Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Removing MocaFlix 1.66 [Closed]


  • This topic is locked This topic is locked

#1
ysck

ysck

    New Member

  • Member
  • Pip
  • 2 posts
Hi everybody, when I was browsing the web today, I found that some words are highlighted in the text of some webages. I mouse over it and saw ads. I then check my control panel and the application thing( I use chinese windows therefore I do not know what it is called in english). Then I found I have installed this program. I searched on the internet and knew it is an adware. I immediately uninstall it however, the problem still persists and I do not know how to solve it? Can anyone help me? thank you.


Before asking this question, I have searched how to solve this problem and followed these steps I will also attach my OTL in the end


DeFogger-

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.



-Security Check-

Download Security Check by screen317 from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.



-Download DDS-

Please download DDS from one of the links below and save it to your desktop:

Posted Image
Download DDS and save it to your desktop

Link1
Link2
Link3


Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
DDS.txt
Attach.txt

A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply


information and logs

In your next post I need the following

both reports from DDS
report from security check
let me know of any problems you may have had




these are the things I need to post:

Checkup.txt

Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 25
Java version out of Date!
Adobe Flash Player 11.9.900.170
Adobe Reader XI
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.107
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.25.2
Run by Simon at 22:24:07 on 2014-02-07
Microsoft Windows 7 專業版 6.1.7601.1.950.852.3076.18.16364.11464 [GMT 8:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Baidu\BaiduAn\1.0.0.473\BaiduAnSvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Garena Plus\ggdllhost.exe
D:\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
D:\DAEMON Tools Pro\DTAgent.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\SysWOW64\svchost -k XLServicePlatform
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
D:\LOLReplay\LOLRecorder.exe
C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
D:\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Hamachi\hamachi-2.exe
D:\ATI technologies\ATI.ACE\Core-Static\CCC.exe
D:\Hamachi\LMIGuardianSvc.exe
D:\Hamachi\hamachi-2-ui.exe
C:\Windows\system32\svchost.exe -k HPService
D:\Hamachi\LMIGuardianSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Itunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
D:\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.199\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.69\deploy\LolClient.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Baidu\BaiduAn\1.0.0.473\BaiduAnTray.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\downloads\Defogger.exe
D:\downloads\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\downloads\OTL.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.just-browse.info/
uURLSearchHooks: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: 捃濘FLV弝凊抻摯狟婥盓厥: {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - D:\Xunlei\BHO\XlBrowserAddin1.0.8.71.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\java\bin\ssv.dll
BHO: 捃濘狟婥盓厥: {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Xunlei\BHO\XunleiBHO7.2.10.3694.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\java\bin\jp2ssv.dll
BHO: 肮祭珨瑩假蚾盓厥: {F72C8153-7140-4FEE-8F69-CA4579D71195} - D:\Tongbu\Addin\tbIEAddin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge] <no file>
mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [BaiduAnTray] "C:\Program Files (x86)\Baidu\BaiduAn\1.0.0.473\BaiduAnTray.exe" -stmd=3
StartupFolder: C:\Users\Simon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:181
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &妏蚚&捃濘燭盄狟婥 - D:\Xunlei\BHO\OfflineDownload.htm
IE: &妏蚚&捃濘狟婥 - D:\Xunlei\BHO\geturl.htm
IE: &妏蚚&捃濘狟婥窒蟈諉 - D:\Xunlei\BHO\GetAllUrl.htm
IE: Foxy 下載 - D:\Foxy\Foxy\Foxy.exe/download.htm
IE: Foxy 搜尋 - D:\Foxy\Foxy\Foxy.exe/search.htm
IE: 傳送至 OneNote(&N) - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: 匯出至 Microsoft Excel(&X) - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{581400B6-8718-430E-9E47-8D3CAA1CBC92} : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{E0F4802E-D0D2-4637-B7D6-F50F667D8C45} : DHCPNameServer = 172.20.93.1 172.20.93.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: 捃濘狟婥盓厥: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - D:\Xunlei\BHO\XunleiBHO647.2.10.3694.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-10-19 56208]
R1 bd0001;bd0001;C:\Windows\System32\drivers\bd0001.sys [2014-1-16 93512]
R1 bd0002;bd0002;C:\Windows\System32\drivers\bd0002.sys [2014-1-16 167288]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-10-1 272448]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-8-31 239616]
R2 BDMRTP;BDMRTP Service;C:\Program Files (x86)\Baidu\BaiduAn\1.0.0.473\BaiduAnSvc.exe [2014-1-16 1159256]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;D:\Hamachi\hamachi-2.exe -s --> D:\Hamachi\hamachi-2.exe -s [?]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-11-10 1775344]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-2-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-2-24 389608]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2013-5-23 352144]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 137648]
R3 ImeDictUpdateService;Microsoft IME Dictionary Update;C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 83312]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-1 533096]
R3 XLServicePlatform;XLServicePlatform;C:\Windows\System32\svchost -k XLServicePlatform --> C:\Windows\System32\svchost -k XLServicePlatform [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-23 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows 啟用技術服務;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-3 1255736]
.
=============== Created Last 30 ================
.
2014-01-25 08:10:27 40960 ----a-r- C:\Users\Simon\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2014-01-25 08:10:27 40960 ----a-r- C:\Users\Simon\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2014-01-16 13:26:07 167288 ----a-w- C:\Windows\System32\drivers\bd0002.sys
2014-01-16 13:26:06 93512 ----a-w- C:\Windows\System32\drivers\bd0001.sys
2014-01-16 13:26:06 37088 ----a-w- C:\Windows\System32\bd64_x64.dll
2014-01-16 13:26:06 26336 ----a-w- C:\Windows\System32\bd64_x86.dll
2014-01-16 13:26:06 -------- d-----w- C:\Program Files (x86)\Common Files\Baidu
2014-01-16 13:26:02 -------- d-----w- C:\Program Files (x86)\Baidu
2014-01-16 13:25:40 -------- d-----w- C:\Users\Simon\AppData\Roaming\Baidu
2014-01-16 13:25:40 -------- d-----w- C:\ProgramData\Baidu
2014-01-16 05:44:21 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-16 05:44:21 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-16 05:44:21 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-16 05:44:21 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-16 05:44:21 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-16 05:44:21 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-16 05:44:21 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-16 05:44:21 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-16 05:44:20 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-14 08:54:55 -------- d-----w- C:\Users\Simon\.android
2014-01-14 08:54:54 -------- d-----w- C:\Users\Simon\AppData\Local\cache
2014-01-14 08:54:53 -------- d-----w- C:\Users\Simon\AppData\Roaming\newnext.me
2014-01-14 08:54:53 -------- d-----w- C:\Users\Simon\AppData\Local\Mobogenie
2014-01-14 08:54:53 -------- d-----w- C:\Users\Simon\AppData\Local\genienext
2014-01-14 08:54:18 -------- d-----w- C:\Program Files (x86)\Mobogenie
.
==================== Find3M ====================
.
2014-02-06 12:30:18 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-06 12:30:18 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-07 11:00:59 770912 ----a-w- C:\Windows\SysWow64\Msfdbqp.dll
2013-12-07 11:00:59 511328 ----a-w- C:\Windows\SysWow64\Synchronization2.dll
2013-12-07 11:00:59 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2013-12-07 11:00:59 397152 ----a-w- C:\Windows\SysWow64\Msfdbse.dll
2013-12-07 11:00:59 253280 ----a-w- C:\Windows\SysWow64\MetaStore2.dll
2013-12-07 11:00:59 230240 ----a-w- C:\Windows\SysWow64\Msfdb.dll
2013-12-07 11:00:59 189792 ----a-w- C:\Windows\SysWow64\SimpleProviders2.dll
2013-12-07 11:00:59 171360 ----a-w- C:\Windows\SysWow64\FileSyncProvider2.dll
2013-12-07 11:00:59 156512 ----a-w- C:\Windows\SysWow64\FeedSync2.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-01 11:39:31 4096000 ----a-w- C:\Program Files (x86)\GUT5E08.tmp
.
============= FINISH: 22:24:13.75 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 專業版
Boot Device: \Device\HarddiskVolume1
Install Date: 1/10/2012 18:23:24
System Uptime: 7/2/2014 18:28:31 (4 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8Z68-V LE
Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 40.615 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 94.721 GiB free.
E: is CDROM ()
F: is CDROM ()
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP206: 25/1/2014 16:10:21 - Installed Project64 1.6
RP207: 26/1/2014 19:21:35 - Windows 備份
RP208: 2/2/2014 19:00:01 - Windows 備份
RP209: 7/2/2014 22:03:33 - Installed Should I Remove It
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Creative Suite 6 Master Collection
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Help Manager
Adobe Media Player
Adobe Reader XI (11.0.06) - Chinese Traditional
Adobe Widget Browser
AdobeR Content Viewer
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD AVIVO64 Codecs
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Any Video Converter 3.5.6
Apple Mobile Device Support
Apple Software Update
Apple 應用程式支援
Asmedia ASM104x USB 3.0 Host Controller Driver
Audacity 2.0.2
Battle.net
Battlelog Web Plugins
beanfun!
BitTorrent
bl
Bonjour
BufferChm
C4500
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cheat Engine 6.3
Copy
CopyTrans Suite desinstallation uniquement
DAEMON Tools Pro
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DiskAid 6.5.0.0
Dota 2
Dropbox
FormatFactory 3.1.2
Foxy v1.9.10
Funshion
Garena 英雄聯盟(台灣)
Garena 競時通
Google Chrome
Google Update Helper
GPBaseService2
Hearthstone
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HydraVision
iCloud
iExplorer 3.2.2.5
iFunbox (v2.7.2386.747), iFunbox DevTeam
Intel® Management Engine Components
iTunes
Java 7 Update 25
Java Auto Updater
Kies mini
LAME v3.99.3 (for Windows)
League of Legends
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerBackup
LG ODD Auto Firmware Update
LG Power Tools
LiveUpdate 3.3 (Symantec Corporation)
LogMeIn Hamachi
LOLReplay
Magic Bullet Colorista Free version 1.0.2
MarketResearch
Microsoft .NET Framework 4.5
Microsoft Office Excel MUI (Chinese (Traditional)) 2010
Microsoft Office IME (Chinese (Traditional)) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Chinese (Traditional)) 2010
Microsoft Office Outlook MUI (Chinese (Traditional)) 2010
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2010
Microsoft Office Proof (Chinese (Traditional)) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proofing (Chinese (Traditional)) 2010
Microsoft Office Publisher MUI (Chinese (Traditional)) 2010
Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2010
Microsoft Office Shared MUI (Chinese (Traditional)) 2010
Microsoft Office Standard 2010
Microsoft Office Word MUI (Chinese (Traditional)) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
Open Broadcaster Software
Optical Disc Doctor
Origin
Overture 4.0 繁體中文版
Pando Media Booster
PDF Settings CS6
ph
PP翑忒 PC唳 1.1.0.6
Project64 1.6
PS_AIO_04_C4500_Software_Min
PunkBuster Services
PxMergeModule
Quake Live Mozilla Plugin
QuickTime
RC語音
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687413) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shop for HP Supplies
Should I Remove It
Skype Click to Call
Skype™ 6.11
SmartWebPrinting
SolutionCenter
Spotify
Status
Steam
Symantec Endpoint Protection Small Business Edition
Synthesia
Team Fortress 2
Toolbox
TrayApp
Unity
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VLC media player 2.0.8
WebReg
WinRAR 4.20 (64 位元)
Wondershare Dr.Fone for iOS(Build 3.1.0.111)
同步助手 2.1.1.0
捃濘7
龍之谷
爐石戰記
.
==== End Of File ===========================










OTL.txt

OTL logfile created on: 7/2/2014 22:15:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000c04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

15.98 Gb Total Physical Memory | 11.83 Gb Available Physical Memory | 74.02% Memory free
31.96 Gb Paging File | 27.56 Gb Available in Paging File | 86.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 40.61 Gb Free Space | 34.09% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 94.72 Gb Free Space | 10.17% Space Free | Partition Type: NTFS

Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/07 22:15:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\downloads\OTL.exe
PRC - [2014/02/07 22:08:47 | 000,987,425 | ---- | M] () -- D:\downloads\SecurityCheck.exe
PRC - [2014/02/07 22:06:48 | 000,050,477 | ---- | M] () -- D:\downloads\Defogger.exe
PRC - [2014/02/05 16:44:09 | 005,312,352 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.199\deploy\LoLLauncher.exe
PRC - [2014/02/04 14:56:52 | 003,813,712 | ---- | M] (LogMeIn Inc.) -- D:\Hamachi\hamachi-2-ui.exe
PRC - [2014/02/02 07:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/28 03:02:50 | 001,815,976 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2014/01/28 03:02:50 | 000,571,816 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2014/01/03 08:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/21 14:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/13 11:24:09 | 009,890,608 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
PRC - [2013/11/07 16:10:32 | 000,526,848 | ---- | M] (LOL Replay) -- D:\LOLReplay\LOLRecorder.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/10/08 19:36:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/10/06 13:34:31 | 001,140,736 | ---- | M] (Spotify Ltd) -- C:\Users\Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/09/17 13:13:00 | 001,159,256 | ---- | M] (百度在线网络技术(北京)有限公司) -- C:\Program Files (x86)\Baidu\BaiduAn\1.0.0.473\BaiduAnSvc.exe
PRC - [2013/09/17 13:12:52 | 001,286,232 | ---- | M] (百度在线网络技术(北京)有限公司) -- C:\Program Files (x86)\Baidu\BaiduAn\1.0.0.473\BaiduAnTray.exe
PRC - [2013/07/11 13:22:49 | 000,074,752 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.69\deploy\LolClient.exe
PRC - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
PRC - [2013/07/04 13:10:06 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/06/03 05:33:34 | 000,815,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/03/12 07:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/10/01 19:38:36 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
PRC - [2012/05/29 11:45:18 | 001,300,376 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2011/07/28 17:12:10 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2011/03/17 16:15:46 | 000,382,272 | ---- | M] (DT Soft Ltd) -- D:\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011/03/17 16:15:04 | 000,842,048 | ---- | M] (DT Soft Ltd) -- D:\DAEMON Tools Pro\DTAgent.exe
PRC - [2010/11/21 11:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009/12/15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/11/10 17:44:00 | 001,775,344 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/11/10 17:43:00 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2009/11/10 17:41:00 | 000,181,616 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SavUI.exe
PRC - [2009/07/08 20:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/07 22:08:47 | 000,987,425 | ---- | M] () -- D:\downloads\SecurityCheck.exe
MOD - [2014/02/07 22:06:48 | 000,050,477 | ---- | M] () -- D:\downloads\Defogger.exe
MOD - [2014/02/06 20:30:18 | 016,287,624 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
MOD - [2014/02/05 16:44:11 | 000,192,864 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.199\deploy\RiotLauncher.dll
MOD - [2014/02/05 16:44:09 | 005,312,352 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.199\deploy\LoLLauncher.exe
MOD - [2014/02/02 07:42:37 | 013,616,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
MOD - [2014/02/02 07:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/02 07:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/02 07:41:45 | 000,715,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
MOD - [2014/02/02 07:41:45 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
MOD - [2014/02/02 07:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2014/01/28 03:02:52 | 001,138,088 | ---- | M] () -- D:\Steam\bin\chromehtml.dll
MOD - [2014/01/11 07:33:44 | 020,625,832 | ---- | M] () -- D:\Steam\bin\libcef.dll
MOD - [2014/01/11 07:33:42 | 000,717,312 | ---- | M] () -- D:\Steam\SDL2.dll
MOD - [2014/01/07 15:30:07 | 000,027,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\VersionModule.dll
MOD - [2014/01/03 08:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/12/13 11:24:37 | 000,896,304 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
MOD - [2013/12/13 11:24:09 | 009,890,608 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
MOD - [2013/12/13 06:19:40 | 000,142,848 | ---- | M] () -- D:\Steam\libavresample-1.dll
MOD - [2013/11/07 17:08:24 | 000,160,768 | ---- | M] () -- D:\LOLReplay\Air.dll
MOD - [2013/11/07 16:10:06 | 000,052,224 | ---- | M] () -- D:\LOLReplay\Launcher.dll
MOD - [2013/11/07 16:10:02 | 000,377,856 | ---- | M] () -- D:\LOLReplay\LOLUtils.dll
MOD - [2013/11/05 09:12:06 | 000,890,592 | ---- | M] () -- D:\Steam\libavutil-52.dll
MOD - [2013/10/19 07:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/10/10 23:54:55 | 002,404,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\0c205cda61dd1fe3cc2fcb4640b4dae1\System.Web.Extensions.ni.dll
MOD - [2013/10/10 23:54:55 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\c94852f43f7ac59fcbe4c54b119788d2\System.ServiceModel.Web.ni.dll
MOD - [2013/10/10 23:54:17 | 017,477,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\4774201dc923674852e089053f76e76e\System.ServiceModel.ni.dll
MOD - [2013/10/10 23:54:06 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
MOD - [2013/10/10 21:25:44 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/10 21:25:36 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 21:25:31 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/10 21:25:31 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/10/10 21:25:24 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/09/20 19:12:15 | 000,956,208 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
MOD - [2013/09/14 00:16:13 | 000,141,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\a37197b19bb827effa925d2f09eb7411\System.Web.Abstractions.ni.dll
MOD - [2013/09/14 00:09:09 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/07 00:12:30 | 000,040,448 | ---- | M] () -- D:\LOLReplay\Compression.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/23 17:10:18 | 000,553,776 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dll
MOD - [2013/08/15 17:08:20 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/15 17:08:03 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e043ad64456256a8ee5b934e227d9782\System.Runtime.Serialization.ni.dll
MOD - [2013/08/15 17:08:02 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1327ad2637aab17189c5461fbf30dc19\SMDiagnostics.ni.dll
MOD - [2013/08/15 14:18:33 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 14:18:24 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 14:18:21 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/26 14:18:31 | 000,957,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XLL.dll
MOD - [2013/07/15 22:29:36 | 001,545,520 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
MOD - [2013/07/11 13:22:49 | 000,074,752 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.69\deploy\LolClient.exe
MOD - [2013/07/11 13:15:01 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 13:14:16 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
MOD - [2013/06/15 07:49:12 | 001,100,800 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll
MOD - [2013/06/15 07:49:12 | 000,192,000 | ---- | M] () -- D:\Steam\bin\avformat-53.dll
MOD - [2013/06/15 07:49:12 | 000,124,416 | ---- | M] () -- D:\Steam\bin\avutil-51.dll
MOD - [2013/04/10 17:23:12 | 000,170,800 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
MOD - [2013/04/10 17:23:12 | 000,068,400 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
MOD - [2013/04/10 17:23:10 | 000,516,912 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
MOD - [2013/04/10 17:23:10 | 000,245,040 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
MOD - [2013/04/10 17:23:08 | 000,065,840 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
MOD - [2013/04/10 17:23:08 | 000,016,688 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
MOD - [2013/04/10 17:23:06 | 000,106,288 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
MOD - [2013/04/10 17:23:06 | 000,055,088 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
MOD - [2013/04/10 17:23:04 | 000,219,952 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
MOD - [2013/04/10 17:23:04 | 000,184,624 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
MOD - [2013/04/10 17:23:02 | 000,374,064 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lib\Http.dll
MOD - [2013/04/10 17:23:02 | 000,224,560 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
MOD - [2013/04/10 17:22:56 | 000,087,344 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginKernel.dll
MOD - [2013/04/10 17:22:56 | 000,026,416 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
MOD - [2013/04/10 17:22:56 | 000,025,392 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\PluginModule.dll
MOD - [2013/04/10 17:22:54 | 000,155,440 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libmpg123.dll
MOD - [2013/04/10 17:22:52 | 000,192,816 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ImageModule.dll
MOD - [2013/04/10 17:22:50 | 002,941,232 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdownloader.dll
MOD - [2013/04/10 17:22:46 | 000,487,216 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CxImage.dll
MOD - [2013/04/10 17:22:46 | 000,051,504 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\FileLoader.dll
MOD - [2013/04/10 17:22:46 | 000,033,584 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\DibModule.dll
MOD - [2013/04/10 17:22:44 | 000,104,752 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\CommonLib.dll
MOD - [2013/02/01 13:42:28 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\libzmq.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/29 11:45:18 | 001,300,376 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2012/02/22 16:52:18 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\lame_enc.dll
MOD - [2012/02/22 16:52:16 | 000,573,100 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\sqlite3.dll
MOD - [2011/07/28 17:11:36 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\hydrazhs.dll
MOD - [2010/11/23 01:53:33 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_zh-CHT_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2010/11/23 01:53:17 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_zh-CHT_b77a5c561934e089\System.resources.dll
MOD - [2010/11/13 10:52:29 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\System.Drawing.resources.dll
MOD - [2010/11/13 10:52:24 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_zh-CHT_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/12/15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 17:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/08/31 06:57:54 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/06 20:30:22 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/04 14:56:50 | 002,222,416 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014/01/28 03:02:50 | 000,571,816 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/21 14:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/10/08 19:36:46 | 000,076,888 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/09/17 13:13:00 | 001,159,256 | ---- | M] (百度在线网络技术(北京)有限公司) [Auto | Running] -- C:\Program Files (x86)\Baidu\BaiduAn\1.0.0.473\BaiduAnSvc.exe -- (BDMRTP)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/09/13 11:14:58 | 000,088,080 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll -- (XLServicePlatform)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/10 17:44:00 | 001,775,344 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/11/09 19:03:00 | 003,144,696 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/10/25 14:05:00 | 000,414,536 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/08/19 15:28:56 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/28 01:12:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/10/28 01:12:10 | 000,107,288 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/09/17 13:13:02 | 000,167,288 | ---- | M] (Baidu) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bd0002.sys -- (bd0002)
DRV:64bit: - [2013/09/17 13:13:02 | 000,093,512 | ---- | M] (Baidu) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bd0001.sys -- (bd0001)
DRV:64bit: - [2013/08/31 08:11:28 | 012,528,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/08/31 06:32:32 | 000,618,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/07/05 16:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/18 00:01:24 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/10/01 20:06:31 | 000,272,448 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/09/27 23:55:40 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpsHelper.sys -- (WpsHelper)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/09 16:27:34 | 000,352,144 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2012/03/26 14:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/05/16 22:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/02/24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/11/09 19:03:00 | 000,052,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2009/08/25 20:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/08/25 20:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2009/08/25 20:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/27 13:31:00 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013/11/21 17:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/21 17:00:00 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/23 05:00:04 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20140205.033\ex64.sys -- (NAVEX15)
DRV - [2013/08/23 05:00:02 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20140205.033\eng64.sys -- (NAVENG)
DRV - [2009/08/25 20:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/08/25 20:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/08/25 20:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3225826
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.jus...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.just-browse.info/
IE - HKCU\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3225826
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.jus...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://websearch.jus...e.info/?l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: D:\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: D:\java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.tw/RCplugin: C:\Users\Simon\AppData\Roaming\RCTW\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tongbu.com/tongbu,version=0.1: D:\Tongbu\Addin\npTongbuAddin.dll (同步网络平台)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: D:\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: D:\Xunlei\data\npxunlei1.0.0.2.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: D:\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Simon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: D:\Xunlei\data\npxunlei1.0.0.2.dll ( )
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/19 07:16:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/04 13:10:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/04 13:10:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/19 07:16:44 | 000,000,000 | ---D | M]

[2012/12/04 22:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Extensions
[2012/10/01 19:54:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\extensions
[2012/10/01 19:54:00 | 000,000,000 | ---D | M] (BitTorrentControl_v12) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
[2013/11/07 21:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\vnnqm1d1.default\extensions
[2013/04/28 14:33:23 | 000,000,000 | ---D | M] (Browse2save) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\vnnqm1d1.default\extensions\[email protected]
[2013/11/07 21:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\vnnqm1d1.default\extensions\staged
[2013/11/07 21:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profilesvnnqm1d1.default\extensions
[2013/11/07 21:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profilesvnnqm1d1.default\extensions\staged
[2013/04/28 14:33:24 | 000,007,764 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\mozilla\firefox\profiles\vnnqm1d1.default\searchplugins\WebSearch.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://websearch.just-browse.info/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Ask Toolbar = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajepeddfdaihpmdgnickofffkdlpb\25.60709_2\
CHR - Extension: Browse2save = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ackmggkkhlkeeiljgjaiiciiaebleefg\3.8_0\
CHR - Extension: RealDownloader = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Skype Click to Call = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google \u96FB\u5B50\u9322\u5305 = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: WebSite Recommendation = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj\2.3_0\
CHR - Extension: LoL guides = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcpejbpddihleognngdlmbnpgoaolgl\2.2.5.89_0\

O1 HOSTS File: ([2012/10/19 21:51:03 | 000,001,728 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 4 more lines...
O2:64bit: - BHO: (捃濘狟婥盓厥) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - D:\Xunlei\BHO\XunleiBHO647.2.10.3694.dll (深圳市迅雷网络技术有限公司)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (捃濘FLV弝凊抻摯狟婥盓厥) - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - D:\Xunlei\BHO\XlBrowserAddin1.0.8.71.dll (ShenZhen Xunlei Networking Technologies,LTD)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (捃濘狟婥盓厥) - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Xunlei\BHO\XunleiBHO7.2.10.3694.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\java\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (肮祭珨瑩假蚾盓厥) - {F72C8153-7140-4FEE-8F69-CA4579D71195} - D:\Tongbu\Addin\tbIEAddin.dll (同步网络平台)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BaiduAnTray] C:\Program Files (x86)\Baidu\BaiduAn\1.0.0.473\BaiduAnTray.exe (百度在线网络技术(北京)有限公司)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [ApplePhotoStreams] D:\ApplePhotoStreams.exe File not found
O4 - HKCU..\Run: [iCloudServices] D:\iCloudServices.exe File not found
O4 - HKCU..\Run: [NextLive] C:\Users\Simon\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: &妏蚚&捃濘狟婥 - D:\Xunlei\BHO\geturl.htm ()
O8:64bit: - Extra context menu item: &妏蚚&捃濘狟婥窒蟈諉 - D:\Xunlei\BHO\getAllurl.htm ()
O8:64bit: - Extra context menu item: &妏蚚&捃濘燭盄狟婥 - D:\Xunlei\BHO\OfflineDownload.htm ()
O8:64bit: - Extra context menu item: Foxy 下載 - D:\Foxy\Foxy\Foxy.exe (Foxy, Inc.)
O8:64bit: - Extra context menu item: Foxy 搜尋 - D:\Foxy\Foxy\Foxy.exe (Foxy, Inc.)
O8 - Extra context menu item: &妏蚚&捃濘狟婥 - D:\Xunlei\BHO\geturl.htm ()
O8 - Extra context menu item: &妏蚚&捃濘狟婥窒蟈諉 - D:\Xunlei\BHO\getAllurl.htm ()
O8 - Extra context menu item: &妏蚚&捃濘燭盄狟婥 - D:\Xunlei\BHO\OfflineDownload.htm ()
O8 - Extra context menu item: Foxy 下載 - D:\Foxy\Foxy\Foxy.exe (Foxy, Inc.)
O8 - Extra context menu item: Foxy 搜尋 - D:\Foxy\Foxy\Foxy.exe (Foxy, Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{581400B6-8718-430E-9E47-8D3CAA1CBC92}: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0F4802E-D0D2-4637-B7D6-F50F667D8C45}: DhcpNameServer = 172.20.93.1 172.20.93.2
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fac7a41a-5dfe-11e2-b88b-5404a66fbb96}\Shell - "" = AutoRun
O33 - MountPoints2\{fac7a41a-5dfe-11e2-b88b-5404a66fbb96}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/06 14:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014/01/25 16:10:27 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
[2014/01/16 21:26:07 | 000,167,288 | ---- | C] (Baidu) -- C:\Windows\SysNative\drivers\bd0002.sys
[2014/01/16 21:26:06 | 000,093,512 | ---- | C] (Baidu) -- C:\Windows\SysNative\drivers\bd0001.sys
[2014/01/16 21:26:06 | 000,037,088 | ---- | C] (Baidu) -- C:\Windows\SysNative\bd64_x64.dll
[2014/01/16 21:26:06 | 000,026,336 | ---- | C] (Baidu) -- C:\Windows\SysNative\bd64_x86.dll
[2014/01/16 21:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Baidu
[2014/01/16 21:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu
[2014/01/16 21:25:40 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Baidu
[2014/01/16 21:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu
[2014/01/14 16:54:55 | 000,000,000 | ---D | C] -- C:\Users\Simon\.android
[2014/01/14 16:54:54 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\cache
[2014/01/14 16:54:53 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\newnext.me
[2014/01/14 16:54:53 | 000,000,000 | ---D | C] -- C:\Users\Simon\Documents\Mobogenie
[2014/01/14 16:54:53 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Mobogenie
[2014/01/14 16:54:53 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\genienext
[2014/01/14 16:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[5 C:\Users\Simon\Desktop\*.tmp files -> C:\Users\Simon\Desktop\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/07 22:14:00 | 000,000,526 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/07 22:12:00 | 000,000,540 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/07 22:12:00 | 000,000,536 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/07 22:07:40 | 000,000,000 | ---- | M] () -- C:\Users\Simon\defogger_reenable
[2014/02/07 18:59:01 | 000,000,426 | ---- | M] () -- C:\Windows\wininit.ini
[2014/02/07 18:37:16 | 000,000,199 | ---- | M] () -- C:\Users\Simon\Desktop\Dota 2.url
[2014/02/07 18:35:58 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/07 18:35:58 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/07 18:34:42 | 001,289,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/07 18:34:42 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/07 18:34:42 | 000,392,940 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2014/02/07 18:34:42 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/07 18:34:42 | 000,115,072 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2014/02/07 18:30:02 | 000,000,342 | ---- | M] () -- C:\Windows\lgfwup.ini
[2014/02/07 18:28:46 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/02/07 18:28:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/07 18:28:35 | 4279,328,766 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/28 20:06:51 | 000,056,942 | ---- | M] () -- C:\Users\Simon\Desktop\GCE M2.png
[2014/01/28 20:05:14 | 000,060,258 | ---- | M] () -- C:\Users\Simon\Desktop\GCE D2.png
[2014/01/28 20:03:29 | 000,058,213 | ---- | M] () -- C:\Users\Simon\Desktop\GCE FP1.png
[2014/01/19 16:03:53 | 000,001,049 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/17 03:19:33 | 005,130,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[5 C:\Users\Simon\Desktop\*.tmp files -> C:\Users\Simon\Desktop\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/07 22:07:40 | 000,000,000 | ---- | C] () -- C:\Users\Simon\defogger_reenable
[2014/02/07 18:37:16 | 000,000,199 | ---- | C] () -- C:\Users\Simon\Desktop\Dota 2.url
[2014/01/28 20:06:51 | 000,056,942 | ---- | C] () -- C:\Users\Simon\Desktop\GCE M2.png
[2014/01/28 20:05:14 | 000,060,258 | ---- | C] () -- C:\Users\Simon\Desktop\GCE D2.png
[2014/01/28 20:03:29 | 000,058,213 | ---- | C] () -- C:\Users\Simon\Desktop\GCE FP1.png
[2014/01/19 01:24:17 | 000,000,426 | ---- | C] () -- C:\Windows\wininit.ini
[2013/10/08 19:36:54 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/10/08 19:36:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/08/31 07:47:50 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/08/31 07:47:50 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/08/31 07:04:52 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/08/31 07:04:52 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/08/30 19:53:48 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/07/04 17:29:31 | 145,388,814 | ---- | C] () -- C:\Users\Simon\AppData\Local\ACCCx183.zip.aamdownload
[2013/07/04 17:29:31 | 000,001,726 | ---- | C] () -- C:\Users\Simon\AppData\Local\ACCCx183.zip.aamdownload.aamd
[2013/05/23 22:11:33 | 001,268,436 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/18 22:50:18 | 000,007,597 | ---- | C] () -- C:\Users\Simon\AppData\Local\Resmon.ResmonCfg
[2012/10/22 22:32:50 | 000,000,132 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/10/19 07:15:23 | 000,211,698 | ---- | C] () -- C:\Windows\hpoins30.dat
[2012/10/19 07:15:23 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2012/10/19 07:11:26 | 000,211,633 | ---- | C] () -- C:\Windows\hpoins30.dat.temp
[2012/10/19 07:11:26 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat.temp
[2012/10/01 22:36:56 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat
[2012/10/01 19:48:21 | 000,000,911 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\coreavc.ini
[2012/10/01 19:44:55 | 000,004,030 | ---- | C] () -- C:\Users\Simon\FunShion.ini
[2012/10/01 19:37:56 | 000,000,342 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012/10/01 18:34:02 | 000,042,048 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/10/01 18:32:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/10/01 18:32:25 | 000,026,871 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/10/01 18:31:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/01 10:18:40 | 000,001,080 | ---- | C] () -- C:\Windows\SysWow64\funshion.ini

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/05 21:47:35 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\AnvSoft
[2013/07/26 01:43:29 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Audacity
[2014/01/16 21:26:01 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Baidu
[2013/12/19 21:03:09 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Battle.net
[2014/02/05 22:54:52 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\BitTorrent
[2013/01/13 22:32:29 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/11/22 21:56:25 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\DAEMON Tools Pro
[2014/01/04 15:40:03 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\DiskAid
[2014/02/07 18:29:03 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Dropbox
[2012/12/29 21:15:11 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Foxy
[2013/07/02 21:46:21 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Garena
[2014/02/07 18:31:55 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\GarenaPlus
[2012/11/12 23:31:05 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Geniesoft
[2013/11/03 22:56:35 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\HiveProcExplorer
[2014/01/03 23:25:56 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\iFunbox_UserCache
[2013/11/16 22:22:42 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\ihelper
[2013/04/03 11:06:06 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\ItsTimer
[2012/10/04 22:56:26 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\LolClient
[2014/02/07 18:28:59 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\newnext.me
[2013/07/04 17:52:50 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\OBS
[2013/10/08 20:51:35 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Origin
[2012/10/19 23:29:25 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\PACE Anti-Piracy
[2012/11/01 00:26:00 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\PDAppFlex
[2012/10/01 20:51:20 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\RCTW
[2012/12/24 19:03:56 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\SendSpace
[2013/11/07 21:08:25 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\SimilarSites
[2013/07/04 16:41:05 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\SplitMediaLabs
[2013/10/08 19:28:35 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Spotify
[2012/10/22 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/01/08 17:56:09 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Synthesia
[2013/03/28 22:38:43 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Unity
[2013/12/01 01:01:31 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\WindSolutions

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2014/01/16 21:26:12 | 000,001,257 | ---- | M] ()(C:\Users\Public\Desktop\百度?士.lnk) -- C:\Users\Public\Desktop\百度卫士.lnk
[2014/01/16 21:26:12 | 000,001,257 | ---- | C] ()(C:\Users\Public\Desktop\百度?士.lnk) -- C:\Users\Public\Desktop\百度卫士.lnk
[2014/01/16 21:26:12 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度?士) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度卫士
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷?件) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件

< End of report >

Edited by ysck, 07 February 2014 - 08:30 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, you are currently running two AV programmes. One will need to go

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3225826
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.jus...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.just-browse.info/
IE - HKCU\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No CLSID value found
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3225826
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.jus...q={searchTerms}
FF - prefs.js..browser.search.defaulturl: "http://websearch.just-browse.info/?l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
[2013/04/28 14:33:23 | 000,000,000 | ---D | M] (Browse2save) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\vnnqm1d1.default\extensions\[email protected]
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKCU..\Run: [NextLive] C:\Users\Simon\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
[2014/01/14 16:54:53 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\newnext.me
[2014/01/14 16:54:53 | 000,000,000 | ---D | C] -- C:\Users\Simon\Documents\Mobogenie
[2014/01/14 16:54:53 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Mobogenie
[2014/01/14 16:54:53 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\genienext
[2014/01/14 16:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MobogenieC:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ackmggkkhlkeeiljgjaiiciiaebleefg
[2014/01/03 23:25:56 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\iFunbox_UserCache
[2013/11/16 22:22:42 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\ihelper

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#3
ysck

ysck

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Adwcleaner.exe

# AdwCleaner v3.018 - Report created 08/02/2014 at 23:56:47
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Simon - SIMON-PC
# Running from : D:\downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
[!] Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\Browse2Save
[!] Folder Deleted : C:\Program Files (x86)\baidu
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SimilarSites
Folder Deleted : C:\Program Files (x86)\Common Files\baidu
Folder Deleted : C:\Users\Simon\AppData\Local\Conduit
Folder Deleted : C:\Users\Simon\AppData\LocalLow\Browse2Save
Folder Deleted : C:\Users\Simon\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Simon\AppData\Roaming\baidu
Folder Deleted : C:\Users\Simon\AppData\Roaming\SendSpace
Folder Deleted : C:\Users\Simon\AppData\Roaming\SimilarSites
Folder Deleted : C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj
Folder Deleted : C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ackmggkkhlkeeiljgjaiiciiaebleefg
File Deleted : C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\vnnqm1d1.default\searchplugins\WebSearch.xml
File Deleted : C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\vnnqm1d1.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ackmggkkhlkeeiljgjaiiciiaebleefg
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v

[ File : C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\vnnqm1d1.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("extensions.50d83ade22b74.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};new function(){var a=this;a.domain_storage=\"hxxp://xls.searchfun.in\";a.p[...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [6313 octets] - [08/02/2014 23:56:14]
AdwCleaner[S0].txt - [6155 octets] - [08/02/2014 23:56:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6215 octets] ##########


OTL

OTL logfile created on: 9/2/2014 0:00:34 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000c04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy

15.98 Gb Total Physical Memory | 13.88 Gb Available Physical Memory | 86.84% Memory free
31.96 Gb Paging File | 29.69 Gb Available in Paging File | 92.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 40.79 Gb Free Space | 34.24% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 116.81 Gb Free Space | 12.54% Space Free | Partition Type: NTFS

Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/07 22:15:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\downloads\OTL.exe
PRC - [2014/02/04 14:56:52 | 003,813,712 | ---- | M] (LogMeIn Inc.) -- D:\Hamachi\hamachi-2-ui.exe
PRC - [2014/02/02 07:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/03 08:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/10/06 13:34:31 | 001,140,736 | ---- | M] (Spotify Ltd) -- C:\Users\Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/09/17 13:13:00 | 001,159,256 | ---- | M] (百度在线网络技术(北京)有限公司) -- C:\Program Files (x86)\Baidu\BaiduAn\1.0.0.473\BaiduAnSvc.exe
PRC - [2013/09/17 13:12:52 | 001,286,232 | ---- | M] (百度在线网络技术(北京)有限公司) -- C:\Program Files (x86)\Baidu\BaiduAn\1.0.0.473\BaiduAnTray.exe
PRC - [2013/09/17 13:12:52 | 001,187,928 | ---- | M] (百度在线网络技术(北京)有限公司) -- C:\Program Files (x86)\Baidu\BaiduAn\1.0.0.473\BaiduAnUpdate.exe
PRC - [2013/09/17 13:12:52 | 000,438,360 | ---- | M] (百度在线网络技术(北京)有限公司) -- C:\Program Files (x86)\Baidu\BaiduAn\1.0.0.473\BaiduAn.exe
PRC - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe
PRC - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/10/01 19:38:36 | 000,871,536 | ---- | M] (BitLeader) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
PRC - [2011/03/17 16:15:46 | 000,382,272 | ---- | M] (DT Soft Ltd) -- D:\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2009/11/10 17:44:00 | 001,775,344 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/11/10 17:43:00 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2009/07/08 20:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/02 07:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/02 07:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/02 07:41:45 | 000,715,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
MOD - [2014/02/02 07:41:45 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
MOD - [2014/02/02 07:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2014/01/03 08:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/19 07:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/09/17 13:12:56 | 001,105,784 | ---- | M] () -- C:\Program Files (x86)\Baidu\BaiduAn\1.0.0.473\plugins\BDMPatcherPlugins\BDMPatcher.dll
MOD - [2013/09/17 13:12:54 | 001,044,344 | ---- | M] () -- C:\Program Files (x86)\Baidu\BaiduAn\1.0.0.473\plugins\BDMSOManagerPlugins\BDMSOAcceleratorPlugin.dll
MOD - [2013/08/23 17:10:18 | 000,553,776 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggspawn.dll
MOD - [2013/07/10 19:54:32 | 000,049,456 | ---- | M] () -- C:\Program Files (x86)\Garena Plus\ggdllhost.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 17:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/08/31 06:57:54 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/02/06 20:30:22 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/04 14:56:50 | 002,222,416 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014/01/28 03:02:50 | 000,571,816 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/21 14:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/10/08 19:36:46 | 000,076,888 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/09/17 13:13:00 | 001,159,256 | ---- | M] (百度在线网络技术(北京)有限公司) [Auto | Running] -- C:\Program Files (x86)\Baidu\BaiduAn\1.0.0.473\BaiduAnSvc.exe -- (BDMRTP)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/09/13 11:14:58 | 000,088,080 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll -- (XLServicePlatform)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/10 17:44:00 | 001,775,344 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/11/09 19:03:00 | 003,144,696 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/10/25 14:05:00 | 000,414,536 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/08/19 15:28:56 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/28 01:12:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/10/28 01:12:10 | 000,107,288 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/09/17 13:13:02 | 000,167,288 | ---- | M] (Baidu) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bd0002.sys -- (bd0002)
DRV:64bit: - [2013/09/17 13:13:02 | 000,093,512 | ---- | M] (Baidu) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bd0001.sys -- (bd0001)
DRV:64bit: - [2013/08/31 08:11:28 | 012,528,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/08/31 06:32:32 | 000,618,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/07/05 16:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/18 00:01:24 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/10/04 16:21:04 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpsHelper.sys -- (WpsHelper)
DRV:64bit: - [2012/10/01 20:06:31 | 000,272,448 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/09 16:27:34 | 000,352,144 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2012/03/26 14:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/05/16 22:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/02/24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/11/09 19:03:00 | 000,052,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2009/08/25 20:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/08/25 20:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2009/08/25 20:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/27 13:31:00 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013/11/21 17:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/21 17:00:00 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/08/23 05:00:04 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20140207.020\ex64.sys -- (NAVEX15)
DRV - [2013/08/23 05:00:02 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20140207.020\eng64.sys -- (NAVENG)
DRV - [2009/08/25 20:05:48 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/08/25 20:05:46 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/08/25 20:05:44 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,: ""
FF - prefs.js..browser.search.selectedEngine,: ""
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: D:\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: D:\java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.tw/RCplugin: C:\Users\Simon\AppData\Roaming\RCTW\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tongbu.com/tongbu,version=0.1: D:\Tongbu\Addin\npTongbuAddin.dll (同步网络平台)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: D:\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: D:\Xunlei\data\npxunlei1.0.0.2.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: D:\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Simon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: D:\Xunlei\data\npxunlei1.0.0.2.dll ( )
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/19 07:16:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/04 13:10:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/04 13:10:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/19 07:16:44 | 000,000,000 | ---D | M]

[2012/12/04 22:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Extensions
[2012/10/01 19:54:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\extensions
[2012/10/01 19:54:00 | 000,000,000 | ---D | M] (BitTorrentControl_v12) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
[2014/02/08 23:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\vnnqm1d1.default\extensions
[2013/11/07 21:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\vnnqm1d1.default\extensions\staged
[2013/11/07 21:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profilesvnnqm1d1.default\extensions
[2013/11/07 21:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profilesvnnqm1d1.default\extensions\staged

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Ask Toolbar = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajepeddfdaihpmdgnickofffkdlpb\25.60709_2\
CHR - Extension: RealDownloader = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Skype Click to Call = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google \u96FB\u5B50\u9322\u5305 = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: LoL guides = C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcpejbpddihleognngdlmbnpgoaolgl\2.2.5.89_0\

O1 HOSTS File: ([2014/02/08 23:10:59 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (捃濘狟婥盓厥) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - D:\Xunlei\BHO\XunleiBHO647.2.10.3694.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (捃濘FLV弝凊抻摯狟婥盓厥) - {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} - D:\Xunlei\BHO\XlBrowserAddin1.0.8.71.dll (ShenZhen Xunlei Networking Technologies,LTD)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\java\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (捃濘狟婥盓厥) - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Xunlei\BHO\XunleiBHO7.2.10.3694.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\java\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (肮祭珨瑩假蚾盓厥) - {F72C8153-7140-4FEE-8F69-CA4579D71195} - D:\Tongbu\Addin\tbIEAddin.dll (同步网络平台)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BaiduAnTray] C:\Program Files (x86)\Baidu\BaiduAn\1.0.0.473\BaiduAnTray.exe (百度在线网络技术(北京)有限公司)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [ApplePhotoStreams] D:\ApplePhotoStreams.exe File not found
O4 - HKCU..\Run: [iCloudServices] D:\iCloudServices.exe File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: &妏蚚&捃濘狟婥 - D:\Xunlei\BHO\geturl.htm ()
O8:64bit: - Extra context menu item: &妏蚚&捃濘狟婥窒蟈諉 - D:\Xunlei\BHO\getAllurl.htm ()
O8:64bit: - Extra context menu item: &妏蚚&捃濘燭盄狟婥 - D:\Xunlei\BHO\OfflineDownload.htm ()
O8:64bit: - Extra context menu item: Foxy 下載 - D:\Foxy\Foxy\Foxy.exe (Foxy, Inc.)
O8:64bit: - Extra context menu item: Foxy 搜尋 - D:\Foxy\Foxy\Foxy.exe (Foxy, Inc.)
O8 - Extra context menu item: &妏蚚&捃濘狟婥 - D:\Xunlei\BHO\geturl.htm ()
O8 - Extra context menu item: &妏蚚&捃濘狟婥窒蟈諉 - D:\Xunlei\BHO\getAllurl.htm ()
O8 - Extra context menu item: &妏蚚&捃濘燭盄狟婥 - D:\Xunlei\BHO\OfflineDownload.htm ()
O8 - Extra context menu item: Foxy 下載 - D:\Foxy\Foxy\Foxy.exe (Foxy, Inc.)
O8 - Extra context menu item: Foxy 搜尋 - D:\Foxy\Foxy\Foxy.exe (Foxy, Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{581400B6-8718-430E-9E47-8D3CAA1CBC92}: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0F4802E-D0D2-4637-B7D6-F50F667D8C45}: DhcpNameServer = 172.20.93.1 172.20.93.2
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fac7a41a-5dfe-11e2-b88b-5404a66fbb96}\Shell - "" = AutoRun
O33 - MountPoints2\{fac7a41a-5dfe-11e2-b88b-5404a66fbb96}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/08 23:59:10 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Baidu
[2014/02/08 23:56:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/08 00:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2014/02/06 14:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014/01/25 16:10:27 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
[2014/01/16 21:26:07 | 000,167,288 | ---- | C] (Baidu) -- C:\Windows\SysNative\drivers\bd0002.sys
[2014/01/16 21:26:06 | 000,093,512 | ---- | C] (Baidu) -- C:\Windows\SysNative\drivers\bd0001.sys
[2014/01/16 21:26:06 | 000,037,088 | ---- | C] (Baidu) -- C:\Windows\SysNative\bd64_x64.dll
[2014/01/16 21:26:06 | 000,026,336 | ---- | C] (Baidu) -- C:\Windows\SysNative\bd64_x86.dll
[2014/01/16 21:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu
[2014/01/16 21:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu
[2014/01/14 16:54:55 | 000,000,000 | ---D | C] -- C:\Users\Simon\.android
[2014/01/14 16:54:54 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\cache
[2014/01/14 16:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[5 C:\Users\Simon\Desktop\*.tmp files -> C:\Users\Simon\Desktop\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/08 23:59:31 | 000,000,342 | ---- | M] () -- C:\Windows\lgfwup.ini
[2014/02/08 23:58:08 | 000,000,536 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/08 23:58:07 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/02/08 23:58:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/08 23:58:01 | 4279,328,766 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/08 23:27:54 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/08 23:27:54 | 000,021,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/08 23:25:03 | 001,289,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/08 23:25:03 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/08 23:25:03 | 000,392,940 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2014/02/08 23:25:03 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/08 23:25:03 | 000,115,072 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2014/02/08 23:14:00 | 000,000,526 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/08 23:10:59 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/02/08 23:07:38 | 000,000,540 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/08 00:42:55 | 000,000,512 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2014/02/07 18:59:01 | 000,000,426 | ---- | M] () -- C:\Windows\wininit.ini
[2014/01/28 20:06:51 | 000,056,942 | ---- | M] () -- C:\Users\Simon\Desktop\GCE M2.png
[2014/01/28 20:05:14 | 000,060,258 | ---- | M] () -- C:\Users\Simon\Desktop\GCE D2.png
[2014/01/28 20:03:29 | 000,058,213 | ---- | M] () -- C:\Users\Simon\Desktop\GCE FP1.png
[2014/01/19 16:03:53 | 000,001,049 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/17 03:19:33 | 005,130,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[5 C:\Users\Simon\Desktop\*.tmp files -> C:\Users\Simon\Desktop\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/08 00:42:55 | 000,000,512 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2014/01/28 20:06:51 | 000,056,942 | ---- | C] () -- C:\Users\Simon\Desktop\GCE M2.png
[2014/01/28 20:05:14 | 000,060,258 | ---- | C] () -- C:\Users\Simon\Desktop\GCE D2.png
[2014/01/28 20:03:29 | 000,058,213 | ---- | C] () -- C:\Users\Simon\Desktop\GCE FP1.png
[2014/01/19 01:24:17 | 000,000,426 | ---- | C] () -- C:\Windows\wininit.ini
[2013/10/08 19:36:54 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/10/08 19:36:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/08/31 07:47:50 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/08/31 07:47:50 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/08/31 07:04:52 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/08/31 07:04:52 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/08/30 19:53:48 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/07/04 17:29:31 | 145,388,814 | ---- | C] () -- C:\Users\Simon\AppData\Local\ACCCx183.zip.aamdownload
[2013/07/04 17:29:31 | 000,001,726 | ---- | C] () -- C:\Users\Simon\AppData\Local\ACCCx183.zip.aamdownload.aamd
[2013/05/23 22:11:33 | 001,268,436 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/18 22:50:18 | 000,007,597 | ---- | C] () -- C:\Users\Simon\AppData\Local\Resmon.ResmonCfg
[2012/10/22 22:32:50 | 000,000,132 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/10/19 07:15:23 | 000,211,698 | ---- | C] () -- C:\Windows\hpoins30.dat
[2012/10/19 07:15:23 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2012/10/19 07:11:26 | 000,211,633 | ---- | C] () -- C:\Windows\hpoins30.dat.temp
[2012/10/19 07:11:26 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat.temp
[2012/10/01 22:36:56 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat
[2012/10/01 19:48:21 | 000,000,911 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\coreavc.ini
[2012/10/01 19:44:55 | 000,004,030 | ---- | C] () -- C:\Users\Simon\FunShion.ini
[2012/10/01 19:37:56 | 000,000,342 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012/10/01 18:34:02 | 000,042,048 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/10/01 18:32:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/10/01 18:32:25 | 000,026,871 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/10/01 18:31:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/01 10:18:40 | 000,001,080 | ---- | C] () -- C:\Windows\SysWow64\funshion.ini

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/05 21:47:35 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\AnvSoft
[2013/07/26 01:43:29 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Audacity
[2014/02/08 23:59:10 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Baidu
[2013/12/19 21:03:09 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Battle.net
[2014/02/05 22:54:52 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\BitTorrent
[2013/01/13 22:32:29 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/11/22 21:56:25 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\DAEMON Tools Pro
[2014/01/04 15:40:03 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\DiskAid
[2014/02/08 23:58:16 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Dropbox
[2012/12/29 21:15:11 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Foxy
[2013/07/02 21:46:21 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Garena
[2014/02/07 18:31:55 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\GarenaPlus
[2012/11/12 23:31:05 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Geniesoft
[2013/11/03 22:56:35 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\HiveProcExplorer
[2013/04/03 11:06:06 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\ItsTimer
[2012/10/04 22:56:26 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\LolClient
[2013/07/04 17:52:50 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\OBS
[2013/10/08 20:51:35 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Origin
[2012/10/19 23:29:25 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\PACE Anti-Piracy
[2012/11/01 00:26:00 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\PDAppFlex
[2012/10/01 20:51:20 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\RCTW
[2013/07/04 16:41:05 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\SplitMediaLabs
[2013/10/08 19:28:35 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Spotify
[2012/10/22 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/01/08 17:56:09 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Synthesia
[2013/03/28 22:38:43 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Unity
[2013/12/01 01:01:31 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\WindSolutions

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2014/01/16 21:26:12 | 000,001,257 | ---- | M] ()(C:\Users\Public\Desktop\百度?士.lnk) -- C:\Users\Public\Desktop\百度卫士.lnk
[2014/01/16 21:26:12 | 000,001,257 | ---- | C] ()(C:\Users\Public\Desktop\百度?士.lnk) -- C:\Users\Public\Desktop\百度卫士.lnk
[2014/01/16 21:26:12 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度?士) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度卫士
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷?件) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件

< End of report >

I have not experience the problem now but I would like to make sure the adware is fully removed. Thank you for helping me out :)
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets run a final sweep

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Attach the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP