Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FireFox Got Hijacked by Hao123


  • Please log in to reply

#1
WyffGoaL

WyffGoaL

    Member

  • Member
  • PipPip
  • 57 posts
Hi everyone,

My Firefox has been hijacked by hao123, even I've restored my FireFox back to its factory status and changed the homepage URL, but my homepage is still redirecting to hao123.com.


OTL log

OTL logfile created on: 14/12/2013 12:36:58 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wyatt.WyattTeng\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy

5.91 Gb Total Physical Memory | 4.01 Gb Available Physical Memory | 67.79% Memory free
11.82 Gb Paging File | 9.81 Gb Available in Paging File | 83.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304.53 Gb Total Space | 261.89 Gb Free Space | 86.00% Space Free | Partition Type: NTFS
Drive E: | 146.48 Gb Total Space | 133.44 Gb Free Space | 91.10% Space Free | Partition Type: NTFS

Computer Name: WYATTTENG | User Name: Wyatt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/12/14 00:36:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wyatt.WyattTeng\Desktop\OTL.exe
PRC - [2013/12/13 23:36:30 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
PRC - [2013/11/24 02:29:18 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/12 17:27:46 | 001,261,184 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe
PRC - [2013/09/16 11:22:30 | 000,014,256 | ---- | M] () -- C:\Program Files (x86)\QvodPlayer\QvodWebBase\1.0.0.43\QvodWebService.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/05/19 15:16:48 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/05/19 15:16:36 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010/11/06 13:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/10/06 11:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/06 11:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/13 23:36:30 | 016,242,056 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013/11/24 02:29:18 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/18 19:21:22 | 004,218,288 | ---- | M] () -- C:\Program Files (x86)\QvodPlayer\QvodRes.dll
MOD - [2013/10/18 19:21:22 | 000,137,648 | ---- | M] () -- C:\Program Files (x86)\QvodPlayer\NetUtil.dll
MOD - [2013/09/16 11:22:30 | 000,014,256 | ---- | M] () -- C:\Program Files (x86)\QvodPlayer\QvodWebBase\1.0.0.43\QvodWebService.exe
MOD - [2011/04/23 00:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/09/16 08:41:28 | 001,518,352 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/09/16 08:28:06 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/09/16 08:24:52 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/09/15 23:54:46 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/06/04 02:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/01/25 17:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/11/30 05:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/03/03 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/12/13 23:36:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/24 02:29:18 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/08 11:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/05/19 15:16:48 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/05/19 15:16:46 | 001,335,360 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/05/19 15:16:36 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/11/06 13:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/06 11:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/06 11:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/19 08:42:10 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\t_mouse.sys -- (t_mouse.sys)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/08 11:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/10/08 11:42:14 | 000,284,008 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2012/08/23 22:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 22:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 22:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/18 16:26:52 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/09/15 23:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/09/15 23:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/07/21 06:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/07/21 06:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/07/20 08:54:06 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/07/20 05:13:42 | 000,282,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/06/22 05:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/06/22 05:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/19 15:17:04 | 000,053,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/05/19 15:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/05/13 16:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/11 03:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 13:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/01/25 17:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/11/30 05:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/07 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/30 08:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/03/19 17:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/25 10:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2006/11/02 02:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{104DE852-07E6-4026-A9D5-F576E4E20B7E}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com...99_oem_dg&ch=33
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\egtcps.com/captures: C:\Program Files (x86)\EagleGet\captures.dll File not found
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/05/23 12:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wyatt.WyattTeng\AppData\Roaming\mozilla\Extensions
[2013/05/23 12:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wyatt.WyattTeng\AppData\Roaming\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2013/11/24 02:29:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/24 02:29:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: MeasureIt! = C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma\1.1.3_0\
CHR - Extension: Prepros = C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnlfjdjbjiabcgkkjaicjepbhhmeonlm\3.0.0_0\
CHR - Extension: PageSpeed Insights (by Google) = C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli\2.0.4.2_0\
CHR - Extension: PageRank Status = C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\8.6.0.0_0\
CHR - Extension: Eye Dropper = C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka\0.3.3_0\
CHR - Extension: Tag Assistant (by Google) = C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk\0.9.37_0\
CHR - Extension: IcoMoon = C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\kppingdhhalimbaehfmhldppemnmlcjd\2.1.32_0\
CHR - Extension: Session Manager = C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.6_0\
CHR - Extension: Google Mail Checker = C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Ghostery = C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\
CHR - Extension: Google Wallet = C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: SEO Global For Google Search\u2122 = C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi\5.1_0\

O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MouseDriver] C:\windows\SysNative\TiltWheelMouse.exe (Pixart Imaging Inc)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [QvodTerminal] C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: 使用快播按图找片 - C:\Program Files (x86)\QvodPlayer\AddIn\ImgSeed.htm ()
O8 - Extra context menu item: 使用快播按图找片 - C:\Program Files (x86)\QvodPlayer\AddIn\ImgSeed.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab (Creative Software AutoUpdate)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DEFA122-E95D-462F-9299-AD5B16D1B808}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\WINDOWS\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\WINDOWS\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\WINDOWS\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\WINDOWS\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{832ee303-3d79-11e3-9c4c-4ceb4204d3d1}\Shell - "" = AutoRun
O33 - MountPoints2\{832ee303-3d79-11e3-9c4c-4ceb4204d3d1}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/14 00:36:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wyatt.WyattTeng\Desktop\OTL.exe
[2013/12/14 00:21:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/24 02:29:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/12/14 00:36:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wyatt.WyattTeng\Desktop\OTL.exe
[2013/12/14 00:36:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/14 00:30:35 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/14 00:30:35 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/14 00:29:20 | 000,782,470 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/12/14 00:29:20 | 000,654,464 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/12/14 00:29:20 | 000,122,336 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/12/14 00:26:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/14 00:25:02 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/14 00:23:24 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/14 00:22:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/14 00:22:51 | 464,711,679 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/14 00:14:48 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/24 15:28:14 | 000,000,954 | ---- | M] () -- C:\Users\Wyatt.WyattTeng\AppData\Roaming\coreavc.ini
[2013/11/16 21:38:12 | 000,001,107 | ---- | M] () -- C:\Users\Wyatt.WyattTeng\Desktop\KeePass 2.lnk

========== Files Created - No Company Name ==========

[2013/10/20 00:06:04 | 000,000,954 | ---- | C] () -- C:\Users\Wyatt.WyattTeng\AppData\Roaming\coreavc.ini
[2013/08/28 16:07:02 | 000,183,308 | ---- | C] () -- C:\Users\Wyatt.WyattTeng\.spyglass.properties
[2013/08/21 12:41:40 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/07/15 21:15:18 | 000,000,600 | ---- | C] () -- C:\Users\Wyatt.WyattTeng\AppData\Roaming\winscp.rnd
[2013/07/08 17:06:14 | 000,000,600 | ---- | C] () -- C:\Users\Wyatt.WyattTeng\AppData\Local\PUTTY.RND
[2013/06/06 12:36:28 | 000,001,456 | ---- | C] () -- C:\Users\Wyatt.WyattTeng\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/05/23 14:20:49 | 000,000,258 | RHS- | C] () -- C:\Users\Wyatt.WyattTeng\ntuser.pol
[2012/02/01 13:52:34 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/02/01 13:52:34 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/02/01 13:52:34 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/02/01 13:52:33 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/02/01 13:52:33 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2012/02/01 12:28:00 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2012/02/01 12:23:20 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2013/07/26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/19 13:44:30 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.WyattTeng\AppData\Roaming\6Wunderkinder
[2013/08/01 13:50:11 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.WyattTeng\AppData\Roaming\com.springbox.mobilizer
[2013/07/17 16:22:17 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.WyattTeng\AppData\Roaming\CoreFTP
[2013/10/25 21:36:04 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.WyattTeng\AppData\Roaming\Dropbox
[2013/08/14 11:44:16 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.WyattTeng\AppData\Roaming\FileZilla
[2013/05/19 08:57:05 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.WyattTeng\AppData\Roaming\Fingertapps
[2013/08/29 20:50:47 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.WyattTeng\AppData\Roaming\GeoEdge
[2013/12/01 00:26:20 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.WyattTeng\AppData\Roaming\KeePass
[2013/10/20 00:01:18 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.WyattTeng\AppData\Roaming\Orbit
[2013/05/19 09:27:06 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.WyattTeng\AppData\Roaming\PCDr
[2013/10/20 00:00:22 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.WyattTeng\AppData\Roaming\ProgSense
[2013/07/15 21:28:33 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.WyattTeng\AppData\Roaming\Sublime Text 2
[2013/05/23 15:17:09 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.WyattTeng\AppData\Roaming\Youtube Downloader HD

========== Purity Check ==========



< End of report >


Thanks a lot.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Hao123 is installed by Qvod Player. If you uninstall Qvod then Hao123 should go away. See:
http://forums.hardwa...it-4426863.html

Is there some reason you don't use VLC instead of Qvod?
http://www.videolan....ad-windows.html
  • 0

#3
WyffGoaL

WyffGoaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Hi RKinner,

Thank you so much for the reply. I've followed the instructions in that thread and also removed QVOD from my system, unfortunately, I'm still having hao123.com as my homepage though.

Could someone please help?

Thanks in advance.

Best regards,
Wyatt
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#5
WyffGoaL

WyffGoaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Hi RKinner,

Thank you so much for helping me out, I really do appreciate that.

Below are the logs that you need.



AdwCleaner's Logs

# AdwCleaner v3.015 - Report created 15/12/2013 at 01:32:28
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Wyatt - WYATTTENG
# Running from : C:\Users\Wyatt.WyattTeng\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16750


-\\ Mozilla Firefox v26.0 (en-US)

-\\ Google Chrome v31.0.1650.63

*************************

AdwCleaner[R2].txt - [719 octets] - [15/12/2013 01:32:08]
AdwCleaner[S2].txt - [641 octets] - [15/12/2013 01:32:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [700 octets] ##########





Junkware-Removal-Tool's Logs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Wyatt on 15/12/2013 Sun at 1:19:50.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\addresssearch.jsobject
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\addresssearch.jsobject.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\addresssearch.snavhttpprotocol
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\addresssearch.snavhttpprotocol.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\asbarbroker.bdbroker
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\asbarbroker.bdbroker.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{104DE852-07E6-4026-A9D5-F576E4E20B7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/12/2013 Sun at 1:26:22.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013 01
Ran by Wyatt (administrator) on WYATTTENG on 15-12-2013 01:28:17
Running from C:\Users\Wyatt.WyattTeng\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Pixart Imaging Inc) C:\WINDOWS\System32\TiltWheelMouse.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\QvodPlayer\QvodWebBase\1.0.0.47\QvodWebService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [3668336 2011-03-25] (Dell Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MouseDriver] - C:\WINDOWS\System32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
MountPoints2: {832ee303-3d79-11e3-9c4c-4ceb4204d3d1} - F:\Windows\CHECK\DriveNavigator.exe
AppInit_DLLs: C:\WINDOWS\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll, C:\windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: A3D39B28-8D9F-1D0B-8C21-CA6F6AD9B2D2 Class - {A3D39B28-8D9F-1D0B-8C21-CA6F6AD9B2D2} - C:\Program Files (x86)\QvodPlayer\AddIn\{A3D39B28-8D9F-1D0B-8C21-CA6F6AD9B2D2}\QvodAddr.dll ()
BHO-x32: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Wyatt.WyattTeng\AppData\Roaming\Mozilla\Firefox\Profiles\8fyixtli.default-1386952174847
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @qvod.com/QvodShare - C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @qvod.com/QvodInsert - C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @qvod.com/QvodShare - C:\Program Files (x86)\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: egtcps.com/captures - C:\Program Files (x86)\EagleGet\captures.dll No File
FF Plugin HKCU: KuaiWanInsert - C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Extension: firebug - C:\Users\Wyatt.WyattTeng\AppData\Roaming\Mozilla\Firefox\Profiles\8fyixtli.default-1386952174847\Extensions\[email protected]
FF Extension: defaults - C:\Users\Wyatt.WyattTeng\AppData\Roaming\Mozilla\Firefox\Profiles\8fyixtli.default-1386952174847\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF Extension: Adblock Plus - C:\Users\Wyatt.WyattTeng\AppData\Roaming\Mozilla\Firefox\Profiles\8fyixtli.default-1386952174847\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.com.my
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (MeasureIt!) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma\1.1.3_0
CHR Extension: (Prepros) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnlfjdjbjiabcgkkjaicjepbhhmeonlm\3.0.0_0
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli\2.0.4.2_0
CHR Extension: (PageRank Status) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\8.6.0.0_0
CHR Extension: (Eye Dropper) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka\0.3.3_0
CHR Extension: (Tag Assistant (by Google)) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk\0.9.37_0
CHR Extension: (IcoMoon) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\kppingdhhalimbaehfmhldppemnmlcjd\2.1.32_0
CHR Extension: (Session Manager) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.6_0
CHR Extension: (Google Mail Checker) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0
CHR Extension: (Ghostery) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0
CHR Extension: (Google Wallet) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (SEO Global For Google Search\u2122) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi\5.1_0

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-16] ()

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-10-08] (NVIDIA Corporation)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-15 01:28 - 2013-12-15 01:28 - 00013273 _____ C:\Users\Wyatt.WyattTeng\Desktop\FRST.txt
2013-12-15 01:28 - 2013-12-15 01:28 - 00000000 ____D C:\FRST
2013-12-15 01:27 - 2013-12-15 01:27 - 01927796 _____ (Farbar) C:\Users\Wyatt.WyattTeng\Desktop\FRST64.exe
2013-12-15 01:26 - 2013-12-15 01:26 - 00001518 _____ C:\Users\Wyatt.WyattTeng\Desktop\JRT.txt
2013-12-15 01:19 - 2013-12-15 01:19 - 00000000 ____D C:\windows\ERUNT
2013-12-15 01:18 - 2013-12-15 01:18 - 01034531 _____ (Thisisu) C:\Users\Wyatt.WyattTeng\Desktop\JRT.exe
2013-12-15 01:17 - 2013-12-15 01:17 - 00000324 _____ C:\windows\PFRO.log
2013-12-15 01:13 - 2013-12-15 01:13 - 01226802 _____ C:\Users\Wyatt.WyattTeng\Desktop\AdwCleaner.exe
2013-12-15 01:12 - 2013-12-15 01:12 - 00000075 _____ C:\Users\Wyatt.WyattTeng\Desktop\New Text Document.txt
2013-12-15 01:00 - 2013-12-15 01:17 - 00000056 _____ C:\windows\setupact.log
2013-12-15 01:00 - 2013-12-15 01:00 - 00000000 _____ C:\windows\setuperr.log
2013-12-15 00:12 - 2013-12-15 00:12 - 00001947 _____ C:\Users\Public\Desktop\快播.lnk
2013-12-14 22:36 - 2013-12-15 01:15 - 00000000 ____D C:\ProgramData\QvodPlayer
2013-12-14 01:03 - 2013-05-10 13:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-14 01:03 - 2013-05-10 13:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-14 01:03 - 2013-05-10 12:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-14 01:03 - 2013-05-10 12:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-14 01:02 - 2013-10-25 14:19 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-14 01:02 - 2013-10-25 14:19 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-14 01:02 - 2013-10-25 14:19 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-14 01:02 - 2013-10-25 14:18 - 19271168 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-14 01:02 - 2013-10-25 14:18 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-14 01:02 - 2013-10-25 14:17 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-14 01:02 - 2013-10-25 14:17 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-14 01:02 - 2013-10-25 14:17 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-14 01:02 - 2013-10-25 14:17 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-14 01:02 - 2013-10-25 14:17 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-14 01:02 - 2013-10-25 14:17 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-12-14 01:02 - 2013-10-25 14:17 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-14 01:02 - 2013-10-25 14:17 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-14 01:02 - 2013-10-25 14:17 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-14 01:02 - 2013-10-25 12:45 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-14 01:02 - 2013-10-25 12:44 - 14356992 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-14 01:02 - 2013-10-25 12:44 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 13761536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-12-14 01:02 - 2013-10-25 12:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-14 01:02 - 2013-10-25 11:41 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-14 01:02 - 2013-10-25 11:17 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-12-14 01:02 - 2013-10-25 10:49 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-14 00:54 - 2013-12-14 00:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-14 00:42 - 2013-12-14 00:42 - 00062076 _____ C:\Users\Wyatt.WyattTeng\Desktop\Extras.Txt
2013-12-14 00:41 - 2013-12-14 00:41 - 00080360 _____ C:\Users\Wyatt.WyattTeng\Desktop\OTL.Txt
2013-12-14 00:36 - 2013-12-14 00:36 - 00602112 _____ (OldTimer Tools) C:\Users\Wyatt.WyattTeng\Desktop\OTL.exe
2013-12-14 00:21 - 2013-12-15 01:16 - 00000000 ____D C:\AdwCleaner
2013-12-13 23:45 - 2013-10-30 10:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-13 23:45 - 2013-10-30 10:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-13 23:45 - 2013-10-30 09:24 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-13 23:41 - 2013-11-24 02:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-13 23:41 - 2013-11-24 01:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-13 23:41 - 2013-10-19 10:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-13 23:41 - 2013-10-19 09:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-13 23:40 - 2013-11-12 10:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-13 23:40 - 2013-11-12 10:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-13 23:40 - 2013-10-12 10:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-13 23:40 - 2013-10-12 10:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-13 23:40 - 2013-10-12 10:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-13 23:40 - 2013-10-12 10:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-13 23:40 - 2013-10-12 09:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-13 23:40 - 2013-10-12 09:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-13 23:40 - 2013-10-12 09:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-13 23:40 - 2013-10-12 09:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-13 23:40 - 2013-10-04 10:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-13 23:40 - 2013-10-04 09:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-11-16 14:00 - 2013-10-06 04:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-16 14:00 - 2013-10-06 03:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-16 13:39 - 2013-10-04 10:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-16 13:39 - 2013-10-04 10:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-16 13:39 - 2013-10-04 10:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-16 13:39 - 2013-10-04 09:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-16 13:39 - 2013-10-04 09:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-16 13:39 - 2013-10-04 09:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2013-11-16 13:39 - 2013-09-28 09:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-16 13:38 - 2013-10-12 10:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-16 13:38 - 2013-10-12 10:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-16 13:38 - 2013-10-12 10:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-16 13:38 - 2013-10-12 10:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2013-11-16 13:38 - 2013-10-12 10:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2013-11-16 13:38 - 2013-10-03 10:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-16 13:38 - 2013-10-03 10:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-16 13:38 - 2013-09-25 10:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-16 13:38 - 2013-09-25 10:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-16 13:38 - 2013-09-25 10:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-16 13:38 - 2013-09-25 10:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-16 13:38 - 2013-09-25 10:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-16 13:38 - 2013-09-25 10:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-16 13:38 - 2013-09-25 10:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-16 13:38 - 2013-09-25 10:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-16 13:38 - 2013-09-25 09:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2013-11-16 13:38 - 2013-09-25 09:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-16 13:38 - 2013-09-25 09:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2013-11-16 13:38 - 2013-09-25 09:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2013-11-16 13:38 - 2013-09-25 09:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-16 13:38 - 2013-07-04 20:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-12-15 01:28 - 2013-12-15 01:28 - 00013273 _____ C:\Users\Wyatt.WyattTeng\Desktop\FRST.txt
2013-12-15 01:28 - 2013-12-15 01:28 - 00000000 ____D C:\FRST
2013-12-15 01:28 - 2012-04-18 20:28 - 00000000 ____D C:\Users\Wyatt
2013-12-15 01:27 - 2013-12-15 01:27 - 01927796 _____ (Farbar) C:\Users\Wyatt.WyattTeng\Desktop\FRST64.exe
2013-12-15 01:26 - 2013-12-15 01:26 - 00001518 _____ C:\Users\Wyatt.WyattTeng\Desktop\JRT.txt
2013-12-15 01:26 - 2013-05-19 11:52 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-15 01:24 - 2009-07-14 12:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-15 01:24 - 2009-07-14 12:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-15 01:20 - 2013-05-24 17:57 - 01483693 _____ C:\windows\WindowsUpdate.log
2013-12-15 01:19 - 2013-12-15 01:19 - 00000000 ____D C:\windows\ERUNT
2013-12-15 01:18 - 2013-12-15 01:18 - 01034531 _____ (Thisisu) C:\Users\Wyatt.WyattTeng\Desktop\JRT.exe
2013-12-15 01:17 - 2013-12-15 01:17 - 00000324 _____ C:\windows\PFRO.log
2013-12-15 01:17 - 2013-12-15 01:00 - 00000056 _____ C:\windows\setupact.log
2013-12-15 01:17 - 2013-05-19 11:51 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-15 01:17 - 2012-02-01 12:32 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-15 01:17 - 2009-07-14 13:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-15 01:17 - 2009-07-14 13:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-15 01:16 - 2013-12-14 00:21 - 00000000 ____D C:\AdwCleaner
2013-12-15 01:15 - 2013-12-14 22:36 - 00000000 ____D C:\ProgramData\QvodPlayer
2013-12-15 01:14 - 2013-05-19 12:15 - 00000000 ____D C:\Users\Wyatt.WyattTeng\AppData\Roaming\KeePass
2013-12-15 01:13 - 2013-12-15 01:13 - 01226802 _____ C:\Users\Wyatt.WyattTeng\Desktop\AdwCleaner.exe
2013-12-15 01:12 - 2013-12-15 01:12 - 00000075 _____ C:\Users\Wyatt.WyattTeng\Desktop\New Text Document.txt
2013-12-15 01:00 - 2013-12-15 01:00 - 00000000 _____ C:\windows\setuperr.log
2013-12-15 00:36 - 2013-05-19 18:17 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-15 00:12 - 2013-12-15 00:12 - 00001947 _____ C:\Users\Public\Desktop\快播.lnk
2013-12-15 00:12 - 2013-10-20 00:06 - 00000954 _____ C:\Users\Wyatt.WyattTeng\AppData\Roaming\coreavc.ini
2013-12-15 00:12 - 2013-10-20 00:05 - 00000000 ____D C:\Program Files (x86)\QvodPlayer
2013-12-15 00:12 - 2013-05-19 08:54 - 00000000 ____D C:\Users\Wyatt.WyattTeng\AppData\Local\VirtualStore
2013-12-14 22:36 - 2011-02-23 21:08 - 00000000 ____D C:\windows\Panther
2013-12-14 22:23 - 2009-07-14 13:13 - 00782470 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-14 22:18 - 2009-07-14 12:45 - 05033480 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-14 00:54 - 2013-12-14 00:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-14 00:54 - 2013-05-19 12:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-14 00:42 - 2013-12-14 00:42 - 00062076 _____ C:\Users\Wyatt.WyattTeng\Desktop\Extras.Txt
2013-12-14 00:41 - 2013-12-14 00:41 - 00080360 _____ C:\Users\Wyatt.WyattTeng\Desktop\OTL.Txt
2013-12-14 00:36 - 2013-12-14 00:36 - 00602112 _____ (OldTimer Tools) C:\Users\Wyatt.WyattTeng\Desktop\OTL.exe
2013-12-14 00:25 - 2013-05-19 12:29 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-14 00:25 - 2013-05-19 12:29 - 00000000 ____D C:\Program Files\CCleaner
2013-12-14 00:14 - 2013-05-19 11:56 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-13 23:36 - 2013-05-19 18:17 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-13 23:36 - 2013-05-19 18:17 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-12-13 23:36 - 2012-02-01 12:24 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-13 23:21 - 2013-05-19 11:52 - 00003892 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-13 23:21 - 2013-05-19 11:51 - 00003640 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-30 22:01 - 2009-07-14 11:20 - 00000000 ____D C:\windows\system32\NDF
2013-11-24 02:26 - 2013-12-13 23:41 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-11-24 01:47 - 2013-12-13 23:41 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-11-24 01:10 - 2013-05-19 12:40 - 00000000 ____D C:\Users\Wyatt.WyattTeng\AppData\Local\Adobe
2013-11-24 00:12 - 2013-05-19 12:57 - 00000000 ____D C:\Users\Wyatt.WyattTeng\AppData\Local\Mozilla
2013-11-19 03:33 - 2010-11-21 11:27 - 00267936 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2013-11-16 22:31 - 2009-07-14 11:20 - 00000000 ____D C:\windows\rescache
2013-11-16 21:38 - 2013-05-19 12:13 - 00001107 _____ C:\Users\Wyatt.WyattTeng\Desktop\KeePass 2.lnk
2013-11-16 21:38 - 2013-05-19 12:13 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2013-11-16 20:11 - 2013-07-17 21:06 - 00000000 ____D C:\windows\system32\MRT
2013-11-16 20:10 - 2013-05-19 14:28 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Wyatt.WyattTeng\AppData\Local\Temp\Quarantine.exe
C:\Users\Wyatt.WyattTeng\AppData\Local\Temp\QvodSetup5.18.161.20131213.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-24 00:47

==================== End Of Log ============================





Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2013 01
Ran by Wyatt at 2013-12-15 01:28:47
Running from C:\Users\Wyatt.WyattTeng\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.8.0.1280)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7)
Advanced Audio FX Engine (x32 Version: 1.12.05)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.08)
Dell DataSafe Local Backup (x32 Version: 9.4.47)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell Touchpad (Version: 7.1209.101.204)
Dropbox (HKCU Version: 2.0.22)
FileHippo.com Update Checker (x32)
FileZilla Client 3.7.2 (x32 Version: 3.7.2)
Google AdWords Editor (x32 Version: 10.1.0)
Google Chrome (x32 Version: 31.0.1650.63)
Google Update Helper (x32 Version: 1.3.22.3)
HP Deskjet 2510 series Basic Device Software (Version: 28.0.1313.0)
HP Deskjet 2510 series Setup Guide (x32 Version: 27.0.0)
IDT Audio (x32 Version: 1.0.6324.0)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1118)
Intel® Processor Graphics (x32 Version: 8.15.10.2361)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.2.0.0587)
Intel® PROSet/Wireless WiFi Software (Version: 14.2.1000)
Intel® Rapid Storage Technology (x32 Version: 10.1.0.1008)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
Intel® WiDi (x32 Version: 2.1.41.0)
Intel® Wireless Display
iTunes (Version: 11.1.0.126)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Java™ 7 Update 1 (64-bit) (Version: 7.0.10)
Jing (x32 Version: 2.8.13007.1)
KeePass Password Safe 2.24 (x32 Version: 2.24)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Silverlight (x32 Version: 4.0.50401.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mobilizer (x32 Version: 0.9.6)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0)
Mozilla Maintenance Service (x32 Version: 26.0)
NVIDIA 3D Vision Driver 306.97 (Version: 306.97)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0697)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
PDF Settings CS6 (x32 Version: 11.0)
Quickset64 (Version: 10.09.25)
Realtek Ethernet Controller Driver (x32 Version: 7.31.1025.2010)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30126)
Skype™ 6.6 (x32 Version: 6.6.106)
Sublime Text 2.0.2
TI USB 3.0 Host Controller Driver (x32 Version: 1.12.14.0)
TI USB3 Host Driver (x32 Version: 1.12.14.0)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
VLC media player 2.0.6 (x32 Version: 2.0.6)
WinRAR 4.20 (x32 Version: 4.20)
Wunderlist (x32 Version: 2.3.0.25)
快播 5.18.161 (x32 Version: 5.18.161)

==================== Restore Points =========================

18-10-2013 14:30:46 Windows Update
18-10-2013 16:51:05 Windows Update
19-10-2013 09:26:38 Windows Update
25-10-2013 13:40:11 Windows Update
01-11-2013 13:13:33 Windows Update
16-11-2013 05:32:29 Windows Update
16-11-2013 12:09:22 Windows Update
23-11-2013 16:15:22 Windows Update
30-11-2013 12:28:59 Windows Update
13-12-2013 15:23:52 Windows Update
13-12-2013 17:01:12 Windows Update

==================== Hosts content: ==========================

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2019266E-B23F-4C46-9E16-3FE7C6F992CD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {20766336-8E45-4E19-A583-F48E179281FE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19] (Google Inc.)
Task: {2F36E287-9488-4E6C-AED1-7D8CCE258DEF} - System32\Tasks\{BBD191EE-3BB5-4FD8-88F7-9152E544DBF7} => Chrome.exe http://ui.skype.com/...?LastError=1618
Task: {85E26D47-18AD-4732-BBBD-828E4CA1707B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1415409250-421658165-2567368482-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {944D60C7-C632-4699-B16E-D30B0CB28C26} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-13] (Adobe Systems Incorporated)
Task: {ADBA55CD-0DF1-4457-81E1-79135F5EA07D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19] (Google Inc.)
Task: {D7A02ADE-7B2E-445D-BAD3-127B56B7105B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1415409250-421658165-2567368482-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {DB5F0B44-A835-46DA-9B00-BD2A77EC9040} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 22:42 - 2010-01-02 22:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-15 13:13 - 2013-08-15 13:13 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\88896793f7119ee1105ad6f66e559470\IsdiInterop.ni.dll
2012-02-01 12:23 - 2010-11-06 13:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 6052.25 MB
Available physical RAM: 4588.24 MB
Total Pagefile: 12102.67 MB
Available Pagefile: 10590.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:304.53 GB) (Free:259.49 GB) NTFS
Drive e: (Internet Marketing) (Fixed) (Total:146.48 GB) (Free:133.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A46555C6)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=305 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=146 GB) - (Type=OF Extended)

==================== End Of Log ============================
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
Qvod did not uninstall very well.


Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that then run a new FRST scan (you will only get one log this time) and post the log.

Are you still getting redirected?
  • 0

#7
WyffGoaL

WyffGoaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Hi RKinner,

Thank you so much for your prompt reply again. My FireFox is finally back to normal and showing my pre-defined homepage now after doing all the scans in the 1st post that you mentioned. Anyway, what is actually causing this? Because I've re-installed QVOD and it seems that the hao123.com issue is forever gone now.

Below are the new logs that you need.


Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2013 01
Ran by Wyatt at 2013-12-15 02:33:14 Run:1
Running from C:\Users\Wyatt.WyattTeng\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO-x32: A3D39B28-8D9F-1D0B-8C21-CA6F6AD9B2D2 Class - {A3D39B28-8D9F-1D0B-8C21-CA6F6AD9B2D2} - C:\Program Files (x86)\QvodPlayer\AddIn\{A3D39B28-8D9F-1D0B-8C21-CA6F6AD9B2D2}\QvodAddr.dll ()
BHO-x32: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} -C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @qvod.com/QvodShare - C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @qvod.com/QvodInsert - C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin-x32: @qvod.com/QvodShare - C:\Program Files (x86)\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin HKCU: egtcps.com/captures - C:\Program Files (x86)\EagleGet\captures.dll No File
FF Plugin HKCU: KuaiWanInsert - C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)
C:\Users\Public\Desktop\快播.lnk
C:\ProgramData\QvodPlayer
C:\Users\Wyatt.WyattTeng\AppData\Local\Temp\QvodSetup5.18.161.20131213.exe




*****************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D298} => Key deleted successfully.
HKCR\CLSID\{A8502600-B272-4F68-A67B-A0305D46D298} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3D39B28-8D9F-1D0B-8C21-CA6F6AD9B2D2} - C:\Program Files (x86)\QvodPlayer\AddIn\{A3D39B28-8D9F-1D0B-8C21-CA6F6AD9B2D2} => Key not found.
HKCR\Wow6432Node\CLSID\{A3D39B28-8D9F-1D0B-8C21-CA6F6AD9B2D2} - C:\Program Files (x86)\QvodPlayer\AddIn\{A3D39B28-8D9F-1D0B-8C21-CA6F6AD9B2D2} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D297} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A8502600-B272-4F68-A67B-A0305D46D297} => Key deleted successfully.
HKLM\Software\MozillaPlugins\@qvod.com/QvodShare => Key deleted successfully.
C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@qvod.com/QvodInsert => Key deleted successfully.
C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll => Moved successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@qvod.com/QvodShare => Key deleted successfully.
C:\Program Files (x86)\QvodPlayer\npShareModule.dll => Moved successfully.
HKCU\Software\MozillaPlugins\egtcps.com/captures => Key deleted successfully.
C:\Program Files (x86)\EagleGet\captures.dll not found.
HKCU\Software\MozillaPlugins\KuaiWanInsert => Key deleted successfully.
C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll => Moved successfully.
C:\Users\Public\Desktop\快播.lnk => Moved successfully.
C:\ProgramData\QvodPlayer => Moved successfully.
C:\Users\Wyatt.WyattTeng\AppData\Local\Temp\QvodSetup5.18.161.20131213.exe => Moved successfully.

==== End of Fixlog ====





New FRST Log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013 01
Ran by Wyatt (administrator) on WYATTTENG on 15-12-2013 02:33:59
Running from C:\Users\Wyatt.WyattTeng\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Pixart Imaging Inc) C:\WINDOWS\System32\TiltWheelMouse.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [3668336 2011-03-25] (Dell Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MouseDriver] - C:\WINDOWS\System32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
MountPoints2: {832ee303-3d79-11e3-9c4c-4ceb4204d3d1} - F:\Windows\CHECK\DriveNavigator.exe
AppInit_DLLs: C:\WINDOWS\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll, C:\windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
SearchScopes: HKCU - DefaultScope {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com...99_oem_dg&ch=33
SearchScopes: HKCU - {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com...99_oem_dg&ch=33
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: A3D39B28-8D9F-1D0B-8C21-CA6F6AD9B2D2 Class - {A3D39B28-8D9F-1D0B-8C21-CA6F6AD9B2D2} - C:\Program Files (x86)\QvodPlayer\AddIn\{A3D39B28-8D9F-1D0B-8C21-CA6F6AD9B2D2}\QvodAddr.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Wyatt.WyattTeng\AppData\Roaming\Mozilla\Firefox\Profiles\8fyixtli.default-1386952174847
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: firebug - C:\Users\Wyatt.WyattTeng\AppData\Roaming\Mozilla\Firefox\Profiles\8fyixtli.default-1386952174847\Extensions\[email protected]
FF Extension: defaults - C:\Users\Wyatt.WyattTeng\AppData\Roaming\Mozilla\Firefox\Profiles\8fyixtli.default-1386952174847\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF Extension: Adblock Plus - C:\Users\Wyatt.WyattTeng\AppData\Roaming\Mozilla\Firefox\Profiles\8fyixtli.default-1386952174847\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.com.my
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (MeasureIt!) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma\1.1.3_0
CHR Extension: (Prepros) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnlfjdjbjiabcgkkjaicjepbhhmeonlm\3.0.0_0
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli\2.0.4.2_0
CHR Extension: (PageRank Status) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\8.6.0.0_0
CHR Extension: (Eye Dropper) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka\0.3.3_0
CHR Extension: (Tag Assistant (by Google)) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk\0.9.37_0
CHR Extension: (IcoMoon) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\kppingdhhalimbaehfmhldppemnmlcjd\2.1.32_0
CHR Extension: (Session Manager) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.6_0
CHR Extension: (Google Mail Checker) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0
CHR Extension: (Ghostery) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0
CHR Extension: (Google Wallet) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (SEO Global For Google Search\u2122) - C:\Users\Wyatt.WyattTeng\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi\5.1_0

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-16] ()

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-10-08] (NVIDIA Corporation)
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-15 02:33 - 2013-12-15 02:33 - 00000000 ____D C:\ProgramData\QvodPlayer
2013-12-15 01:32 - 2013-12-15 01:32 - 00000000 ____D C:\AdwCleaner
2013-12-15 01:28 - 2013-12-15 02:33 - 00012627 _____ C:\Users\Wyatt.WyattTeng\Desktop\FRST.txt
2013-12-15 01:28 - 2013-12-15 02:33 - 00000000 ____D C:\FRST
2013-12-15 01:28 - 2013-12-15 01:28 - 00011036 _____ C:\Users\Wyatt.WyattTeng\Desktop\Addition.txt
2013-12-15 01:27 - 2013-12-15 01:27 - 01927796 _____ (Farbar) C:\Users\Wyatt.WyattTeng\Desktop\FRST64.exe
2013-12-15 01:26 - 2013-12-15 01:26 - 00001518 _____ C:\Users\Wyatt.WyattTeng\Desktop\JRT.txt
2013-12-15 01:19 - 2013-12-15 01:19 - 00000000 ____D C:\windows\ERUNT
2013-12-15 01:18 - 2013-12-15 01:18 - 01034531 _____ (Thisisu) C:\Users\Wyatt.WyattTeng\Desktop\JRT.exe
2013-12-15 01:17 - 2013-12-15 01:17 - 00000324 _____ C:\windows\PFRO.log
2013-12-15 01:13 - 2013-12-15 01:13 - 01226802 _____ C:\Users\Wyatt.WyattTeng\Desktop\AdwCleaner.exe
2013-12-15 01:12 - 2013-12-15 01:12 - 00000075 _____ C:\Users\Wyatt.WyattTeng\Desktop\New Text Document.txt
2013-12-15 01:00 - 2013-12-15 01:33 - 00000112 _____ C:\windows\setupact.log
2013-12-15 01:00 - 2013-12-15 01:00 - 00000000 _____ C:\windows\setuperr.log
2013-12-14 01:03 - 2013-05-10 13:56 - 14631424 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2013-12-14 01:03 - 2013-05-10 13:56 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2013-12-14 01:03 - 2013-05-10 12:56 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2013-12-14 01:03 - 2013-05-10 12:56 - 11410432 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2013-12-14 01:02 - 2013-10-25 14:19 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-14 01:02 - 2013-10-25 14:19 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-14 01:02 - 2013-10-25 14:19 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-14 01:02 - 2013-10-25 14:18 - 19271168 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-14 01:02 - 2013-10-25 14:18 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-14 01:02 - 2013-10-25 14:17 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-14 01:02 - 2013-10-25 14:17 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-14 01:02 - 2013-10-25 14:17 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-14 01:02 - 2013-10-25 14:17 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-14 01:02 - 2013-10-25 14:17 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-12-14 01:02 - 2013-10-25 14:17 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-12-14 01:02 - 2013-10-25 14:17 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-12-14 01:02 - 2013-10-25 14:17 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-14 01:02 - 2013-10-25 14:17 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-12-14 01:02 - 2013-10-25 12:45 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-14 01:02 - 2013-10-25 12:44 - 14356992 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-14 01:02 - 2013-10-25 12:44 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 13761536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-14 01:02 - 2013-10-25 12:43 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-12-14 01:02 - 2013-10-25 12:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-14 01:02 - 2013-10-25 11:41 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-14 01:02 - 2013-10-25 11:17 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-12-14 01:02 - 2013-10-25 10:49 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-14 00:54 - 2013-12-14 00:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-14 00:42 - 2013-12-14 00:42 - 00062076 _____ C:\Users\Wyatt.WyattTeng\Desktop\Extras.Txt
2013-12-14 00:41 - 2013-12-14 00:41 - 00080360 _____ C:\Users\Wyatt.WyattTeng\Desktop\OTL.Txt
2013-12-14 00:36 - 2013-12-14 00:36 - 00602112 _____ (OldTimer Tools) C:\Users\Wyatt.WyattTeng\Desktop\OTL.exe
2013-12-13 23:45 - 2013-10-30 10:32 - 00335360 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-13 23:45 - 2013-10-30 10:19 - 00301568 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-13 23:45 - 2013-10-30 09:24 - 03155968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-13 23:41 - 2013-11-24 02:26 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-13 23:41 - 2013-11-24 01:47 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-13 23:41 - 2013-10-19 10:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-13 23:41 - 2013-10-19 09:36 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-13 23:40 - 2013-11-12 10:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-13 23:40 - 2013-11-12 10:07 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-13 23:40 - 2013-10-12 10:32 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-13 23:40 - 2013-10-12 10:31 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-13 23:40 - 2013-10-12 10:04 - 00121856 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshom.ocx
2013-12-13 23:40 - 2013-10-12 10:03 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-13 23:40 - 2013-10-12 09:33 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\wscript.exe
2013-12-13 23:40 - 2013-10-12 09:33 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-13 23:40 - 2013-10-12 09:15 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscript.exe
2013-12-13 23:40 - 2013-10-12 09:15 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-13 23:40 - 2013-10-04 10:16 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2013-12-13 23:40 - 2013-10-04 09:36 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-11-16 14:00 - 2013-10-06 04:25 - 01474048 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-11-16 14:00 - 2013-10-06 03:57 - 01168384 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-11-16 13:39 - 2013-10-04 10:28 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\SmartcardCredentialProvider.dll
2013-11-16 13:39 - 2013-10-04 10:25 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\credui.dll
2013-11-16 13:39 - 2013-10-04 10:24 - 01930752 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-11-16 13:39 - 2013-10-04 09:58 - 00152576 _____ (Microsoft Corporation) C:\windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-16 13:39 - 2013-10-04 09:56 - 01796096 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-11-16 13:39 - 2013-10-04 09:56 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\credui.dll
2013-11-16 13:39 - 2013-09-28 09:09 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-11-16 13:38 - 2013-10-12 10:30 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-11-16 13:38 - 2013-10-12 10:29 - 00859648 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-11-16 13:38 - 2013-10-12 10:29 - 00324096 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-11-16 13:38 - 2013-10-12 10:03 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2013-11-16 13:38 - 2013-10-12 10:01 - 00216576 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2013-11-16 13:38 - 2013-10-03 10:23 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-11-16 13:38 - 2013-10-03 10:00 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-11-16 13:38 - 2013-09-25 10:26 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2013-11-16 13:38 - 2013-09-25 10:26 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2013-11-16 13:38 - 2013-09-25 10:23 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2013-11-16 13:38 - 2013-09-25 10:23 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2013-11-16 13:38 - 2013-09-25 10:23 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2013-11-16 13:38 - 2013-09-25 10:22 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-11-16 13:38 - 2013-09-25 10:21 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2013-11-16 13:38 - 2013-09-25 10:21 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2013-11-16 13:38 - 2013-09-25 09:58 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2013-11-16 13:38 - 2013-09-25 09:57 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-11-16 13:38 - 2013-09-25 09:57 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2013-11-16 13:38 - 2013-09-25 09:56 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2013-11-16 13:38 - 2013-09-25 09:03 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2013-11-16 13:38 - 2013-07-04 20:18 - 00458712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-12-15 02:34 - 2013-12-15 01:28 - 00012627 _____ C:\Users\Wyatt.WyattTeng\Desktop\FRST.txt
2013-12-15 02:33 - 2013-12-15 02:33 - 00000000 ____D C:\ProgramData\QvodPlayer
2013-12-15 02:33 - 2013-12-15 01:28 - 00000000 ____D C:\FRST
2013-12-15 02:33 - 2013-10-20 00:05 - 00000000 ____D C:\Program Files (x86)\QvodPlayer
2013-12-15 02:26 - 2013-05-19 11:52 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-15 01:41 - 2013-10-20 00:06 - 00000954 _____ C:\Users\Wyatt.WyattTeng\AppData\Roaming\coreavc.ini
2013-12-15 01:40 - 2009-07-14 12:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-15 01:40 - 2009-07-14 12:45 - 00020928 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-15 01:36 - 2013-05-19 18:17 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-15 01:34 - 2013-05-19 11:51 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-15 01:33 - 2013-12-15 01:00 - 00000112 _____ C:\windows\setupact.log
2013-12-15 01:33 - 2012-02-01 12:32 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-15 01:33 - 2009-07-14 13:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-15 01:32 - 2013-12-15 01:32 - 00000000 ____D C:\AdwCleaner
2013-12-15 01:32 - 2013-05-24 17:57 - 01491953 _____ C:\windows\WindowsUpdate.log
2013-12-15 01:28 - 2013-12-15 01:28 - 00011036 _____ C:\Users\Wyatt.WyattTeng\Desktop\Addition.txt
2013-12-15 01:28 - 2012-04-18 20:28 - 00000000 ____D C:\Users\Wyatt
2013-12-15 01:27 - 2013-12-15 01:27 - 01927796 _____ (Farbar) C:\Users\Wyatt.WyattTeng\Desktop\FRST64.exe
2013-12-15 01:26 - 2013-12-15 01:26 - 00001518 _____ C:\Users\Wyatt.WyattTeng\Desktop\JRT.txt
2013-12-15 01:19 - 2013-12-15 01:19 - 00000000 ____D C:\windows\ERUNT
2013-12-15 01:18 - 2013-12-15 01:18 - 01034531 _____ (Thisisu) C:\Users\Wyatt.WyattTeng\Desktop\JRT.exe
2013-12-15 01:17 - 2013-12-15 01:17 - 00000324 _____ C:\windows\PFRO.log
2013-12-15 01:17 - 2009-07-14 13:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-12-15 01:14 - 2013-05-19 12:15 - 00000000 ____D C:\Users\Wyatt.WyattTeng\AppData\Roaming\KeePass
2013-12-15 01:13 - 2013-12-15 01:13 - 01226802 _____ C:\Users\Wyatt.WyattTeng\Desktop\AdwCleaner.exe
2013-12-15 01:12 - 2013-12-15 01:12 - 00000075 _____ C:\Users\Wyatt.WyattTeng\Desktop\New Text Document.txt
2013-12-15 01:00 - 2013-12-15 01:00 - 00000000 _____ C:\windows\setuperr.log
2013-12-15 00:12 - 2013-05-19 08:54 - 00000000 ____D C:\Users\Wyatt.WyattTeng\AppData\Local\VirtualStore
2013-12-14 22:36 - 2011-02-23 21:08 - 00000000 ____D C:\windows\Panther
2013-12-14 22:23 - 2009-07-14 13:13 - 00782470 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-14 22:18 - 2009-07-14 12:45 - 05033480 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-14 00:54 - 2013-12-14 00:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-14 00:54 - 2013-05-19 12:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-14 00:42 - 2013-12-14 00:42 - 00062076 _____ C:\Users\Wyatt.WyattTeng\Desktop\Extras.Txt
2013-12-14 00:41 - 2013-12-14 00:41 - 00080360 _____ C:\Users\Wyatt.WyattTeng\Desktop\OTL.Txt
2013-12-14 00:36 - 2013-12-14 00:36 - 00602112 _____ (OldTimer Tools) C:\Users\Wyatt.WyattTeng\Desktop\OTL.exe
2013-12-14 00:25 - 2013-05-19 12:29 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-14 00:25 - 2013-05-19 12:29 - 00000000 ____D C:\Program Files\CCleaner
2013-12-14 00:14 - 2013-05-19 11:56 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-13 23:36 - 2013-05-19 18:17 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-13 23:36 - 2013-05-19 18:17 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-12-13 23:36 - 2012-02-01 12:24 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-13 23:21 - 2013-05-19 11:52 - 00003892 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-13 23:21 - 2013-05-19 11:51 - 00003640 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-30 22:01 - 2009-07-14 11:20 - 00000000 ____D C:\windows\system32\NDF
2013-11-24 02:26 - 2013-12-13 23:41 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-11-24 01:47 - 2013-12-13 23:41 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-11-24 01:10 - 2013-05-19 12:40 - 00000000 ____D C:\Users\Wyatt.WyattTeng\AppData\Local\Adobe
2013-11-24 00:12 - 2013-05-19 12:57 - 00000000 ____D C:\Users\Wyatt.WyattTeng\AppData\Local\Mozilla
2013-11-19 03:33 - 2010-11-21 11:27 - 00267936 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2013-11-16 22:31 - 2009-07-14 11:20 - 00000000 ____D C:\windows\rescache
2013-11-16 21:38 - 2013-05-19 12:13 - 00001107 _____ C:\Users\Wyatt.WyattTeng\Desktop\KeePass 2.lnk
2013-11-16 21:38 - 2013-05-19 12:13 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2013-11-16 20:11 - 2013-07-17 21:06 - 00000000 ____D C:\windows\system32\MRT
2013-11-16 20:10 - 2013-05-19 14:28 - 82896128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Wyatt.WyattTeng\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-24 00:47

==================== End Of Log ============================
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,012 posts
  • MVP
A lot of programs have "sponsor" or "optional" programs that will install by default unless you uncheck them. Perhaps this time you unchecked the right thing or perhaps they had so many complaints that they stopped doing it.

Unless you see other problems I think we are done and can clean up

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.

If we ran Combofix: To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.



OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

Unless you have the latest version of Avast which has its own update checker: To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. Windows always hides its icon so you need to unhide it. Click on the up arrow to the left of the clock. Then click on Customize. Maximize the window so you can see all of the options. Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications. OK. When you reboot you should see the icon. It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser. (Seems to work best if it uses Firefox. If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results. Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it. While there, also check Hide Beta Versions. OK. ) You will see a list of programs that have updates with green down arrows next to them. You do not need to download any Beta Versions. There is an option Settings to Hide Beta Versions. I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases. OK.

You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on. Go to adblockplus.org with each browser and get the add-on.

If Chrome/Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Close Chrome/Firefox. Hit Optimize. You can run it any time that Chrome/Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

CryptoPrevent

http://www.foolishIT.../cryptoprevent/

The free version does not update on its own so you should check for updated versions once in a while.



If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0

#9
WyffGoaL

WyffGoaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Hi RKinner,

Thank you so much for your help! I think my PC has no problem now. I really do appreciate that!

Thanks once again!

Cheers.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP