14 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
What about ESET Online Scanner's log?

Please, follow these steps:

  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Delete button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.
  • After fix Notepad window with report should appear. Post the contents of the report in your next message.

  • 0

#15
Kenneth2001
Posted 27 April 2013 - 09:07 PM

Kenneth2001

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I can't seem to find the ESET Online Scanner's log on my computer.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP