[dif4]

Hi,

When I opened Internet Explorer earlier, it will try to load the homepage for a while before automatically closing it. I managed to solve this using Malwarebytes' Anti-Malware. However, the scan showed 900 over files infected and when I tried to remove all of it, Malwarebytes' Anti-Malware hanged. After that, I removed only the files Malwarebytes' Anti-Malware auto-selected (sorry, I cannot remember all names of the files) and Internet Explorer is working after that.

Now when I use Malwarebytes' Anti-Malware's scan, there are still over 900 files infected, I think the name of the malware is PUP.Optional.QuickShare.A. When I tried to use Chrome now, the homepage turned to Snap.do. Now when I try to launch Microsoft Security Essentials, it says "The file can not be accessed by the system".

Here's the OTL log:

s OTL logfile created on: 11/11/2013 8:30:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 16.13% Memory free
4.81 Gb Paging File | 2.55 Gb Available in Paging File | 52.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.87 Gb Total Space | 13.85 Gb Free Space | 5.95% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 5.28 Gb Free Space | 2.27% Space Free | Partition Type: NTFS
Drive F: | 58.59 Gb Total Space | 0.48 Gb Free Space | 0.81% Space Free | Partition Type: NTFS
Drive G: | 174.29 Gb Total Space | 0.14 Gb Free Space | 0.08% Space Free | Partition Type: NTFS
Drive H: | 189.92 Gb Total Space | 6.63 Gb Free Space | 3.49% Space Free | Partition Type: NTFS

Computer Name: USER-8CE73256DD | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/11 20:30:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2013/10/24 14:27:22 | 000,191,840 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2013/10/20 11:25:02 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/10/10 18:39:12 | 001,261,184 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- H:\Program Files\QvodPlayer\QvodTerminal.exe
PRC - [2013/09/10 23:18:16 | 002,476,312 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/09/10 23:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/07/04 02:52:24 | 001,033,488 | ---- | M] (Youku.com) -- C:\Program Files\YouKu\youkuclient\YoukuDesktop.exe
PRC - [2013/07/04 02:52:14 | 003,885,336 | ---- | M] (Youku.com) -- C:\Program Files\YouKu\youkuclient\YoukuMediaCenter.exe
PRC - [2013/05/29 11:34:28 | 000,449,248 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2012/10/03 19:29:08 | 004,273,940 | ---- | M] () -- C:\Program Files\gogobox\gogobox_e.exe
PRC - [2012/10/03 19:28:49 | 001,446,016 | ---- | M] (NEXTLiNK Technology Co., Ltd.) -- C:\Program Files\gogobox\gogobox.exe
PRC - [2011/12/11 00:03:31 | 001,525,168 | ---- | M] (土豆网) -- C:\Program Files\Tudou\iTudou\iTudou.exe
PRC - [2010/11/09 11:50:46 | 000,303,104 | ---- | M] () -- C:\Program Files\RaySource\RaySource.exe
PRC - [2010/05/05 04:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2008/12/31 01:53:48 | 004,993,024 | ---- | M] (FS2YOU) -- C:\Program Files\GridService\peer.exe
PRC - [2008/12/31 01:53:46 | 000,249,856 | ---- | M] (FS2YOU) -- C:\Program Files\GridService\PeerAdapter.exe
PRC - [2008/12/03 18:11:42 | 002,514,744 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\BitComet.exe
PRC - [2008/04/14 11:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 11:42:16 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/11 05:53:43 | 000,146,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2013/11/08 19:46:14 | 000,180,560 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\3.4.0.0111\tipsflash.dll
MOD - [2013/11/08 19:44:19 | 000,493,968 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\3.4.0.0111\tipsclient.dll
MOD - [2013/11/08 19:43:24 | 000,108,960 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\3.4.0.0111\tipsdone.dll
MOD - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013/10/24 14:27:46 | 002,310,992 | ---- | M] () -- C:\WINDOWS\system32\shellfire.dll
MOD - [2013/10/24 14:27:08 | 000,568,656 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\3.4.0.0111\MngModule.dll
MOD - [2013/10/09 16:06:48 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/09 16:05:01 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/10/09 14:51:11 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/09/26 17:55:04 | 000,137,648 | ---- | M] () -- H:\Program Files\QvodPlayer\NetUtil.dll
MOD - [2013/09/13 10:02:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2013/09/02 18:19:24 | 003,069,568 | ---- | M] () -- H:\Program Files\QvodPlayer\image_hash.dll
MOD - [2013/09/02 18:19:18 | 004,218,288 | ---- | M] () -- H:\Program Files\QvodPlayer\QvodRes.dll
MOD - [2013/09/02 18:19:18 | 000,243,752 | ---- | M] () -- H:\Program Files\QvodPlayer\QvodImageInfo.dll
MOD - [2013/08/20 05:52:10 | 000,991,984 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/08/14 19:32:34 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\40ea80adb0fbe21bc953ac641f033a04\System.Web.Services.ni.dll
MOD - [2013/08/14 19:29:18 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/14 19:29:04 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/08/14 19:26:20 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5013900c3c0610c88059fcb8f1f4acb4\System.Data.ni.dll
MOD - [2013/08/14 19:25:31 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/11 00:27:34 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2012/10/03 19:29:08 | 004,273,940 | ---- | M] () -- C:\Program Files\gogobox\gogobox_e.exe
MOD - [2012/07/20 13:36:06 | 000,098,304 | ---- | M] () -- H:\Program Files\56ican\SysCMenuEx.dll
MOD - [2012/07/17 10:56:14 | 000,587,776 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/04/30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011/07/07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\Report.dll
MOD - [2010/11/09 11:51:08 | 000,192,512 | ---- | M] () -- C:\Program Files\RaySource\RoxFileHistoryPlugin.dll
MOD - [2010/11/09 11:50:46 | 000,303,104 | ---- | M] () -- C:\Program Files\RaySource\RaySource.exe
MOD - [2010/11/09 11:50:16 | 000,286,720 | ---- | M] () -- C:\Program Files\RaySource\RoxFileDownloadPlugin.dll
MOD - [2010/11/09 11:49:38 | 000,188,416 | ---- | M] () -- C:\Program Files\RaySource\RoxFileUploadPlugin.dll
MOD - [2010/11/09 11:49:06 | 000,401,408 | ---- | M] () -- C:\Program Files\RaySource\RoxBaseClass.dll
MOD - [2010/03/16 10:53:57 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/01/11 15:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\VObject.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Desktop\Install\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\ \ \ﯹ๛\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\GoogleUpdate.exe < [WARNING: C:\Program Files\Google\Desktop\Install\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\ \ \???\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\GoogleUpdate.exe <] -- (etadpug)
SRV - [2013/11/10 14:35:30 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/24 14:28:14 | 000,478,032 | ---- | M] (PPTV) [Auto | Running] -- C:\WINDOWS\system32\PPTVSvc.dll -- (PPTVService)
SRV - [2013/10/20 11:25:02 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/09/10 23:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/08/12 10:12:38 | 000,022,208 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/05 04:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/11/11 20:22:47 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\mivlvts.sys -- (xyvhgc)
DRV - [2013/09/10 23:18:28 | 000,222,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/09/10 23:18:28 | 000,148,688 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/09/10 23:18:28 | 000,097,008 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/08/20 05:52:05 | 000,330,960 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys -- (RapportCerberus_56758)
DRV - [2012/12/30 04:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2012/07/21 19:42:37 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/07/21 19:42:37 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/10/05 18:11:24 | 006,164,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/09/09 15:13:02 | 000,234,728 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/05/17 17:11:22 | 000,006,272 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/04/08 03:32:48 | 000,116,224 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/04/14 08:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/03/16 14:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2001/08/23 20:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=11/11/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=11/11/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=11/11/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.soccernet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=11/11/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=11/11/2013
IE - HKCU\..\SearchScopes,DefaultScope = {F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=11/11/2013
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}: "URL" = http://www.google.co...1I7NDKB_enSG548
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: H:\Program Files\Baidu\BaiduPlayer\1.17.0.172\npxbdyy.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\3.4.0.0111\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/QQlive: C:\Program Files\Tencent\QQLive\LiveOcx\npQQLive.dll File not found
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: H:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: H:\Program Files\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@sohu.com/npifox: H:\Program Files\搜狐影音\npifox.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@www.56.com/56icanplugin: H:\Program Files\56ican\np56icanplugin.dll (www.56.com)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: H:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: H:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)



========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://feed.snapdo.c...Date=11/11/2013
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://feed.snapdo.c...Date=11/11/2013
CHR - plugin: First user (Enabled) = H:\Program Files\鎼滅嫄褰遍煶\npifox.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Snap.Do = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: Google Docs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/07/23 06:38:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - H:\Program Files\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [994534e] C:\Documents and Settings\All Users\Documents\My Music\6b12d9994\6b12d9994.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QvodTerminal] H:\Program Files\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
O4 - HKCU..\Run: [494bec] C:\Documents and Settings\User\Application Data\278c5f494\278c5f494.exe ()
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Documents and Settings\User\Local Settings\Application Data\Smartbar\Application\SnapDo.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKCU..\Run: [Grid Service] C:\Program Files\GridService\peer.exe (FS2YOU)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &使用FLVCD获取本页视频的下载地址 - C:\Documents and Settings\User\Application Data\flvcd\flvcd_link.htm ()
O8 - Extra context menu item: &使用FLVCD获取该视频的下载地址 - C:\Documents and Settings\User\Application Data\flvcd\flvcd_href.htm ()
O8 - Extra context menu item: Download with Mipony - H:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: 使用快播按图找片 - H:\Program Files\QvodPlayer\AddIn\ImgSeed.htm ()
O8 - Extra context menu item: 收藏到搜狐影音 - Reg Error: Value error. File not found
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\YouKu\youkuclient\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\YouKu\youkuclient\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\YouKu\youkuclient\ikutm.dll (youku.com)
O15 - HKLM\..Trusted Domains: gogobox.com.tw ([]gb2 in Trusted sites)
O15 - HKLM\..Trusted Domains: gogobox.com.tw ([]http in Trusted sites)
O16 - DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} http://dl_dir.qq.com...MMInstaller.cab (InstallHelper Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.c...oft_webscan.cab (Emsisoft Web Malware Scan)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ad...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84BB2E11-9558-430C-8909-EDB3C4C1FB8B}: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99500004-75DD-4DC2-A969-0129C59083B3}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/07 07:24:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/06/15 09:36:56 | 001,029,537 | ---- | M] () - H:\AutoClick.rar -- [ NTFS ]
O33 - MountPoints2\{1af53b09-c268-11e0-8308-003067a72b32}\Shell - "" = AutoRun
O33 - MountPoints2\{1af53b09-c268-11e0-8308-003067a72b32}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1af53b09-c268-11e0-8308-003067a72b32}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\Shell - "" = AutoRun
O33 - MountPoints2\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\Shell - "" = AutoRun
O33 - MountPoints2\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\Shell - "" = AutoRun
O33 - MountPoints2\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{d4b6eaa5-0add-11e2-869a-003067a72b32}\Shell - "" = AutoRun
O33 - MountPoints2\{d4b6eaa5-0add-11e2-869a-003067a72b32}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d4b6eaa5-0add-11e2-869a-003067a72b32}\Shell\AutoRun\command - "" = I:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/11 20:30:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/11/11 19:45:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/11/11 05:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\systweak
[2013/11/11 05:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Smartbar
[2013/11/11 00:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2013/11/11 00:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2013/11/10 22:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2013/11/10 22:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/11/10 22:49:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\Application Data\278c5f494
[2013/11/10 14:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/11/08 19:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\.android
[2013/11/08 19:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Wandoujia2
[2013/11/05 20:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Downloads
[2013/11/01 06:01:27 | 000,000,000 | ---D | C] -- C:\King of Lan Ling
[2013/10/30 21:30:24 | 000,000,000 | ---D | C] -- C:\Love of Seven Fairy Maidens
[2013/10/30 21:29:16 | 000,000,000 | ---D | C] -- C:\十二生肖传奇
[2013/10/24 14:28:14 | 000,478,032 | ---- | C] (PPTV) -- C:\WINDOWS\System32\PPTVSvc.dll
[2013/10/24 14:28:12 | 000,399,824 | ---- | C] (PPLive Corporation) -- C:\WINDOWS\System32\PPTVLauncher.exe
[2013/10/20 11:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/20 11:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2013/10/16 22:00:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Device
[2013/10/16 22:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\baiduAddr
[2013/10/16 22:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\Baidu
[2013/10/16 22:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\快播软件
[2013/10/16 22:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\KuaiWan
[2013/10/16 21:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\QvodPlayer

========== Files - Modified Within 30 Days ==========

[2013/11/11 20:30:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/11/11 20:28:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/11 20:22:47 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\mivlvts.sys
[2013/11/11 20:22:00 | 000,000,536 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/11 20:18:14 | 000,000,002 | ---- | M] () -- C:\ylog.dxq
[2013/11/11 19:48:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/11 19:47:50 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/11 19:47:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/11 18:26:01 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003UA.job
[2013/11/11 06:26:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003Core.job
[2013/11/11 06:13:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/11 05:54:09 | 000,002,073 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Search.lnk
[2013/11/11 05:50:44 | 000,248,578 | ---- | M] () -- C:\Documents and Settings\User\UTS.exe
[2013/11/10 22:00:44 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Football Manager 2014.url
[2013/11/10 20:32:27 | 000,216,064 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/10 17:01:34 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/11/10 13:15:27 | 000,000,138 | ---- | M] () -- C:\WINDOWS\vsfilter.INI
[2013/11/09 08:23:37 | 000,165,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/11/08 20:00:53 | 000,000,149 | ---- | M] () -- C:\WINDOWS\phw.ini
[2013/11/06 05:52:15 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
[2013/11/05 07:55:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/10/27 09:27:56 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\User\Application Data\coreavc.ini
[2013/10/24 14:28:14 | 000,478,032 | ---- | M] (PPTV) -- C:\WINDOWS\System32\PPTVSvc.dll
[2013/10/24 14:28:12 | 000,399,824 | ---- | M] (PPLive Corporation) -- C:\WINDOWS\System32\PPTVLauncher.exe
[2013/10/24 14:27:46 | 002,310,992 | ---- | M] () -- C:\WINDOWS\System32\shellfire.dll
[2013/10/21 21:36:12 | 000,000,004 | ---- | M] () -- C:\authres.html
[2013/10/18 20:32:06 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/10/16 22:00:40 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk

========== Files Created - No Company Name ==========

[2013/11/11 20:22:47 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\mivlvts.sys
[2013/11/11 20:18:14 | 000,000,002 | ---- | C] () -- C:\ylog.dxq
[2013/11/11 05:54:46 | 000,017,280 | ---- | C] () -- C:\WINDOWS\System32\roboot.exe
[2013/11/11 05:54:09 | 000,002,073 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Search.lnk
[2013/11/11 05:50:40 | 000,248,578 | ---- | C] () -- C:\Documents and Settings\User\UTS.exe
[2013/11/10 22:00:43 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Football Manager 2014.url
[2013/10/24 14:27:46 | 002,310,992 | ---- | C] () -- C:\WINDOWS\System32\shellfire.dll
[2013/10/16 22:00:40 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk
[2013/09/22 21:31:15 | 000,000,149 | ---- | C] () -- C:\WINDOWS\phw.ini
[2013/06/14 23:52:56 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2012/11/30 06:28:11 | 000,000,305 | ---- | C] () -- C:\WINDOWS\System32\bdsecushr.dat
[2012/10/07 14:08:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\vsfilter.INI
[2012/10/07 14:08:25 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\User\Application Data\coreavc.ini
[2012/02/16 12:48:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/23 17:13:02 | 000,601,390 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-343818398-179605362-1801674531-1003-0.dat
[2011/02/23 17:13:01 | 000,140,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/07 12:32:53 | 000,216,064 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011/01/07 12:29:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[2013/11/11 05:48:54 | 000,005,632 | -HS- | M] () -- C:\WINDOWS\assembly\GAC\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 11:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 11:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/04/17 22:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarEntertainment
[2011/01/07 07:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2013/01/20 21:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Application Data
[2011/01/11 12:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2012/10/07 14:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Baidu
[2013/11/11 18:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2013/07/07 01:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grid
[2013/11/10 14:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/01/20 21:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jlcm
[2011/01/07 07:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
[2013/10/16 22:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KuaiWan
[2012/04/27 21:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/02/08 15:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NatGeoGames
[2011/02/02 13:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2013/11/08 19:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2012/03/09 05:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/02/19 14:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2013/04/18 10:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/07/07 19:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2013/11/10 22:49:46 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\User\Application Data\278c5f494
[2013/04/17 22:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AlawarEntertainment
[2012/04/27 21:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Anarchy
[2011/10/20 07:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Awem
[2012/10/07 14:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Baidu
[2013/10/17 22:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\baiduAddr
[2011/01/20 13:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BlamGames
[2013/03/23 11:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Building the Great Wall of China
[2012/07/26 09:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CometPlayer
[2011/01/09 02:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Pro
[2011/09/09 23:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\dekovir
[2013/08/22 20:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\flvcd
[2012/06/08 17:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FMRTEv5
[2011/02/02 12:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Go-Go Gourmet Chef of the Year
[2013/04/16 23:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Happy Kingdom
[2013/07/22 23:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HipSoft
[2011/01/09 02:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IObit
[2011/01/07 07:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Kingsoft
[2012/09/28 22:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mipony
[2011/02/08 15:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NatGeoGames
[2011/02/02 13:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlayFirst
[2013/02/02 18:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPlive
[2013/11/09 08:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPStream
[2013/09/22 21:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPStreamSetup
[2013/07/05 22:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/08/09 20:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
[2011/02/19 14:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sports Interactive
[2011/01/08 15:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Supermarket Mania 2
[2013/11/11 05:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\systweak
[2013/11/10 18:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\tigerplayer
[2013/11/08 19:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Wandoujia2
[2013/09/11 20:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\youku

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/08/09 09:57:41 | 000,000,000 | ---D | M](C:\Program Files\??êó) -- C:\Program Files\˶Êó
[2012/08/09 09:57:41 | 000,000,000 | ---D | M](C:\Program Files\??êó) -- C:\Program Files\˶Êó
(C:\Program Files\??êó) -- C:\Program Files\˶Êó

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC386FD2
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63C68F03
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D2EA83

< End of report >


I suspect the malware is not totally cleared. Can it be totally removed from my system?

Thank you.

[Advertisements]

Hi you have a zero access infection, I do not believe that OTL will be able to clear it so I will run an additional programme

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

:Commands
[CREATERESTOREPOINT]

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Desktop\Install\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\ \ \ﯹ๛\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\GoogleUpdate.exe < [WARNING: C:\Program Files\Google\Desktop\Install\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\ \ \???\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\GoogleUpdate.exe <] -- (etadpug)
DRV - [2013/11/11 20:22:47 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\mivlvts.sys -- (xyvhgc)
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=11/11/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=11/11/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=11/11/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=11/11/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=11/11/2013
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=11/11/2013
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [994534e] C:\Documents and Settings\All Users\Documents\My Music\6b12d9994\6b12d9994.exe ()
O4 - HKCU..\Run: [494bec] C:\Documents and Settings\User\Application Data\278c5f494\278c5f494.exe ()
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Documents and Settings\User\Local Settings\Application Data\Smartbar\Application\SnapDo.exe ()
O4 - HKCU..\Run: [Google Update] Reg Error: Value error. File not found
[2013/11/11 05:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Smartbar
[2013/11/10 22:49:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\Application Data\278c5f494
[2013/11/11 20:22:47 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\mivlvts.sys
[2013/11/11 20:18:14 | 000,000,002 | ---- | C] () -- C:\ylog.dxq
[2013/11/11 05:54:46 | 000,017,280 | ---- | C] () -- C:\WINDOWS\System32\roboot.exe
[2013/11/11 18:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2013/11/10 22:49:46 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\User\Application Data\278c5f494

:Files
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Netsh firewall reset /c
netsh advfirewall reset /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[Essexboy]

Hi you have a zero access infection, I do not believe that OTL will be able to clear it so I will run an additional programme

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

:Commands
[CREATERESTOREPOINT]

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Desktop\Install\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\ \ \ﯹ๛\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\GoogleUpdate.exe < [WARNING: C:\Program Files\Google\Desktop\Install\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\ \ \???\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\GoogleUpdate.exe <] -- (etadpug)
DRV - [2013/11/11 20:22:47 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\mivlvts.sys -- (xyvhgc)
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=11/11/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=11/11/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=11/11/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=11/11/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=11/11/2013
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=11/11/2013
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [994534e] C:\Documents and Settings\All Users\Documents\My Music\6b12d9994\6b12d9994.exe ()
O4 - HKCU..\Run: [494bec] C:\Documents and Settings\User\Application Data\278c5f494\278c5f494.exe ()
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Documents and Settings\User\Local Settings\Application Data\Smartbar\Application\SnapDo.exe ()
O4 - HKCU..\Run: [Google Update] Reg Error: Value error. File not found
[2013/11/11 05:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Smartbar
[2013/11/10 22:49:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\User\Application Data\278c5f494
[2013/11/11 20:22:47 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\mivlvts.sys
[2013/11/11 20:18:14 | 000,000,002 | ---- | C] () -- C:\ylog.dxq
[2013/11/11 05:54:46 | 000,017,280 | ---- | C] () -- C:\WINDOWS\System32\roboot.exe
[2013/11/11 18:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2013/11/10 22:49:46 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\User\Application Data\278c5f494

:Files
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Netsh firewall reset /c
netsh advfirewall reset /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[dif4]

Hi Essexboy,

Thanks for your help.

Here's the OTL log:

OTL logfile created on: 11/11/2013 11:40:24 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 78.75% Memory free
4.81 Gb Paging File | 4.35 Gb Available in Paging File | 90.48% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.87 Gb Total Space | 24.04 Gb Free Space | 10.32% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 5.28 Gb Free Space | 2.27% Space Free | Partition Type: NTFS
Drive F: | 58.59 Gb Total Space | 0.48 Gb Free Space | 0.81% Space Free | Partition Type: NTFS
Drive G: | 174.29 Gb Total Space | 0.14 Gb Free Space | 0.08% Space Free | Partition Type: NTFS
Drive H: | 189.92 Gb Total Space | 3.42 Gb Free Space | 1.80% Space Free | Partition Type: NTFS

Computer Name: USER-8CE73256DD | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/11 23:24:31 | 001,090,275 | ---- | M] (Farbar) -- C:\Documents and Settings\User\Desktop\FRST.exe
PRC - [2013/11/11 20:30:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2013/10/24 14:27:22 | 000,191,840 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2013/10/20 11:25:02 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/10/10 18:39:12 | 001,261,184 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- H:\Program Files\QvodPlayer\QvodTerminal.exe
PRC - [2013/09/10 23:18:16 | 002,476,312 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/09/10 23:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/05/29 11:34:28 | 000,449,248 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2010/05/05 04:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2008/12/31 01:53:48 | 004,993,024 | ---- | M] (FS2YOU) -- C:\Program Files\GridService\peer.exe
PRC - [2008/04/14 11:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 11:42:16 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/08 19:46:14 | 000,180,560 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\3.4.0.0111\tipsflash.dll
MOD - [2013/11/08 19:44:19 | 000,493,968 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\3.4.0.0111\tipsclient.dll
MOD - [2013/11/08 19:43:24 | 000,108,960 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\3.4.0.0111\tipsdone.dll
MOD - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013/10/24 14:27:08 | 000,568,656 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\3.4.0.0111\MngModule.dll
MOD - [2013/09/26 17:55:04 | 000,137,648 | ---- | M] () -- H:\Program Files\QvodPlayer\NetUtil.dll
MOD - [2013/09/13 10:02:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2013/09/02 18:19:24 | 003,069,568 | ---- | M] () -- H:\Program Files\QvodPlayer\image_hash.dll
MOD - [2013/09/02 18:19:18 | 004,218,288 | ---- | M] () -- H:\Program Files\QvodPlayer\QvodRes.dll
MOD - [2013/09/02 18:19:18 | 000,243,752 | ---- | M] () -- H:\Program Files\QvodPlayer\QvodImageInfo.dll
MOD - [2013/08/20 05:52:10 | 000,991,984 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/07/17 10:56:14 | 000,587,776 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/04/30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011/07/07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\Report.dll
MOD - [2010/03/16 10:53:57 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/01/11 15:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\VObject.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Desktop\Install\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\ \ \ﯹ๛\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\GoogleUpdate.exe < [WARNING: C:\Program Files\Google\Desktop\Install\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\ \ \???\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\GoogleUpdate.exe <] -- (etadpug)
SRV - [2013/11/10 14:35:30 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/24 14:28:14 | 000,478,032 | ---- | M] (PPTV) [Auto | Running] -- C:\WINDOWS\system32\PPTVSvc.dll -- (PPTVService)
SRV - [2013/10/20 11:25:02 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/09/10 23:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/08/12 10:12:38 | 000,022,208 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/05 04:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/09/10 23:18:28 | 000,222,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/09/10 23:18:28 | 000,148,688 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/09/10 23:18:28 | 000,097,008 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/08/20 05:52:05 | 000,330,960 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys -- (RapportCerberus_56758)
DRV - [2012/12/30 04:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2012/07/21 19:42:37 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/07/21 19:42:37 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/10/05 18:11:24 | 006,164,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/09/09 15:13:02 | 000,234,728 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/05/17 17:11:22 | 000,006,272 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/04/08 03:32:48 | 000,116,224 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/04/14 08:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/03/16 14:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2001/08/23 20:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.soccernet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}: "URL" = http://www.google.co...1I7NDKB_enSG548
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: H:\Program Files\Baidu\BaiduPlayer\1.17.0.172\npxbdyy.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\3.4.0.0111\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/QQlive: C:\Program Files\Tencent\QQLive\LiveOcx\npQQLive.dll File not found
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: H:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: H:\Program Files\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@sohu.com/npifox: H:\Program Files\搜狐影音\npifox.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@www.56.com/56icanplugin: H:\Program Files\56ican\np56icanplugin.dll (www.56.com)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: H:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: H:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)



========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: First user (Enabled) = H:\Program Files\鎼滅嫄褰遍煶\npifox.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/11/11 23:26:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - H:\Program Files\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QvodTerminal] H:\Program Files\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKCU..\Run: [Grid Service] C:\Program Files\GridService\peer.exe (FS2YOU)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &使用FLVCD获取本页视频的下载地址 - C:\Documents and Settings\User\Application Data\flvcd\flvcd_link.htm ()
O8 - Extra context menu item: &使用FLVCD获取该视频的下载地址 - C:\Documents and Settings\User\Application Data\flvcd\flvcd_href.htm ()
O8 - Extra context menu item: Download with Mipony - H:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: 使用快播按图找片 - H:\Program Files\QvodPlayer\AddIn\ImgSeed.htm ()
O8 - Extra context menu item: 收藏到搜狐影音 - Reg Error: Value error. File not found
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\YouKu\youkuclient\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\YouKu\youkuclient\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\YouKu\youkuclient\ikutm.dll (youku.com)
O15 - HKLM\..Trusted Domains: gogobox.com.tw ([]gb2 in Trusted sites)
O15 - HKLM\..Trusted Domains: gogobox.com.tw ([]http in Trusted sites)
O16 - DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} http://dl_dir.qq.com...MMInstaller.cab (InstallHelper Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.c...oft_webscan.cab (Emsisoft Web Malware Scan)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ad...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84BB2E11-9558-430C-8909-EDB3C4C1FB8B}: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99500004-75DD-4DC2-A969-0129C59083B3}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/07 07:24:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/06/15 09:36:56 | 001,029,537 | ---- | M] () - H:\AutoClick.rar -- [ NTFS ]
O33 - MountPoints2\{1af53b09-c268-11e0-8308-003067a72b32}\Shell - "" = AutoRun
O33 - MountPoints2\{1af53b09-c268-11e0-8308-003067a72b32}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1af53b09-c268-11e0-8308-003067a72b32}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\Shell - "" = AutoRun
O33 - MountPoints2\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\Shell - "" = AutoRun
O33 - MountPoints2\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\Shell - "" = AutoRun
O33 - MountPoints2\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{d4b6eaa5-0add-11e2-869a-003067a72b32}\Shell - "" = AutoRun
O33 - MountPoints2\{d4b6eaa5-0add-11e2-869a-003067a72b32}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d4b6eaa5-0add-11e2-869a-003067a72b32}\Shell\AutoRun\command - "" = I:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/11 23:39:24 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/11 23:25:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/11 23:24:31 | 001,090,275 | ---- | C] (Farbar) -- C:\Documents and Settings\User\Desktop\FRST.exe
[2013/11/11 20:47:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/11 20:30:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/11/11 19:45:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/11/11 00:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2013/11/11 00:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2013/11/10 22:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2013/11/10 22:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/11/10 14:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/11/08 19:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\.android
[2013/11/08 19:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Wandoujia2
[2013/11/05 20:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Downloads
[2013/11/01 06:01:27 | 000,000,000 | ---D | C] -- C:\King of Lan Ling
[2013/10/30 21:30:24 | 000,000,000 | ---D | C] -- C:\Love of Seven Fairy Maidens
[2013/10/30 21:29:16 | 000,000,000 | ---D | C] -- C:\十二生肖传奇
[2013/10/24 14:28:14 | 000,478,032 | ---- | C] (PPTV) -- C:\WINDOWS\System32\PPTVSvc.dll
[2013/10/24 14:28:12 | 000,399,824 | ---- | C] (PPLive Corporation) -- C:\WINDOWS\System32\PPTVLauncher.exe
[2013/10/20 11:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/20 11:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2013/10/16 22:00:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Device
[2013/10/16 22:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\baiduAddr
[2013/10/16 22:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\快播软件
[2013/10/16 22:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\KuaiWan
[2013/10/16 21:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\QvodPlayer

========== Files - Modified Within 30 Days ==========

[2013/11/11 23:38:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/11 23:38:16 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/11 23:38:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/11 23:28:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/11 23:26:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/11/11 23:24:31 | 001,090,275 | ---- | M] (Farbar) -- C:\Documents and Settings\User\Desktop\FRST.exe
[2013/11/11 23:22:00 | 000,000,536 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/11 21:26:01 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003UA.job
[2013/11/11 20:47:22 | 001,085,542 | ---- | M] () -- C:\adwcleaner.exe
[2013/11/11 20:30:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/11/11 06:26:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003Core.job
[2013/11/11 06:13:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/11 05:50:44 | 000,248,578 | ---- | M] () -- C:\Documents and Settings\User\UTS.exe
[2013/11/10 22:00:44 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Football Manager 2014.url
[2013/11/10 20:32:27 | 000,216,064 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/10 17:01:34 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/11/10 13:15:27 | 000,000,138 | ---- | M] () -- C:\WINDOWS\vsfilter.INI
[2013/11/09 08:23:37 | 000,165,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/11/08 20:00:53 | 000,000,149 | ---- | M] () -- C:\WINDOWS\phw.ini
[2013/11/06 05:52:15 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
[2013/11/05 07:55:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/10/27 09:27:56 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\User\Application Data\coreavc.ini
[2013/10/24 14:28:14 | 000,478,032 | ---- | M] (PPTV) -- C:\WINDOWS\System32\PPTVSvc.dll
[2013/10/24 14:28:12 | 000,399,824 | ---- | M] (PPLive Corporation) -- C:\WINDOWS\System32\PPTVLauncher.exe
[2013/10/24 14:27:46 | 002,310,992 | ---- | M] () -- C:\WINDOWS\System32\shellfire.dll
[2013/10/21 21:36:12 | 000,000,004 | ---- | M] () -- C:\authres.html
[2013/10/18 20:32:06 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/10/16 22:00:40 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk

========== Files Created - No Company Name ==========

[2013/11/11 05:50:40 | 000,248,578 | ---- | C] () -- C:\Documents and Settings\User\UTS.exe
[2013/11/10 22:00:43 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Football Manager 2014.url
[2013/10/24 14:27:46 | 002,310,992 | ---- | C] () -- C:\WINDOWS\System32\shellfire.dll
[2013/10/16 22:00:40 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk
[2013/09/22 21:31:15 | 000,000,149 | ---- | C] () -- C:\WINDOWS\phw.ini
[2013/06/14 23:52:56 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2012/11/30 06:28:11 | 000,000,305 | ---- | C] () -- C:\WINDOWS\System32\bdsecushr.dat
[2012/10/07 14:08:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\vsfilter.INI
[2012/10/07 14:08:25 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\User\Application Data\coreavc.ini
[2012/02/16 12:48:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/23 17:13:02 | 000,601,390 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-343818398-179605362-1801674531-1003-0.dat
[2011/02/23 17:13:01 | 000,140,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/07 12:32:53 | 000,216,064 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011/01/07 12:29:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[2013/11/11 05:48:54 | 000,005,632 | -HS- | M] () -- C:\WINDOWS\assembly\GAC\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 11:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 11:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/01/07 07:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2013/01/20 21:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Application Data
[2011/01/11 12:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2013/07/07 01:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grid
[2013/11/10 14:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/01/20 21:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jlcm
[2011/01/07 07:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
[2013/10/16 22:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KuaiWan
[2012/04/27 21:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/02/08 15:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NatGeoGames
[2011/02/02 13:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2013/11/08 19:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2012/03/09 05:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/02/19 14:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2013/04/18 10:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/07/07 19:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2012/04/27 21:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Anarchy
[2011/10/20 07:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Awem
[2013/10/17 22:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\baiduAddr
[2011/01/20 13:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BlamGames
[2013/03/23 11:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Building the Great Wall of China
[2012/07/26 09:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CometPlayer
[2011/01/09 02:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Pro
[2011/09/09 23:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\dekovir
[2013/08/22 20:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\flvcd
[2012/06/08 17:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FMRTEv5
[2011/02/02 12:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Go-Go Gourmet Chef of the Year
[2013/04/16 23:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Happy Kingdom
[2013/07/22 23:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HipSoft
[2011/01/09 02:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IObit
[2011/01/07 07:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Kingsoft
[2012/09/28 22:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mipony
[2011/02/08 15:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NatGeoGames
[2011/02/02 13:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlayFirst
[2013/02/02 18:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPlive
[2013/11/09 08:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPStream
[2013/09/22 21:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPStreamSetup
[2013/07/05 22:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/08/09 20:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
[2011/02/19 14:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sports Interactive
[2011/01/08 15:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Supermarket Mania 2
[2013/11/10 18:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\tigerplayer
[2013/11/08 19:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Wandoujia2
[2013/09/11 20:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\youku

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/08/09 09:57:41 | 000,000,000 | ---D | M](C:\Program Files\??êó) -- C:\Program Files\˶Êó
[2012/08/09 09:57:41 | 000,000,000 | ---D | M](C:\Program Files\??êó) -- C:\Program Files\˶Êó
(C:\Program Files\??êó) -- C:\Program Files\˶Êó

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC386FD2
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63C68F03
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D2EA83

< End of report >


Here's the FRST.txt file:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01
Ran by User (administrator) on USER-8CE73256DD on 11-11-2013 23:40:30
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Shenzhen QVOD Technology Co.,Ltd) H:\Program Files\QvodPlayer\QvodTerminal.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(FS2YOU) C:\Program Files\GridService\peer.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(PPLive Corporation) C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Microsoft Corporation) C:\WINDOWS\system32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\ime\IMJP8_1\imjpmig.exe [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] ()
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM\...\Run: [QvodTerminal] - H:\Program Files\QvodPlayer\QvodTerminal.exe [1261184 2013-10-10] (Shenzhen QVOD Technology Co.,Ltd)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [Grid Service] - C:\Program Files\GridService\peer.exe [4993024 2008-12-31] (FS2YOU)
HKCU\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU\...\Run: [PPAP] - C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe [191840 2013-10-24] (PPLive Corporation)
HKCU\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKCU\...\Run: [Facebook Update] - C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
MountPoints2: {1af53b09-c268-11e0-8308-003067a72b32} - I:\Startme.exe
MountPoints2: {92e934f0-19ef-11e0-9bf7-00138f9363a1} - I:\AutoRun.exe
MountPoints2: {b9d0d698-19ec-11e0-9bf6-bfec7e776b98} - I:\AutoRun.exe
MountPoints2: {b9d0d69e-19ec-11e0-9bf6-bfec7e776b98} - I:\AutoRun.exe
MountPoints2: {d4b6eaa5-0add-11e2-869a-003067a72b32} - I:\Startme.exe
HKU\Default User\...\Run: [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soccernet.com/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - H:\Program Files\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} http://dl_dir.qq.com...MMInstaller.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.c...oft_webscan.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ad...ash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 C:\Program Files\YouKu\youkuclient\ikutm.dll [88320] (youku.com)
Winsock: Catalog9 02 C:\Program Files\YouKu\youkuclient\ikutm.dll [88320] (youku.com)
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 C:\Program Files\YouKu\youkuclient\ikutm.dll [88320] (youku.com)
Tcpip\Parameters: [DhcpNameServer] 202.156.1.16 218.186.2.16 218.186.2.6

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "urls_to_restore_on_startup": [
CHR DefaultSearchURL: (Web) - http://www.google.com
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Extension: (Google Docs) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\DOCUME~1\User\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] ()
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-05] (Nero AG)
R2 PPTVService; C:\WINDOWS\system32\PPTVSvc.dll [478032 2013-10-24] (PPTV)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\ \ \???\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 BIOS; C:\WINDOWS\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group)
R1 BS_I2cIo; C:\WINDOWS\system32\drivers\BS_I2cIo.sys [6272 2010-05-17] (BIOSTAR Group)
R1 FsVga; C:\Windows\System32\DRIVERS\fsvga.sys [12160 2001-08-23] (Microsoft Corporation)
S3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-04] ()
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R1 RapportCerberus_56758; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys [330960 2013-08-20] ()
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [148688 2013-09-10] (Trusteer Ltd.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [222416 2013-09-10] (Trusteer Ltd.)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-30] (Almico Software)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [x]
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-11 23:39 - 2013-11-11 23:39 - 00000000 ____D C:\FRST
2013-11-11 23:25 - 2013-11-11 23:25 - 00000000 ____D C:\_OTL
2013-11-11 23:24 - 2013-11-11 23:24 - 01090275 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2013-11-11 20:47 - 2013-11-11 20:49 - 00000000 ____D C:\AdwCleaner
2013-11-11 20:41 - 2013-11-11 20:41 - 00096478 _____ C:\OTL.Txt
2013-11-11 20:41 - 2013-11-11 20:41 - 00036430 _____ C:\Extras.Txt
2013-11-11 20:30 - 2013-11-11 20:30 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2013-11-11 19:45 - 2013-11-11 19:45 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-11-11 05:50 - 2013-11-11 05:50 - 00248578 _____ C:\Documents and Settings\User\UTS.exe
2013-11-11 00:03 - 2013-11-11 00:03 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
2013-11-11 00:03 - 2013-11-11 00:03 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Real
2013-11-10 22:56 - 2013-11-10 22:56 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2013-11-10 22:56 - 2013-11-10 22:56 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-11-10 22:56 - 2013-11-10 22:56 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-11-10 22:00 - 2013-11-10 22:00 - 00000216 _____ C:\Documents and Settings\User\Desktop\Football Manager 2014.url
2013-11-10 14:00 - 2013-11-10 14:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\InstallMate
2013-11-08 19:46 - 2013-11-08 19:46 - 00000000 ____D C:\Documents and Settings\User\Application Data\Wandoujia2
2013-11-08 19:46 - 2013-11-08 19:46 - 00000000 ____D C:\Documents and Settings\User\.android
2013-11-01 06:01 - 2013-11-02 22:31 - 00000000 ____D C:\King of Lan Ling
2013-10-31 21:12 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2013-10-31 21:12 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2013-10-31 21:12 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2013-10-31 21:12 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2013-10-31 21:12 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2013-10-31 21:12 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2013-10-31 21:12 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2013-10-31 21:12 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2013-10-31 21:12 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2013-10-31 21:12 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2013-10-31 21:12 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2013-10-31 21:12 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2013-10-31 21:12 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2013-10-31 21:12 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2013-10-31 21:12 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2013-10-31 21:12 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2013-10-31 21:12 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2013-10-31 21:12 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2013-10-31 21:12 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2013-10-30 21:30 - 2013-11-11 06:38 - 00000000 ____D C:\Love of Seven Fairy Maidens
2013-10-30 21:29 - 2013-11-04 00:08 - 00000000 ____D C:\十二生肖传奇
2013-10-24 14:28 - 2013-10-24 14:28 - 00478032 _____ (PPTV) C:\WINDOWS\system32\PPTVSvc.dll
2013-10-24 14:28 - 2013-10-24 14:28 - 00399824 _____ (PPLive Corporation) C:\WINDOWS\system32\PPTVLauncher.exe
2013-10-24 14:27 - 2013-10-24 14:27 - 02310992 _____ C:\WINDOWS\system32\shellfire.dll
2013-10-20 11:25 - 2013-10-20 11:25 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-20 11:25 - 2013-10-20 11:25 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-20 11:25 - 2013-10-20 11:25 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-20 11:25 - 2013-10-20 11:25 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-20 11:25 - 2013-10-20 11:25 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-20 11:25 - 2013-10-20 11:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-16 22:00 - 2013-10-17 22:19 - 00000000 ____D C:\Documents and Settings\User\Application Data\baiduAddr
2013-10-16 22:00 - 2013-10-16 22:00 - 00000000 ___HD C:\Documents and Settings\All Users\Device
2013-10-16 22:00 - 2013-10-16 22:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\快播软件
2013-10-16 22:00 - 2013-10-16 22:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\KuaiWan
2013-10-16 21:59 - 2013-10-16 21:59 - 00000000 ____D C:\Documents and Settings\All Users\QvodPlayer

==================== One Month Modified Files and Folders =======

2013-11-11 23:39 - 2013-11-11 23:39 - 00000000 ____D C:\FRST
2013-11-11 23:38 - 2013-08-09 11:13 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-11 23:38 - 2011-12-31 11:03 - 00000000 ____D C:\FavoriteVideo
2013-11-11 23:38 - 2011-01-07 07:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-11 23:38 - 2011-01-07 07:23 - 01338964 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-11 23:38 - 2011-01-06 23:00 - 00000157 _____ C:\WINDOWS\wiadebug.log
2013-11-11 23:38 - 2011-01-06 23:00 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-11 23:38 - 2001-08-23 20:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-11 23:37 - 2011-01-07 07:28 - 00032588 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-11 23:37 - 2011-01-07 07:28 - 00000178 ___SH C:\Documents and Settings\User\ntuser.ini
2013-11-11 23:28 - 2013-08-09 11:13 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-11 23:25 - 2013-11-11 23:25 - 00000000 ____D C:\_OTL
2013-11-11 23:25 - 2011-01-06 22:55 - 00364375 _____ C:\WINDOWS\setupapi.log
2013-11-11 23:24 - 2013-11-11 23:24 - 01090275 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2013-11-11 23:23 - 2011-01-07 12:41 - 00000000 ____D C:\Program Files\BitComet
2013-11-11 23:22 - 2012-07-19 05:48 - 00000536 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-11 21:26 - 2012-03-15 09:16 - 00000994 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003UA.job
2013-11-11 20:52 - 2011-01-07 12:32 - 00000000 ____D C:\Program Files\gogobox
2013-11-11 20:50 - 2013-08-14 19:25 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-11-11 20:49 - 2013-11-11 20:47 - 00000000 ____D C:\AdwCleaner
2013-11-11 20:47 - 2013-07-06 22:27 - 01085542 _____ C:\adwcleaner.exe
2013-11-11 20:41 - 2013-11-11 20:41 - 00096478 _____ C:\OTL.Txt
2013-11-11 20:41 - 2013-11-11 20:41 - 00036430 _____ C:\Extras.Txt
2013-11-11 20:30 - 2013-11-11 20:30 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2013-11-11 19:47 - 2013-08-09 11:13 - 00000000 ____D C:\Program Files\Google
2013-11-11 19:45 - 2013-11-11 19:45 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2013-11-11 19:45 - 2013-08-09 11:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google
2013-11-11 19:45 - 2013-03-30 10:42 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Google
2013-11-11 06:54 - 2011-01-09 12:12 - 00000000 ____D C:\WINDOWS\ie8updates
2013-11-11 06:38 - 2013-10-30 21:30 - 00000000 ____D C:\Love of Seven Fairy Maidens
2013-11-11 06:26 - 2012-03-15 09:16 - 00000972 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003Core.job
2013-11-11 06:13 - 2011-01-07 07:41 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-11-11 05:50 - 2013-11-11 05:50 - 00248578 _____ C:\Documents and Settings\User\UTS.exe
2013-11-11 00:03 - 2013-11-11 00:03 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
2013-11-11 00:03 - 2013-11-11 00:03 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Real
2013-11-10 23:47 - 2013-08-08 23:26 - 00000000 ____D C:\Documents and Settings\User\My Documents\Sports Interactive
2013-11-10 23:01 - 2011-01-07 07:28 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-11-10 22:56 - 2013-11-10 22:56 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2013-11-10 22:56 - 2013-11-10 22:56 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-11-10 22:56 - 2013-11-10 22:56 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-11-10 22:44 - 2011-02-17 13:55 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Sports Interactive
2013-11-10 22:44 - 2011-02-17 13:55 - 00000000 ____D C:\Documents and Settings\All Users\Documents\Sports Interactive
2013-11-10 22:30 - 2012-05-25 20:39 - 00000000 ____D C:\Documents and Settings\User\Start Menu\Programs\Steam
2013-11-10 22:00 - 2013-11-10 22:00 - 00000216 _____ C:\Documents and Settings\User\Desktop\Football Manager 2014.url
2013-11-10 20:32 - 2011-01-07 12:32 - 00216064 _____ C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-10 18:01 - 2011-01-07 12:29 - 00000000 ____D C:\Documents and Settings\User\Application Data\tigerplayer
2013-11-10 17:01 - 2013-10-11 05:56 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-11-10 14:36 - 2011-01-07 07:58 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Adobe
2013-11-10 14:35 - 2012-03-30 05:50 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-10 14:35 - 2011-06-06 05:51 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-10 14:00 - 2013-11-10 14:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\InstallMate
2013-11-10 13:39 - 2012-10-07 14:06 - 00000000 ____D C:\baidu player
2013-11-10 13:15 - 2012-10-07 14:08 - 00000138 _____ C:\WINDOWS\vsfilter.INI
2013-11-09 11:35 - 2012-11-13 12:07 - 00011563 _____ C:\Documents and Settings\User\Desktop\[HDzone][ATV][1996][撞到正][林文龍+文頌娴][國語全30集][DVD-RMVB][1].txt
2013-11-09 08:23 - 2013-09-22 21:13 - 00000000 ____D C:\Documents and Settings\User\Application Data\PPStream
2013-11-09 08:23 - 2011-01-06 22:54 - 00165912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-11-08 20:23 - 2011-01-07 07:42 - 00036472 _____ C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-11-08 20:00 - 2013-09-22 21:31 - 00000149 _____ C:\WINDOWS\phw.ini
2013-11-08 19:46 - 2013-11-08 19:46 - 00000000 ____D C:\Documents and Settings\User\Application Data\Wandoujia2
2013-11-08 19:46 - 2013-11-08 19:46 - 00000000 ____D C:\Documents and Settings\User\.android
2013-11-08 19:42 - 2013-01-20 21:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PPLive
2013-11-08 19:42 - 2011-12-31 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PPLive
2013-11-08 19:41 - 2011-12-31 10:39 - 00000000 ____D C:\Program Files\PPLive
2013-11-08 19:41 - 2011-12-31 10:17 - 00000000 ____D C:\Program Files\Common Files\PPLiveNetwork
2013-11-07 23:01 - 2011-01-14 12:21 - 00000000 ____D C:\Documents and Settings\User\My Documents\FFOutput
2013-11-06 05:52 - 2012-03-09 05:50 - 00001739 _____ C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
2013-11-06 05:52 - 2011-08-09 20:58 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Sony
2013-11-06 05:52 - 2011-08-09 20:12 - 00833968 _____ C:\WINDOWS\DPINST.LOG
2013-11-06 05:51 - 2011-04-30 18:09 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-05 07:55 - 2011-08-09 20:39 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-11-04 00:08 - 2013-10-30 21:29 - 00000000 ____D C:\十二生肖传奇
2013-11-02 22:31 - 2013-11-01 06:01 - 00000000 ____D C:\King of Lan Ling
2013-10-31 21:12 - 2011-01-07 07:22 - 00000000 ____D C:\WINDOWS\system32\DirectX
2013-10-29 20:30 - 2013-02-27 05:47 - 00000000 ____D C:\Documents and Settings\User\Application Data\Apple Computer
2013-10-27 14:26 - 2011-01-07 07:20 - 00062220 _____ C:\WINDOWS\wmsetup.log
2013-10-27 14:21 - 2012-10-17 20:50 - 00000000 ____D C:\Night Market Life
2013-10-27 09:27 - 2012-10-07 14:08 - 00000954 _____ C:\Documents and Settings\User\Application Data\coreavc.ini
2013-10-25 06:57 - 2011-01-06 22:55 - 00187431 _____ C:\WINDOWS\setupact.log
2013-10-24 14:28 - 2013-10-24 14:28 - 00478032 _____ (PPTV) C:\WINDOWS\system32\PPTVSvc.dll
2013-10-24 14:28 - 2013-10-24 14:28 - 00399824 _____ (PPLive Corporation) C:\WINDOWS\system32\PPTVLauncher.exe
2013-10-24 14:27 - 2013-10-24 14:27 - 02310992 _____ C:\WINDOWS\system32\shellfire.dll
2013-10-21 21:36 - 2011-01-13 21:55 - 00000004 _____ C:\authres.html
2013-10-20 11:25 - 2013-10-20 11:25 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-20 11:25 - 2013-10-20 11:25 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-20 11:25 - 2013-10-20 11:25 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-20 11:25 - 2013-10-20 11:25 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-20 11:25 - 2013-10-20 11:25 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-20 11:25 - 2013-10-20 11:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-20 11:25 - 2012-06-30 16:09 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-18 20:32 - 2013-08-09 11:13 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-10-18 05:46 - 2011-01-06 22:48 - 00000000 ____D C:\WINDOWS\Connection Wizard
2013-10-17 22:19 - 2013-10-16 22:00 - 00000000 ____D C:\Documents and Settings\User\Application Data\baiduAddr
2013-10-16 22:00 - 2013-10-16 22:00 - 00000000 ___HD C:\Documents and Settings\All Users\Device
2013-10-16 22:00 - 2013-10-16 22:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\快播软件
2013-10-16 22:00 - 2013-10-16 22:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\KuaiWan
2013-10-16 21:59 - 2013-10-16 21:59 - 00000000 ____D C:\Documents and Settings\All Users\QvodPlayer
2013-10-14 06:41 - 2011-01-07 12:29 - 00000000 ____D C:\WINDOWS\Microsoft.NET

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Documents and Settings\User\Local Settings\Application Data\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
C:\Documents and Settings\User\UTS.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== End Of Log ============================


Here's the Addition.txt file:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2013 01
Ran by User at 2013-11-11 23:41:20
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

56ican 版本 2.0.8.0 (Version: 2.0.8.0)
7 Wonders Magical Mystery Tour 1.00
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Airline Baggage Mania 1.00 (Version: 1.00)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
BaiduPlayer1.17.0.172 (Version: 1.17.0)
Ballad of Solar 1.00 (Version: 1.00)
Be Richest 1.00
BiosNotice
BitComet 1.07 (Version: 1.07)
Blooming Daisies 1.00
BrowseToSave (Version: 1.0)
Build a lot 6 On Vacation 1.2
Build a lot Fairy Tales 1.00
Building the Great Wall of China 1.00 (Version: 1.00)
Chinese Traditional Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Coffee Rush 3 1.00
Cooking Dash 3 Thrills and Spills Collectors Edition 1.00
CPUID HWMonitor 1.17
Cradle Of Egypt Collectors Edition 1.00
Cradle Of Rome 2 1.00
Dragon Empire
Easy St. Tycoon
EZDownloader (Version: 1.0)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
FileHippo.com Update Checker
Fishers Family Farm 1.00
FMRTE (Version: 4.1.2)
FMRTE 5.2.4 (Version: 5.2.4)
Football Manager 2012
Football Manager 2012 Editor
Football Manager 2012 Resource Archiver
Football Manager 2014
Football Manager 2014 Editor
Football Manager 2014 Resource Archiver
FormatFactory (Version: 1.60)
FormatFactory 3.0.1 (Version: 3.0.1)
FPE 2001
Go-Go Gourmet 2 - Chef of the Year (Version: 1.0)
GOGOBOX (Version: 2.0.7.3)
Google Chrome (Version: 30.0.1599.101)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.165)
Happy Kingdom 1.0 (Version: 1.0)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.5241)
iTudou 2.6.10.0 (Version: 2.6.10.0)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 37 (Version: 6.0.370)
Jewel Quest 6 The Sapphire Dragon Collectors Edition 1.00
Kingsoft Office 2010 (6.6.0.2496) (Version: 6.6.0.2496)
Mahjong Royal Towers 1.00 (Version: 1.00)
Mahjongg - Legends of the Tiles
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Media Go (Version: 1.8.121)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MiPony 1.3.0 (Version: 1.3.0)
MpcStar 4.9 (Version: 4.9)
Nero Burning ROM 10 (Version: 10.2.11000.12.100)
Nero Burning ROM 10 (Version: 10.5.10300)
Nero BurningROM 10 Help (CHM) (Version: 10.5.10100)
Nero BurnRights 10 (Version: 4.2.10300.0.102)
Nero BurnRights 10 Help (CHM) (Version: 10.5.10000)
Nero Control Center 10 (Version: 10.2.10600.0.6)
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000)
Nero Core Components 10 (Version: 2.0.17400.8.2)
Nero Update (Version: 1.0.0018)
NVIDIA Drivers
Oriental Dreams
PlayStation®Network Downloader (Version: 2.06.00741)
PlayStation®Store (Version: 4.3.3.12540)
PPLite 1.0.0.0082
PPTV V3.4.0.0111 (Version: 3.4.0)
QuickTime (Version: 7.73.80.64)
Rapport (Version: 3.5.1302.61)
RaySource 2.2.0.1 (Version: 2.2.0.1)
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.30.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.6215)
Snap.Do (Version: 1.161.1.12640)
Snap.Do Engine (HKCU Version: 1.161.1.12640)
Sony Ericsson Update Engine (Version: 2.13.7.201306141231)
Sony PC Companion 2.10.181 (Version: 2.10.181)
SopCast 3.2.9 (Version: 3.2.9)
SpeedFan (remove only)
Steam (Version: 1.0.0.0)
Supermarket Mania 2 1.00
Trade Mania 1.00
Trusteer Endpoint Protection (Version: 3.5.1302.61)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VLC media player 0.9.8a (Version: 0.9.8a)
vShare.tv plugin 1.3 (Version: 1.3)
WebFldrs XP (Version: 9.50.7523)
WhoCrashed 3.01
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
winniethepoohcur (Version: 1.0.0)
WinRAR 壓縮工具
Youku iku (Version: 1.7.0.517)
优酷客户端 (Version: 4.0.1.7040)
快播 5.16.151 (Version: 5.16.151)
手机顽童圣诞特别版
搜狐影音 (Version: 4.0.0.54)
搜狐影音3.1.0.0
硕鼠 0.4.7.6 正式版 (Version: 0.4.7.6 正式版)
腾讯视频 (Version: 8.42.6278.0)
金庸群侠苍龙版
鼠标连点器 2.0 (Version: 2.0)

==================== Restore Points =========================

11-11-2013 15:25:50 OTL Restore Point - 11/11/2013 11:25:46 PM

==================== Hosts content: ==========================

2001-08-23 20:00 - 2013-11-11 23:26 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003Core.job => C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003UA.job => C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Loaded Modules (whitelisted) =============

2013-07-07 19:42 - 2013-08-20 05:52 - 00991984 _____ () C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2011-01-07 14:56 - 2010-03-16 10:53 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2013-09-02 18:19 - 2013-09-02 18:19 - 04218288 _____ () H:\Program Files\QvodPlayer\QvodRes.dll
2013-09-26 17:55 - 2013-09-26 17:55 - 00137648 _____ () H:\Program Files\QvodPlayer\NetUtil.dll
2011-08-09 20:11 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2011-08-09 20:11 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2012-07-17 10:56 - 2012-07-17 10:56 - 00587776 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
2011-08-09 20:11 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files\Sony\Sony PC Companion\VObject.dll
2013-10-24 14:27 - 2013-10-24 14:27 - 00568656 _____ () C:\Program Files\Common Files\PPLiveNetwork\3.4.0.0111\MngModule.dll
2013-10-24 14:20 - 2013-11-08 19:44 - 00493968 _____ () C:\Program Files\Common Files\PPLiveNetwork\3.4.0.0111\tipsclient.dll
2013-11-08 19:43 - 2013-11-08 19:43 - 00108960 _____ () C:\Program Files\Common Files\PPLiveNetwork\3.4.0.0111\tipsdone.dll
2013-11-08 19:46 - 2013-11-08 19:46 - 00180560 _____ () C:\Program Files\Common Files\PPLiveNetwork\3.4.0.0111\tipsflash.dll
2013-09-02 18:19 - 2013-09-02 18:19 - 00243752 _____ () H:\Program Files\QvodPlayer\QvodImageInfo.dll
2013-09-02 18:19 - 2013-09-02 18:19 - 03069568 _____ () H:\Program Files\QvodPlayer\image_hash.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:38D2EA83
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:63C68F03
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CC386FD2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2013 07:45:29 PM) (Source: MsiInstaller) (User: USER-8CE73256DD)
Description: Product: Google Toolbar for Internet Explorer -- Disk full: Out of disk space -- Volume: 'C:'; required space: -8 KB; available space: 0 KB. Free some disk space and retry.

Error: (11/11/2013 07:33:29 PM) (Source: Application Error) (User: )
Description: Faulting application cradleofrome2.exe, version 1.0.2.1978, faulting module , version 0.0.0.0, fault address 0x0001d942.
Processing media-specific event for [cradleofrome2.exe!ws!]

Error: (11/11/2013 06:35:14 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/11/2013 06:04:33 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/11/2013 03:26:05 AM) (Source: Google Update) (User: USER-8CE73256DD)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801

Error: (11/10/2013 09:44:42 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10003.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (11/10/2013 08:31:47 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module realmediasplitter.ax, version 1.0.1.2, fault address 0x00005983.
Processing media-specific event for [explorer.exe!ws!]

Error: (11/10/2013 07:24:29 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x0321c51e.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/10/2013 07:24:24 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x0379c51e.
Processing media-specific event for [iexplore.exe!ws!]

Error: (11/10/2013 07:21:59 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x0541c51e.
Processing media-specific event for [iexplore.exe!ws!]


System errors:
=============
Error: (11/11/2013 11:39:47 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (11/11/2013 11:39:47 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%1920

Error: (11/11/2013 11:25:36 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).

Error: (11/11/2013 11:25:35 PM) (Source: Service Control Manager) (User: )
Description: The @C:\Program Files\Nero\Update\NASvc.exe,-200 service terminated unexpectedly. It has done this 1 time(s).

Error: (11/11/2013 11:25:35 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (11/11/2013 08:52:23 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AliIde

Error: (11/11/2013 08:52:23 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (11/11/2013 08:52:23 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%1920

Error: (11/11/2013 07:49:22 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (11/11/2013 07:49:22 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%1920


Microsoft Office Sessions:
=========================
Error: (11/11/2013 07:45:29 PM) (Source: MsiInstaller)(User: USER-8CE73256DD)
Description: Product: Google Toolbar for Internet Explorer -- Disk full: Out of disk space -- Volume: 'C:'; required space: -8 KB; available space: 0 KB. Free some disk space and retry.(NULL)(NULL)(NULL)(NULL)

Error: (11/11/2013 07:33:29 PM) (Source: Application Error)(User: )
Description: cradleofrome2.exe1.0.2.19780.0.0.00001d942

Error: (11/11/2013 06:35:14 AM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.1hungapp0.0.0.000000000

Error: (11/11/2013 06:04:33 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (11/11/2013 03:26:05 AM) (Source: Google Update)(User: USER-8CE73256DD)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801

Error: (11/10/2013 09:44:42 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10003.0mpengine0unspecifiedNILNILNIL

Error: (11/10/2013 08:31:47 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512realmediasplitter.ax1.0.1.200005983

Error: (11/10/2013 07:24:29 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.00321c51e

Error: (11/10/2013 07:24:24 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.00379c51e

Error: (11/10/2013 07:21:59 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.00541c51e


==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 3037.17 MB
Available physical RAM: 2213.4 MB
Total Pagefile: 4922.99 MB
Available Pagefile: 4222.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.87 GB) (Free:24.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (DATA) (Fixed) (Total:232.88 GB) (Free:5.28 GB) NTFS
Drive f: (HT250GB_1) (Fixed) (Total:58.59 GB) (Free:0.48 GB) NTFS
Drive g: (HT250GB_2) (Fixed) (Total:174.29 GB) (Free:0.14 GB) NTFS
Drive h: (Maxtor) (Fixed) (Total:189.92 GB) (Free:3.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 82BE65FC)
Partition 1: (Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=174 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 7AA57AA5)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 190 GB) (Disk ID: 844D9B2F)
Partition 1: (Not Active) - (Size=190 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Thank you.

[Essexboy]

Didn't think it would kill it

Download the attached fixlist.txt to the same location as FRST
[attachment=67574:fixlist.txt]
Run FRST and press fix
Once it has completed a log will be generated please post that.


Then re-run OTL with the following script, only one log will be generated

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
  
  
• Select All Users
• Select LOP and Purity
• Under the Custom Scan box paste this in
  
  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  c:\program files (x86)\Google\Desktop
  c:\program files\Google\Desktop
  dir "%systemdrive%\*" /S /A:L /C
  CREATERESTOREPOINT
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open one notepad window.
• Attach both logs

[dif4]

Hi,

Here's the FRST log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2013 01
Ran by User at 2013-11-12 19:30:02 Run:1
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\ \ \???\{2b7fb92b-5d5c-3ba4-2663-1d0a87e81ccc}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Documents and Settings\User\Local Settings\Application Data\Google\Desktop
C:\Program Files\Google\Desktop
C:\Documents and Settings\User\UTS.exe
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


*****************

Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5 entry 000000000003\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
*etadpug => Service deleted successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Google\Desktop => Moved successfully.
C:\Program Files\Google\Desktop => Moved successfully.
C:\Documents and Settings\User\UTS.exe => Moved successfully.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Antimalware" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\DbgHelp.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\EppManifest.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\LegitLib.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpOAv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Setup.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SetupRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\sqmapi.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.


The system needs a manual reboot.

==== End of Fixlog ====


For OTL, I noticed that in your screenshot, there's "Include 64-bit scans" and for the OTL on my computer, there's no option on this. Here's the OTL log:

OTL logfile created on: 11/12/2013 7:31:22 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 77.95% Memory free
4.81 Gb Paging File | 4.27 Gb Available in Paging File | 88.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.87 Gb Total Space | 28.28 Gb Free Space | 12.14% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 5.06 Gb Free Space | 2.17% Space Free | Partition Type: NTFS
Drive F: | 58.59 Gb Total Space | 0.48 Gb Free Space | 0.81% Space Free | Partition Type: NTFS
Drive G: | 174.29 Gb Total Space | 0.14 Gb Free Space | 0.08% Space Free | Partition Type: NTFS
Drive H: | 189.92 Gb Total Space | 3.42 Gb Free Space | 1.80% Space Free | Partition Type: NTFS

Computer Name: USER-8CE73256DD | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/11 20:30:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2013/10/24 14:27:22 | 000,191,840 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2013/10/20 11:25:02 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/10/10 18:39:12 | 001,261,184 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- H:\Program Files\QvodPlayer\QvodTerminal.exe
PRC - [2013/09/10 23:18:16 | 002,476,312 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/09/10 23:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/05/29 11:34:28 | 000,449,248 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2010/05/05 04:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2008/12/31 01:53:48 | 004,993,024 | ---- | M] (FS2YOU) -- C:\Program Files\GridService\peer.exe
PRC - [2008/04/14 11:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 11:42:16 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/08 19:46:14 | 000,180,560 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\3.4.0.0111\tipsflash.dll
MOD - [2013/11/08 19:44:19 | 000,493,968 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\3.4.0.0111\tipsclient.dll
MOD - [2013/11/08 19:43:24 | 000,108,960 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\3.4.0.0111\tipsdone.dll
MOD - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013/10/24 14:27:08 | 000,568,656 | ---- | M] () -- C:\Program Files\Common Files\PPLiveNetwork\3.4.0.0111\MngModule.dll
MOD - [2013/09/26 17:55:04 | 000,137,648 | ---- | M] () -- H:\Program Files\QvodPlayer\NetUtil.dll
MOD - [2013/09/13 10:02:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2013/09/02 18:19:24 | 003,069,568 | ---- | M] () -- H:\Program Files\QvodPlayer\image_hash.dll
MOD - [2013/09/02 18:19:18 | 004,218,288 | ---- | M] () -- H:\Program Files\QvodPlayer\QvodRes.dll
MOD - [2013/09/02 18:19:18 | 000,243,752 | ---- | M] () -- H:\Program Files\QvodPlayer\QvodImageInfo.dll
MOD - [2013/08/20 05:52:10 | 000,991,984 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/07/17 10:56:14 | 000,587,776 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/04/30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011/07/07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\Report.dll
MOD - [2010/01/11 15:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\VObject.dll


========== Services (SafeList) ==========

SRV - [2013/11/10 14:35:30 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/24 14:28:14 | 000,478,032 | ---- | M] (PPTV) [Auto | Running] -- C:\WINDOWS\system32\PPTVSvc.dll -- (PPTVService)
SRV - [2013/10/20 11:25:02 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/09/10 23:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/08/12 10:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/05 04:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/09/10 23:18:28 | 000,222,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/09/10 23:18:28 | 000,148,688 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/09/10 23:18:28 | 000,097,008 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/08/20 05:52:05 | 000,330,960 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys -- (RapportCerberus_56758)
DRV - [2012/12/30 04:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2012/07/21 19:42:37 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/07/21 19:42:37 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/10/05 18:11:24 | 006,164,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/09/09 15:13:02 | 000,234,728 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/05/17 17:11:22 | 000,006,272 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/04/08 03:32:48 | 000,116,224 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/04/14 08:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/03/16 14:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2001/08/23 20:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=11/11/2013

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=11/11/2013

IE - HKU\S-1-5-21-343818398-179605362-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-343818398-179605362-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-343818398-179605362-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.soccernet.com/
IE - HKU\S-1-5-21-343818398-179605362-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-343818398-179605362-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-343818398-179605362-1801674531-1003\..\SearchScopes,DefaultScope = {F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}
IE - HKU\S-1-5-21-343818398-179605362-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-343818398-179605362-1801674531-1003\..\SearchScopes\{F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}: "URL" = http://www.google.co...1I7NDKB_enSG548
IE - HKU\S-1-5-21-343818398-179605362-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: H:\Program Files\Baidu\BaiduPlayer\1.17.0.172\npxbdyy.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\3.4.0.0111\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/QQlive: C:\Program Files\Tencent\QQLive\LiveOcx\npQQLive.dll File not found
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: H:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: H:\Program Files\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@sohu.com/npifox: H:\Program Files\搜狐影音\npifox.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@www.56.com/56icanplugin: H:\Program Files\56ican\np56icanplugin.dll (www.56.com)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: H:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: H:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)



========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: First user (Enabled) = H:\Program Files\鎼滅嫄褰遍煶\npifox.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/11/11 23:26:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - H:\Program Files\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QvodTerminal] H:\Program Files\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
O4 - HKU\S-1-5-21-343818398-179605362-1801674531-1003..\Run: [Facebook Update] C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-343818398-179605362-1801674531-1003..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKU\S-1-5-21-343818398-179605362-1801674531-1003..\Run: [Grid Service] C:\Program Files\GridService\peer.exe (FS2YOU)
O4 - HKU\S-1-5-21-343818398-179605362-1801674531-1003..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-343818398-179605362-1801674531-1003..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKU\S-1-5-21-343818398-179605362-1801674531-1003..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-179605362-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &使用FLVCD获取本页视频的下载地址 - C:\Documents and Settings\User\Application Data\flvcd\flvcd_link.htm ()
O8 - Extra context menu item: &使用FLVCD获取该视频的下载地址 - C:\Documents and Settings\User\Application Data\flvcd\flvcd_href.htm ()
O8 - Extra context menu item: Download with Mipony - H:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: 使用快播按图找片 - H:\Program Files\QvodPlayer\AddIn\ImgSeed.htm ()
O8 - Extra context menu item: 收藏到搜狐影音 - Reg Error: Value error. File not found
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\YouKu\youkuclient\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\YouKu\youkuclient\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\YouKu\youkuclient\ikutm.dll (youku.com)
O15 - HKLM\..Trusted Domains: gogobox.com.tw ([]gb2 in Trusted sites)
O15 - HKLM\..Trusted Domains: gogobox.com.tw ([]http in Trusted sites)
O16 - DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} http://dl_dir.qq.com...MMInstaller.cab (InstallHelper Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.c...oft_webscan.cab (Emsisoft Web Malware Scan)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ad...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84BB2E11-9558-430C-8909-EDB3C4C1FB8B}: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99500004-75DD-4DC2-A969-0129C59083B3}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/07 07:24:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/06/15 09:36:56 | 001,029,537 | ---- | M] () - H:\AutoClick.rar -- [ NTFS ]
O33 - MountPoints2\{1af53b09-c268-11e0-8308-003067a72b32}\Shell - "" = AutoRun
O33 - MountPoints2\{1af53b09-c268-11e0-8308-003067a72b32}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1af53b09-c268-11e0-8308-003067a72b32}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\Shell - "" = AutoRun
O33 - MountPoints2\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\Shell - "" = AutoRun
O33 - MountPoints2\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\Shell - "" = AutoRun
O33 - MountPoints2\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{d4b6eaa5-0add-11e2-869a-003067a72b32}\Shell - "" = AutoRun
O33 - MountPoints2\{d4b6eaa5-0add-11e2-869a-003067a72b32}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d4b6eaa5-0add-11e2-869a-003067a72b32}\Shell\AutoRun\command - "" = I:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Remoteaccess - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: BITS - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/11/12 07:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2013/11/12 06:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2013/11/11 23:39:24 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/11 23:25:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/11 23:24:31 | 001,090,275 | ---- | C] (Farbar) -- C:\Documents and Settings\User\Desktop\FRST.exe
[2013/11/11 20:47:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/11 20:30:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/11/11 19:45:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/11/11 00:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2013/11/11 00:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2013/11/10 22:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2013/11/10 22:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/11/10 14:00:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/11/08 19:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\.android
[2013/11/08 19:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Wandoujia2
[2013/11/05 20:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\Downloads
[2013/11/01 06:01:27 | 000,000,000 | ---D | C] -- C:\King of Lan Ling
[2013/10/31 21:12:47 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2013/10/31 21:12:47 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2013/10/31 21:12:46 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2013/10/31 21:12:46 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2013/10/31 21:12:45 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2013/10/31 21:12:45 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2013/10/31 21:12:44 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2013/10/31 21:12:44 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2013/10/31 21:12:43 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2013/10/31 21:12:43 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2013/10/31 21:12:42 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2013/10/31 21:12:41 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2013/10/31 21:12:41 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2013/10/31 21:12:40 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2013/10/31 21:12:39 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2013/10/31 21:12:39 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2013/10/31 21:12:38 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2013/10/31 21:12:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2013/10/31 21:12:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2013/10/30 21:30:24 | 000,000,000 | ---D | C] -- C:\Love of Seven Fairy Maidens
[2013/10/30 21:29:16 | 000,000,000 | ---D | C] -- C:\十二生肖传奇
[2013/10/24 14:28:14 | 000,478,032 | ---- | C] (PPTV) -- C:\WINDOWS\System32\PPTVSvc.dll
[2013/10/24 14:28:12 | 000,399,824 | ---- | C] (PPLive Corporation) -- C:\WINDOWS\System32\PPTVLauncher.exe
[2013/10/20 11:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/20 11:25:25 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/10/20 11:25:16 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/10/20 11:25:16 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/10/20 11:25:16 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/10/20 11:25:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2013/10/16 22:00:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Device
[2013/10/16 22:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\baiduAddr
[2013/10/16 22:00:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\快播软件
[2013/10/16 22:00:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\KuaiWan
[2013/10/16 21:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\QvodPlayer

========== Files - Modified Within 30 Days ==========

[2013/11/12 19:28:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/12 19:22:00 | 000,000,536 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/12 18:26:01 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003UA.job
[2013/11/12 14:40:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/12 14:40:01 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/12 14:39:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/12 06:26:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003Core.job
[2013/11/12 06:09:56 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comet Player.lnk
[2013/11/11 23:26:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/11/11 23:24:31 | 001,090,275 | ---- | M] (Farbar) -- C:\Documents and Settings\User\Desktop\FRST.exe
[2013/11/11 20:47:22 | 001,085,542 | ---- | M] () -- C:\adwcleaner.exe
[2013/11/11 20:30:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2013/11/11 06:13:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/10 22:00:44 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Football Manager 2014.url
[2013/11/10 20:32:27 | 000,216,064 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/10 17:01:34 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/11/10 14:35:29 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/11/10 14:35:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/11/10 13:15:27 | 000,000,138 | ---- | M] () -- C:\WINDOWS\vsfilter.INI
[2013/11/09 08:23:37 | 000,165,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/11/08 20:00:53 | 000,000,149 | ---- | M] () -- C:\WINDOWS\phw.ini
[2013/11/06 05:52:15 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
[2013/11/05 07:55:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/10/27 09:27:56 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\User\Application Data\coreavc.ini
[2013/10/24 14:28:14 | 000,478,032 | ---- | M] (PPTV) -- C:\WINDOWS\System32\PPTVSvc.dll
[2013/10/24 14:28:12 | 000,399,824 | ---- | M] (PPLive Corporation) -- C:\WINDOWS\System32\PPTVLauncher.exe
[2013/10/24 14:27:46 | 002,310,992 | ---- | M] () -- C:\WINDOWS\System32\shellfire.dll
[2013/10/21 21:36:12 | 000,000,004 | ---- | M] () -- C:\authres.html
[2013/10/20 11:25:04 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/10/20 11:25:01 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/10/20 11:25:01 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/10/20 11:25:01 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/10/20 11:25:00 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/10/18 20:32:06 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/10/16 22:00:40 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk

========== Files Created - No Company Name ==========

[2013/11/10 22:00:43 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Football Manager 2014.url
[2013/10/24 14:27:46 | 002,310,992 | ---- | C] () -- C:\WINDOWS\System32\shellfire.dll
[2013/10/16 22:00:40 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk
[2013/09/22 21:31:15 | 000,000,149 | ---- | C] () -- C:\WINDOWS\phw.ini
[2013/06/14 23:52:56 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2012/11/30 06:28:11 | 000,000,305 | ---- | C] () -- C:\WINDOWS\System32\bdsecushr.dat
[2012/10/07 14:08:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\vsfilter.INI
[2012/10/07 14:08:25 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\User\Application Data\coreavc.ini
[2012/02/16 12:48:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/23 17:13:02 | 000,601,390 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-343818398-179605362-1801674531-1003-0.dat
[2011/02/23 17:13:01 | 000,140,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/07 12:32:53 | 000,216,064 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011/01/07 12:29:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[2013/11/11 05:48:54 | 000,005,632 | -HS- | M] () -- C:\WINDOWS\assembly\GAC\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 11:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 11:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/01/07 07:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2013/01/20 21:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Application Data
[2011/01/11 12:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2013/11/12 19:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2013/07/07 01:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grid
[2013/11/10 14:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/01/20 21:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jlcm
[2011/01/07 07:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
[2013/10/16 22:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KuaiWan
[2012/04/27 21:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/02/08 15:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NatGeoGames
[2011/02/02 13:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2013/11/08 19:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2012/03/09 05:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/02/19 14:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2013/04/18 10:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/07/07 19:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2012/04/27 21:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Anarchy
[2011/10/20 07:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Awem
[2013/10/17 22:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\baiduAddr
[2011/01/20 13:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BlamGames
[2013/03/23 11:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Building the Great Wall of China
[2012/07/26 09:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CometPlayer
[2011/01/09 02:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Pro
[2011/09/09 23:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\dekovir
[2013/08/22 20:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\flvcd
[2012/06/08 17:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FMRTEv5
[2011/02/02 12:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Go-Go Gourmet Chef of the Year
[2013/04/16 23:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Happy Kingdom
[2013/07/22 23:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HipSoft
[2011/01/09 02:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IObit
[2011/01/07 07:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Kingsoft
[2012/09/28 22:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mipony
[2011/02/08 15:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NatGeoGames
[2011/02/02 13:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlayFirst
[2013/02/02 18:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPlive
[2013/11/09 08:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPStream
[2013/09/22 21:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPStreamSetup
[2013/07/05 22:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/08/09 20:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
[2011/02/19 14:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sports Interactive
[2011/01/08 15:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Supermarket Mania 2
[2013/11/10 18:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\tigerplayer
[2013/11/08 19:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Wandoujia2
[2013/09/11 20:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\youku

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 11:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\alg.exe -- (ALG)
No service found with a name of wuauserv
No service found with a name of BITS
SRV - [2012/07/06 21:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 11:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 11:41:52 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/21 01:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 11:41:54 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/28 07:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 11:42:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/14 05:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 11:42:24 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
No service found with a name of PolicyAgent
SRV - [2008/04/14 11:41:54 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 11:42:18 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 11:42:18 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 11:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 11:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/21 00:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 21:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 11:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 11:42:04 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 11:42:04 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 20:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 11:42:04 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 11:42:06 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 11:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV - [2010/08/27 13:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/28 07:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 11:42:08 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 11:42:06 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 11:41:58 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 11:42:08 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 11:42:08 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/28 07:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 11:42:40 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 11:41:52 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
No service found with a name of SharedAccess
SRV - [2008/04/14 11:42:10 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/05/19 17:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 11:42:10 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 20:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 11:41:54 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 11:51:44 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 14:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2013/11/11 20:47:22 | 001,085,542 | ---- | M] () -- C:\adwcleaner.exe
[2012/10/07 14:05:10 | 011,899,448 | ---- | M] () -- C:\BaiduPlayerun_72043058.exe
[2012/07/10 23:22:02 | 004,033,471 | ---- | M] () -- C:\bigrats_setup_0.4.7.2.exe
[2012/07/10 23:13:10 | 000,648,704 | ---- | M] (flvcd.com) -- C:\diy0078812975.exe
[2013/07/07 19:30:31 | 000,264,757 | ---- | M] () -- C:\FHSetup.exe
[2011/08/10 13:05:05 | 000,576,512 | ---- | M] (flvcd.com) -- C:\flvcd_youtube.exe
[2012/07/29 21:35:54 | 000,506,832 | ---- | M] (搜狐) -- C:\IFoxInstall_3.0.0.0-c1016.exe
[2012/07/21 19:40:39 | 008,047,048 | ---- | M] (Youku.com) -- C:\iku2.1_setup.exe
[2013/07/07 18:24:10 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.75.0.1300.exe
[2012/09/23 20:14:04 | 014,815,448 | ---- | M] (PPStream Inc.) -- C:\ppstreamsetup.exe
[2012/01/12 20:08:26 | 000,148,920 | ---- | M] () -- C:\QQLive8.42.6278.0.exe
[2013/07/07 19:34:16 | 000,248,088 | ---- | M] (Trusteer Ltd.) -- C:\RapportSetup.exe
[2012/05/23 22:41:45 | 000,692,480 | ---- | M] (RealNetworks, Inc.) -- C:\RealPlayer.exe
[2012/07/29 21:38:28 | 009,769,872 | ---- | M] (搜狐公司 ) -- C:\SoHuVA_3.0.0.0_offline-c1000.exe
[2013/07/05 22:38:36 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\SpyHunter-Installer.exe
[2013/07/27 22:16:27 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\TFC.exe

< c:\program files (x86)\Google\Desktop >
[2011/01/07 07:22:28 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2011/01/07 07:28:08 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2011/08/09 20:39:06 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2012/03/15 09:16:54 | 000,000,972 | ---- | C] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003Core.job
[2012/03/15 09:16:55 | 000,000,994 | ---- | C] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003UA.job
[2012/07/19 05:48:30 | 000,000,536 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013/08/09 11:13:20 | 000,000,878 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013/08/09 11:13:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013/10/11 05:56:38 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is E0BA-5564
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
10/09/2013 02:50 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
10/09/2013 02:51 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
10/09/2013 02:47 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
3 Dir(s) 30,351,245,312 bytes free

< >

========== Files - Unicode (All) ==========
[2012/08/09 09:57:41 | 000,000,000 | ---D | M](C:\Program Files\??êó) -- C:\Program Files\˶Êó
[2012/08/09 09:57:41 | 000,000,000 | ---D | M](C:\Program Files\??êó) -- C:\Program Files\˶Êó
(C:\Program Files\??êó) -- C:\Program Files\˶Êó

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC386FD2
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63C68F03
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D2EA83

< End of report >

Thanks.

[Essexboy]

The 64bit option will automatically appear if needed

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=11/11/2013
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=11/11/2013
[2013/11/11 05:48:54 | 000,005,632 | -HS- | M] () -- C:\WINDOWS\assembly\GAC\Desktop.ini
[2013/11/12 19:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess

:Files
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c
netsh winsock reset /c
netsh advfirewall reset /c

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.

• Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
• please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• post the contents of JRT.txt into your next message.

AND FINALLY

Download the attached reg files.zip to your desktop
[attachment=67582:Reg files.zip]
Extract all four reg files to the desktop and double click each in turn and allow to merge
On completion reboot and let me know how the computer is behaving

[dif4]

Here's the OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
C:\WINDOWS\assembly\GAC\Desktop.ini moved successfully.
C:\Documents and Settings\All Users\Application Data\boost_interprocess folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\User\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\User\Desktop\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\User\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\User\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.0.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
C:\Documents and Settings\User\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\User\Desktop\cmd.txt deleted successfully.
< netsh winsock reset /c >
Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.
C:\Documents and Settings\User\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\User\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
The following command was not found: advfirewall reset.
C:\Documents and Settings\User\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: User
->Temp folder emptied: 24097199 bytes
->Temporary Internet Files folder emptied: 21586516 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 7786 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 24779395 bytes

Total Files Cleaned = 67.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11132013_055332

Files\Folders moved on Reboot...
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\HO40C0BR\page__pid__2348413[1].htm moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_166c.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


For JRT, when I tried to run as Administrator, it says "Unable to log on. Logon failure: User access restriction". When I tried to run as current user, it says "Access is denied". So I double-clicked it and here's the log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by User on 11/13/2013 Wed at 5:59:20.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/13/2013 Wed at 6:05:16.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


I've run the reg files and so far, I think my computer looks ok.

Thanks.

[Essexboy]

OK I think we have killed it all now, so a final sweep for orphans.. Once done could you let me know of any remaining problems

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Attach the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

[dif4]

Hi,

Here's the MBAM log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.13.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: USER-8CE73256DD [administrator]

11/14/2013 5:51:28 AM
mbam-log-2013-11-14 (05-51-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220257
Time elapsed: 17 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_*202EETADPUG (Rootkit.0Access) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thanks.

[Essexboy]

In that case methinks I will send you on your merry way

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

:Commands
[CLEARALLRESTOREPOINTS] 
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.



: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe

[dif4]

Hi,

I've tried to run the OTL scan that you stated in your last post but the scan took almost 1 hour. Is this normal? I restarted my computer as I thought the scan was taking too long. Thanks.

[Essexboy]

That would be MBAM getting uppity .. It does that sometimes

Try this modified fix, it will work

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

:Commands
[CLEARALLRESTOREPOINTS] 
[resethosts]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

[dif4]

Hi,

Thanks, I managed to run the OTL fix and cleared everything.

Thanks for your help.

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.