Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Starts Slowly


  • Please log in to reply

#1
dif4

dif4

    Member

  • Member
  • PipPipPip
  • 104 posts

Hi,

 

My computer starts very slowly and it takes a long time to load the main desktop screen. After that, when I click on the applications or files, it takes about 5 mins to open. For example, when I open some websites in Internet Explorer, after the webpages have loaded and when I click to see the pages, the system 'hangs' and shows no response. I have to wait for about 5 mins before I can see the webpages. Then after a while, the same thing happens and I cannot see anything on Internet Explorer so I have to wait again before everything is ok. I'm not sure whether there's malware or simply something wrong with my system.

 

Here's the OTL log:

 

vOTL logfile created on: 4/16/2014 8:33:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.97 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 42.96% Memory free
4.81 Gb Paging File | 3.16 Gb Available in Paging File | 65.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.87 Gb Total Space | 8.69 Gb Free Space | 3.73% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 2.84 Gb Free Space | 1.22% Space Free | Partition Type: NTFS
Drive F: | 58.59 Gb Total Space | 0.48 Gb Free Space | 0.81% Space Free | Partition Type: NTFS
Drive G: | 174.29 Gb Total Space | 1.53 Gb Free Space | 0.88% Space Free | Partition Type: NTFS
Drive H: | 189.92 Gb Total Space | 0.44 Gb Free Space | 0.23% Space Free | Partition Type: NTFS
 
Computer Name: USER-8CE73256DD | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/16 20:33:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
PRC - [2014/03/30 20:30:08 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/03/30 20:30:08 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/02/20 02:05:02 | 001,534,736 | ---- | M] (Youku.com) -- C:\Program Files\YouKu\youkuclient\YoukuDesktop.exe
PRC - [2014/02/20 02:04:52 | 005,723,928 | ---- | M] (Youku.com) -- C:\Program Files\YouKu\youkuclient\YoukuMediaCenter.exe
PRC - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/12/11 17:52:14 | 001,236,096 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- H:\Program Files\QvodPlayer\QvodTerminal.exe
PRC - [2013/11/26 19:34:27 | 000,458,832 | ---- | M] (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.) -- C:\Program Files\iQIYI\QiyiService.exe
PRC - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2013/10/31 11:35:30 | 000,449,760 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2013/10/10 12:50:08 | 004,993,024 | ---- | M] (FS2YOU) -- C:\Program Files\GridService\peer.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/05/05 04:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2008/04/14 11:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/14 10:25:58 | 000,571,392 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2014/02/05 16:55:04 | 000,562,688 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2014/02/03 15:51:10 | 001,125,592 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/12/18 14:55:54 | 003,069,568 | ---- | M] () -- H:\Program Files\QvodPlayer\image_hash.dll
MOD - [2013/12/18 14:55:48 | 000,243,752 | ---- | M] () -- H:\Program Files\QvodPlayer\QvodImageInfo.dll
MOD - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013/09/13 10:02:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2013/05/20 11:58:08 | 000,620,718 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
MOD - [2013/01/02 14:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/04/30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011/07/07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\Report.dll
MOD - [2010/01/11 15:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\VObject.dll
MOD - [2008/04/14 11:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 11:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/03/30 20:30:08 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/03/13 04:22:24 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/11/26 19:34:27 | 000,458,832 | ---- | M] (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.) [Auto | Running] -- C:\Program Files\iQIYI\QiyiService.exe -- (QiyiService)
SRV - [2013/07/18 09:23:32 | 000,215,088 | ---- | M] (新浪网技术(中国)有限公司) [Auto | Running] -- C:\Program Files\sina\Sina_live\2010\live_deamon.dll -- (sina_live_deamon)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/05 04:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/04/16 19:47:22 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2014/04/16 19:41:11 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C03DDEA6-C3B2-4753-A5AB-4606CFE974FC}\MpKslfbcc7bc6.sys -- (MpKslfbcc7bc6)
DRV - [2014/03/30 20:30:22 | 000,228,888 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/03/30 20:30:22 | 000,156,024 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/03/30 20:30:22 | 000,107,256 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/12/13 05:51:06 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2012/12/30 04:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2012/07/21 19:42:37 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/07/21 19:42:37 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/10/05 18:11:24 | 006,164,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/09/09 15:13:02 | 000,234,728 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/05/17 17:11:22 | 000,006,272 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/04/08 03:32:48 | 000,116,224 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/04/14 08:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/03/16 14:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2001/08/23 20:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.soccernet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com...99_oem_dg&ch=33
IE - HKCU\..\SearchScopes\{F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}: "URL" = http://www.google.co...1I7NDKB_enSG548
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdsetup: C:\WINDOWS\Downloaded Program Files\443437\npxbdsetup.dll ()
FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\npxbdyy.dll ()
FF - HKLM\Software\MozillaPlugins\@iqiyi.com/npclient: C:\Program Files\iQIYI\npclient.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\3.4.0.0111\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/QQlive: C:\Program Files\Tencent\QQLive\LiveOcx\npQQLive.dll File not found
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: H:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: H:\Program Files\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@sohu.com/npifox: H:\Program Files\搜狐影音\npifox.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: H:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: H:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = http://feed.snapdo.c...Date=11/11/2013
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft庐 DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft庐 DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: PPLive PPTV Plugin (Enabled) = C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.3117\npplugin2.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: 56iCan Browser Plugin (Enabled) = H:\Program Files\56ican\np56icanplugin.dll
CHR - plugin: BaiduPlayer Browser Plugin (Enabled) = H:\Program Files\Baidu\BaiduPlayer\1.17.0.172\npxbdyy.dll
CHR - plugin: npifox Dynamic Link Library (Enabled) = H:\Program Files\鎼滅嫄褰遍煶\npifox.dll
CHR - Extension: Google Docs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/11/16 08:48:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - H:\Program Files\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Grid Service] C:\Program Files\GridService\peer.exe (FS2YOU)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QvodTerminal] H:\Program Files\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &使用FLVCD获取本页视频的下载地址 - C:\Documents and Settings\User\Application Data\flvcd\flvcd_link.htm ()
O8 - Extra context menu item: &使用FLVCD获取该视频的下载地址 - C:\Documents and Settings\User\Application Data\flvcd\flvcd_href.htm ()
O8 - Extra context menu item: Download with Mipony - H:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: 使用快播按图找片 - H:\Program Files\QvodPlayer\AddIn\ImgSeed.htm ()
O8 - Extra context menu item: 收藏到搜狐影音 - Reg Error: Value error. File not found
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\YouKu\youkuclient\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\YouKu\youkuclient\ikutm.dll (youku.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\YouKu\youkuclient\ikutm.dll (youku.com)
O15 - HKLM\..Trusted Domains: gogobox.com.tw ([]gb2 in Trusted sites)
O15 - HKLM\..Trusted Domains: gogobox.com.tw ([]http in Trusted sites)
O16 - DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} http://dl_dir.qq.com...MMInstaller.cab (InstallHelper Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.c...oft_webscan.cab (Emsisoft Web Malware Scan)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ad...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84BB2E11-9558-430C-8909-EDB3C4C1FB8B}: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99500004-75DD-4DC2-A969-0129C59083B3}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/07 07:24:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/06/15 09:36:56 | 001,029,537 | ---- | M] () - H:\AutoClick.rar -- [ NTFS ]
O33 - MountPoints2\{1af53b09-c268-11e0-8308-003067a72b32}\Shell - "" = AutoRun
O33 - MountPoints2\{1af53b09-c268-11e0-8308-003067a72b32}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1af53b09-c268-11e0-8308-003067a72b32}\Shell\AutoRun\command - "" = I:\Startme.exe
O33 - MountPoints2\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\Shell - "" = AutoRun
O33 - MountPoints2\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\Shell - "" = AutoRun
O33 - MountPoints2\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\Shell - "" = AutoRun
O33 - MountPoints2\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{d4b6eaa5-0add-11e2-869a-003067a72b32}\Shell - "" = AutoRun
O33 - MountPoints2\{d4b6eaa5-0add-11e2-869a-003067a72b32}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d4b6eaa5-0add-11e2-869a-003067a72b32}\Shell\AutoRun\command - "" = I:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/16 20:33:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2014/04/16 19:47:10 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/03/30 20:30:22 | 000,107,256 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/16 20:33:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2014/04/16 20:25:42 | 000,000,536 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/16 20:08:47 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/04/16 19:56:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/16 19:47:22 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2014/04/16 19:40:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/16 19:34:23 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/16 19:32:23 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/16 19:24:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/16 15:26:01 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003UA.job
[2014/04/16 06:26:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003Core.job
[2014/04/16 05:46:46 | 000,000,004 | ---- | M] () -- C:\authres.html
[2014/04/15 22:05:02 | 000,000,087 | ---- | M] () -- C:\WINDOWS\psnetwork.ini
[2014/04/15 07:55:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/04/15 06:39:17 | 000,123,904 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/10 05:56:58 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/04/09 23:25:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/04/08 16:30:13 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/03/31 22:28:01 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\User\Application Data\coreavc.ini
[2014/03/31 22:28:01 | 000,000,138 | ---- | M] () -- C:\WINDOWS\vsfilter.INI
[2014/03/30 20:30:22 | 000,107,256 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2014/03/26 23:33:07 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/03/26 05:23:42 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
[2014/03/19 17:56:35 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Shortcut to Maxtor (H).lnk
 
========== Files Created - No Company Name ==========
 
[2014/03/26 23:42:58 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/03/26 05:23:42 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
[2014/03/19 17:56:35 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Shortcut to Maxtor (H).lnk
[2013/11/26 19:34:41 | 000,000,087 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2013/10/24 14:27:46 | 002,310,992 | ---- | C] () -- C:\WINDOWS\System32\shellfire.dll
[2013/09/22 21:31:15 | 000,000,149 | ---- | C] () -- C:\WINDOWS\phw.ini
[2013/06/14 23:52:56 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2012/11/30 06:28:11 | 000,000,305 | ---- | C] () -- C:\WINDOWS\System32\bdsecushr.dat
[2012/10/07 14:08:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\vsfilter.INI
[2012/10/07 14:08:25 | 000,001,042 | ---- | C] () -- C:\Documents and Settings\User\Application Data\coreavc.ini
[2011/02/23 17:13:02 | 003,408,326 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-343818398-179605362-1801674531-1003-0.dat
[2011/02/23 17:13:01 | 000,146,698 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/07 12:32:53 | 000,123,904 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2011/01/07 12:29:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 11:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 11:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/01/07 07:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2013/01/20 21:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Application Data
[2011/01/11 12:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2013/11/26 19:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Baidu
[2014/04/16 06:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2013/07/07 01:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grid
[2013/11/10 14:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/01/07 07:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
[2013/10/16 22:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KuaiWan
[2014/01/16 20:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LocalStorage
[2012/04/27 21:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/02/08 15:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NatGeoGames
[2011/02/02 13:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2013/11/26 19:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2013/11/26 19:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QiYi
[2013/12/24 17:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RaySource
[2012/03/09 05:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2014/03/22 20:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Mobile
[2011/02/19 14:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2013/04/18 10:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/07/07 19:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2012/04/27 21:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Anarchy
[2011/10/20 07:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Awem
[2013/11/26 19:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Baidu
[2013/12/25 09:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\baiduAddr
[2011/01/20 13:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BlamGames
[2013/03/23 11:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Building the Great Wall of China
[2012/07/26 09:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CometPlayer
[2011/01/09 02:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Pro
[2011/09/09 23:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\dekovir
[2013/08/22 20:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\flvcd
[2013/11/17 13:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FMRTE14
[2012/06/08 17:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FMRTEv5
[2011/02/02 12:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Go-Go Gourmet Chef of the Year
[2013/04/16 23:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Happy Kingdom
[2013/07/22 23:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HipSoft
[2011/01/09 02:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IObit
[2011/01/07 07:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Kingsoft
[2012/09/28 22:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mipony
[2011/02/08 15:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NatGeoGames
[2011/02/02 13:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlayFirst
[2013/11/26 19:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPlive
[2013/11/09 08:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPStream
[2013/09/22 21:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPStreamSetup
[2013/11/26 19:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Qiyi
[2013/07/05 22:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/08/09 20:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
[2011/02/19 14:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sports Interactive
[2011/01/08 15:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Supermarket Mania 2
[2014/04/11 19:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\tigerplayer
[2013/11/08 19:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Wandoujia2
[2014/03/11 06:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\youku
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012/08/09 09:57:41 | 000,000,000 | ---D | M](C:\Program Files\??êó) -- C:\Program Files\˶Êó
[2012/08/09 09:57:41 | 000,000,000 | ---D | M](C:\Program Files\??êó) -- C:\Program Files\˶Êó
(C:\Program Files\??êó) -- C:\Program Files\˶Êó
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC386FD2
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63C68F03
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D2EA83

< End of report >

 

 

The OTL Extras log:

 

OTL Extras logfile created on: 4/16/2014 8:33:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.97 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 42.96% Memory free
4.81 Gb Paging File | 3.16 Gb Available in Paging File | 65.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.87 Gb Total Space | 8.69 Gb Free Space | 3.73% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 2.84 Gb Free Space | 1.22% Space Free | Partition Type: NTFS
Drive F: | 58.59 Gb Total Space | 0.48 Gb Free Space | 0.81% Space Free | Partition Type: NTFS
Drive G: | 174.29 Gb Total Space | 1.53 Gb Free Space | 0.88% Space Free | Partition Type: NTFS
Drive H: | 189.92 Gb Total Space | 0.44 Gb Free Space | 0.23% Space Free | Partition Type: NTFS
 
Computer Name: USER-8CE73256DD | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"17539:TCP" = 17539:TCP:*:Enabled:BitComet 17539 TCP
"17539:UDP" = 17539:UDP:*:Enabled:BitComet 17539 UDP
"50000:UDP" = 50000:UDP:*:Enabled:sina_live
"50001:UDP" = 50001:UDP:*:Enabled:sina_live
"6001:TCP" = 6001:TCP:*:Enabled:sina_live
"6002:TCP" = 6002:TCP:*:Enabled:sina_live
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" = C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe:*:Enabled:PPTV网络电视
"H:\Program Files\QvodPlayer\QvodTerminal.exe" = H:\Program Files\QvodPlayer\QvodTerminal.exe:*:Enabled:QvodTerminal -- (Shenzhen QVOD Technology Co.,Ltd)
"C:\Program Files\GridService\peer.exe" = C:\Program Files\GridService\peer.exe:*:Enabled:Grid Service -- (FS2YOU)
"C:\Program Files\YouKu\youkuclient\YoukuMediaCenter.exe" = C:\Program Files\YouKu\youkuclient\YoukuMediaCenter.exe:*:Enabled:youku media center service  -- (Youku.com)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Program Files\Tudou\iTudou\iTudou.exe" = C:\Program Files\Tudou\iTudou\iTudou.exe:*:Enabled:iTudou 2.6.10.0 -- (土豆网)
"C:\Documents and Settings\All Users\Application Data\QiYi\QiyiKernel\App\QiyiKernel.exe" = C:\Documents and Settings\All Users\Application Data\QiYi\QiyiKernel\App\QiyiKernel.exe:*:Enabled:QiyiKernel -- (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.)
"C:\Program Files\iQIYI\QYFollowVideo.exe" = C:\Program Files\iQIYI\QYFollowVideo.exe:*:Enabled:QYFollowVideo -- (爱奇艺)
"C:\Program Files\iQIYI\QiyiClient.exe" = C:\Program Files\iQIYI\QiyiClient.exe:*:Enabled:QIYICLIENT -- (爱奇艺)
"H:\Program Files\Baidu\BaiduPlayer\1.17.0.172\BaiduP2PService.exe" = H:\Program Files\Baidu\BaiduPlayer\1.17.0.172\BaiduP2PService.exe:*:Enabled:百度流媒体服务 -- (Baidu.com, Inc.)
"C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\BaiduP2PService.exe" = C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\BaiduP2PService.exe:*:Enabled:BaiduP2PService.exe -- (Baidu.com, Inc.)
"C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\StatReport.exe" = C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\StatReport.exe:*:Enabled:StatReport.exe -- (Baidu.com, Inc.)
"C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\BaiduPlayer.exe" = C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\BaiduPlayer.exe:*:Enabled:BaiduPlayer.exe -- ()
"C:\Documents and Settings\All Users\Application Data\Baidu\BaiduPlayer\bdupdate.exe" = C:\Documents and Settings\All Users\Application Data\Baidu\BaiduPlayer\bdupdate.exe:*:Enabled:bdupdate.exe -- (Baidu.com, Inc.)
"C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\BaiduSetupAx_0.exe" = C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\BaiduSetupAx_0.exe:*:Enabled:BaiduSetupAx_0.exe
"H:\Program Files\Steam\Steam.exe" = H:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client Bootstrapper ([email protected]) -- (Valve Corporation)
"H:\Program Files\QvodPlayer\QvodPlayer.exe" = H:\Program Files\QvodPlayer\QvodPlayer.exe:*:Enabled:快播 -- (Shenzhen QVOD Technology Co.,Ltd)
"C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe" = C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe:*:Enabled:Update Engine -- ()
"C:\Program Files\gogobox\gogobox.exe" = C:\Program Files\gogobox\gogobox.exe:*:Enabled:GOGOBOX_FirewallAgent -- (NEXTLiNK Technology Co., Ltd.)
"C:\Program Files\gogobox\gogobox_updater.exe" = C:\Program Files\gogobox\gogobox_updater.exe:*:Enabled:GOGOBOX_FirewallAgent -- (NEXTLiNK Technology Co., Ltd.)
"C:\Program Files\gogobox\gogobox_e.exe" = C:\Program Files\gogobox\gogobox_e.exe:*:Enabled:GOGOBOX_FirewallAgent -- ()
"C:\Program Files\gogobox\gogobox_t.exe" = C:\Program Files\gogobox\gogobox_t.exe:*:Enabled:GOGOBOX_FirewallAgent -- (Netxtream)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03C8F224-5374-423D-BA14-270610258E83}_is1" = 搜狐影音3.1.0.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1" = EZDownloader
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18651D22-C569-40DA-9DCE-0F98A4BBE19F}" = FMRTE
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E4A6F03-4D71-4496-9B2D-71C8B59F64DE}" = BiosNotice
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{63486834-B10B-4DD4-8216-C8D66A157D7E}_is1" = FMRTE 5.2.4
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6BB5ABD5-3CD2-48CF-AA24-74F0B0568923}" = BrowseToSave
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC7F2C31-9BBE-46A4-9C36-B2FA08B9F446}" = winniethepoohcur
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{BE4F388F-E7B6-43E8-8856-6B74AC375A87}" = Media Go
"{BE9CA23E-C5F5-410E-A3E5-8DD7657F80C8}" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8A28D99-7591-45DC-8AF5-DBFB572CC8DA}" = Snap.Do
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E2EE37-5AA9-4B4F-8D3F-5D5459778864}_is1" = FMRTE 14.1.3.3
"{DBC12450-EB73-4B1D-A2E0-EFEE811720B2}" = FormatFactory
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.197
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5D73EED-4AAD-4784-84EA-A57FF75BC23D}_is1" = 鼠标连点器 2.0
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"7 Wonders Magical Mystery Tour 1.00" = 7 Wonders Magical Mystery Tour 1.00
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Airline Baggage Mania 1.00" = Airline Baggage Mania 1.00
"BaiduPlayer" = BaiduPlayer1.19.0.137
"Ballad of Solar 1.00" = Ballad of Solar 1.00
"Be Richest 1.00" = Be Richest 1.00
"BitComet" = BitComet 1.07
"Blooming Daisies 1.00" = Blooming Daisies 1.00
"Build a lot 6 On Vacation 1.2" = Build a lot 6 On Vacation 1.2
"Build a lot Fairy Tales 1.00" = Build a lot Fairy Tales 1.00
"Building the Great Wall of China 1.00" = Building the Great Wall of China 1.00
"Coffee Rush 3 1.00" = Coffee Rush 3 1.00
"Cooking Dash 3 Thrills and Spills Collectors Edition 1.00" = Cooking Dash 3 Thrills and Spills Collectors Edition 1.00
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"Cradle Of Egypt Collectors Edition 1.00" = Cradle Of Egypt Collectors Edition 1.00
"Cradle Of Rome 2 1.00" = Cradle Of Rome 2 1.00
"Dragon Empire_is1" = Dragon Empire
"FileHippo.com" = FileHippo.com Update Checker
"Fishers Family Farm 1.00" = Fishers Family Farm 1.00
"FormatFactory" = FormatFactory 3.2.1.0
"FPE 2001" = FPE 2001
"Go-Go Gourmet 2 - Chef of the Year1.0" = Go-Go Gourmet 2 - Chef of the Year
"GOGOBOX" = GOGOBOX
"Google Chrome" = Google Chrome
"Happy Kingdom 1.0" = Happy Kingdom 1.0
"ie8" = Windows Internet Explorer 8
"iKu" = Youku iku
"iTudou" = iTudou 2.6.10.0
"Jewel Quest 6 The Sapphire Dragon Collectors Edition 1.00" = Jewel Quest 6 The Sapphire Dragon Collectors Edition 1.00
"Kingsoft Office" = Kingsoft Office 2010  (6.6.0.2496)
"Mahjong Royal Towers 1.00" = Mahjong Royal Towers 1.00
"Mahjongg - Legends of the Tiles" = Mahjongg - Legends of the Tiles
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MiPony" = MiPony 1.3.0
"MpcStar" = MpcStar 5.3
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Oriental Dreams_is1" = Oriental Dreams
"qqlive" = 腾讯视频
"QvodPlayer" = 快播 5.18.161
"Rapport_msi" = Trusteer Endpoint Protection
"RaySource" = RaySource 2.4.0.2
"RealPlayer 6.0" = RealPlayer
"SopCast" = SopCast 3.2.9
"SpeedFan" = SpeedFan (remove only)
"Steam App 231670" = Football Manager 2014
"Steam App 242460" = Football Manager 2014 Editor
"Steam App 242480" = Football Manager 2014 Resource Archiver
"Steam App 71270" = Football Manager 2012
"Steam App 71400" = Football Manager 2012 Editor
"Steam App 71410" = Football Manager 2012 Resource Archiver
"Supermarket Mania 2 1.00" = Supermarket Mania 2 1.00
"Trade Mania 1.00" = Trade Mania 1.00
"Update Engine" = Sony Mobile Update Engine
"VLC media player" = VLC media player 0.9.8a
"vShare.tv plugin" = vShare.tv plugin 1.3
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WhoCrashed_is1" = WhoCrashed 3.01
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 壓縮工具
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YoukuClient" = 优酷客户端
"手机顽童_is1" = 手机顽童圣诞特别版
"搜狐影音" = 搜狐影音
"新浪Live" = 新浪Live
"爱奇艺视频" = 爱奇艺视频2.0
"硕鼠" = 硕鼠 0.4.7.6 正式版
"金庸群侠苍龙版_is1" = 金庸群侠苍龙版
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3581bea1-b5b1-4e06-a474-e1b985b85d37}" = Snap.Do Engine
"Easy St. Tycoon" = Easy St. Tycoon
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/13/2014 10:05:13 AM | Computer Name = USER-8CE73256DD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/13/2014 10:05:13 AM | Computer Name = USER-8CE73256DD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/13/2014 10:05:13 AM | Computer Name = USER-8CE73256DD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/13/2014 10:06:05 AM | Computer Name = USER-8CE73256DD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module unknown, version 0.0.0.0, fault address 0x696e554c.
 
Error - 3/13/2014 11:27:45 AM | Computer Name = USER-8CE73256DD | Source = Application Error | ID = 1000
Description = Faulting application fm.exe, version 14.1.3.45519, faulting module
 fm.exe, version 14.1.3.45519, fault address 0x0154fa50.
 
Error - 3/13/2014 11:48:12 AM | Computer Name = USER-8CE73256DD | Source = Application Error | ID = 1000
Description = Faulting application wps.exe, version 1.0.0.2496, faulting module
wps.exe, version 1.0.0.2496, fault address 0x00176ac4.
 
Error - 3/14/2014 11:32:43 AM | Computer Name = USER-8CE73256DD | Source = Application Error | ID = 1000
Description = Faulting application fm.exe, version 14.1.3.45519, faulting module
 fm.exe, version 14.1.3.45519, fault address 0x0154fa50.
 
Error - 3/16/2014 1:42:16 AM | Computer Name = USER-8CE73256DD | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
 module realmediasplitter.ax, version 1.0.1.2, fault address 0x00005983.
 
Error - 3/18/2014 11:27:29 AM | Computer Name = USER-8CE73256DD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module unknown, version 0.0.0.0, fault address 0x03e3c51e.
 
Error - 3/18/2014 11:27:47 AM | Computer Name = USER-8CE73256DD | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module unknown, version 0.0.0.0, fault address 0x033fc51e.
 
[ System Events ]
Error - 4/16/2014 5:35:36 AM | Computer Name = USER-8CE73256DD | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Display Driver Service service failed to start due to the
 following error:   %%1053
 
Error - 4/16/2014 5:36:58 AM | Computer Name = USER-8CE73256DD | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in
15000 milliseconds: Restart the service.
 
Error - 4/16/2014 5:37:27 AM | Computer Name = USER-8CE73256DD | Source = Microsoft Antimalware | ID = 2041
Description = The support for your operating system has expired. Running %%860 on
 an out of support operating system is not an adequate solution to protect against
 threats. 
 
Error - 4/16/2014 7:38:44 AM | Computer Name = USER-8CE73256DD | Source = Service Control Manager | ID = 7022
Description = The WebClient service hung on starting.
 
Error - 4/16/2014 7:38:44 AM | Computer Name = USER-8CE73256DD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Microsoft .NET Framework
 NGEN v4.0.30319_X86 service to connect.
 
Error - 4/16/2014 7:40:35 AM | Computer Name = USER-8CE73256DD | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.
 
Error - 4/16/2014 7:40:35 AM | Computer Name = USER-8CE73256DD | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in
15000 milliseconds: Restart the service.
 
Error - 4/16/2014 7:46:14 AM | Computer Name = USER-8CE73256DD | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

 Feature:
 %%834     Error Code: 0x80004005     Error description: Unspecified error      Reason: %%838
 
Error - 4/16/2014 8:25:41 AM | Computer Name = USER-8CE73256DD | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

 Feature:
 %%834     Error Code: 0x80004005     Error description: Unspecified error      Reason: %%838
 
Error - 4/16/2014 8:25:42 AM | Computer Name = USER-8CE73256DD | Source = Service Control Manager | ID = 7034
Description = The Microsoft Antimalware Service service terminated unexpectedly.
  It has done this 3 time(s).
 
 
< End of report >

 

 

Thanks.


  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hello and Welcome on board dif4 :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Senior Team of the forum' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. 

 

I will come back with further instructions later.
  • 0

#3
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hey,

Please move the OTL.exe to your Desktop.

Step 1: Free Space Warning

I see you have only less than 15% free space on your PC. That is another reason for the slowness of your computer. Because of that I recommend uninstalling software which you don't use at all.

Step 2: P2P Warning

IMPORTANT I see, you have one or more P2P (Person to Person) programs installed.

1.) You have following P2P program installed: BitComet
2.) If you download files from non-documented sources per a P2P File sharing Program, you can expect a infection of malware. That isn't good for your PC. A long time ago File-sharing with P2P programs like UTorrent was fairly safe. But at this time it isn't true any more. Of course you can use P2P programs at your own risk, but that is maybe your source of your infection. It would be nice if you read this here. So after reading the text you will recognize why you shouldn't have them.
3.) Please read this reports about the danger of P2P Programs:4.) I would recommend that you uninstall the above. That would be nice. If you like to uninstall the P2P Program, you can do it via Start >> Control Panel >> Add or Remove Programs
5.) If you want to keep the program on your computer , don't use it while we are fixing your computer!

Step 3: Uninstalls

I want you to uninstall following programs (Start > Control Panel > Add/Remove Programs):
  • Snap.Do
  • Snap.Do Engine
Step 4: Google Chrome Search Provider
  • Start Chrome
  • Click on the Chrome Menu , then select Settings
  • Go to the Search Section, then click on Manage Search Engines
  • A Window will open. Next to Conduit Search click the cross
  • This will remove the bad Search Engine. If you like you can make Google as Default Search Engine
Step 5: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    FF - HKLM\Software\MozillaPlugins\@qq.com/QQlive: C:\Program Files\Tencent\QQLive\LiveOcx\npQQLive.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
    O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - H:\Program Files\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
    O4 - HKCU..\Run: [Google Update] Reg Error: Value error. File not found
    O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
    O8 - Extra context menu item: 收藏到搜狐影音 - Reg Error: Value error. File not found
    O15 - HKLM\..Trusted Domains: gogobox.com.tw ([]gb2 in Trusted sites)
    O15 - HKLM\..Trusted Domains: gogobox.com.tw ([]http in Trusted sites)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O33 - MountPoints2\{1af53b09-c268-11e0-8308-003067a72b32}\Shell - "" = AutoRun
    O33 - MountPoints2\{1af53b09-c268-11e0-8308-003067a72b32}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1af53b09-c268-11e0-8308-003067a72b32}\Shell\AutoRun\command - "" = I:\Startme.exe
    O33 - MountPoints2\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\Shell - "" = AutoRun
    O33 - MountPoints2\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\Shell\AutoRun\command - "" = I:\AutoRun.exe
    O33 - MountPoints2\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\Shell - "" = AutoRun
    O33 - MountPoints2\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun\command - "" = I:\AutoRun.exe
    O33 - MountPoints2\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\Shell - "" = AutoRun
    O33 - MountPoints2\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\Shell\AutoRun\command - "" = I:\AutoRun.exe
    O33 - MountPoints2\{d4b6eaa5-0add-11e2-869a-003067a72b32}\Shell - "" = AutoRun
    O33 - MountPoints2\{d4b6eaa5-0add-11e2-869a-003067a72b32}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{d4b6eaa5-0add-11e2-869a-003067a72b32}\Shell\AutoRun\command - "" = I:\Startme.exe
    [2014/04/16 06:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC386FD2
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63C68F03
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D2EA83
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{BE9CA23E-C5F5-410E-A3E5-8DD7657F80C8}"=-
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into the next reply.
Step 6: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 7: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 8: FRST

Please download FRST (by Farbar) from the link below and save it to your Desktop.



Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.
Step 9: Question

How is the PC running?
  • 0

#4
dif4

dif4

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts

Hi Machiavelli,

 

Thanks for your help. 

 

On removing Snap.Do, when I click on "Remove", a pop-up window with the message "The feature you are trying to use is on a network resource that is unavailable. Click OK to try again or enter an alternate path to a folder containing the installation package 'Installer.msi' in the box below." When I try to remove Snap.do Engine, nothing happens.

 

I have deleted the bad search engine in Chrome.

 

For OTL, here's the OTL log:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/QQlive\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D297}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8502600-B272-4F68-A67B-A0305D46D297}\ deleted successfully.
H:\Program Files\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\收藏到搜狐影音\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gogobox.com.tw\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gogobox.com.tw\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1af53b09-c268-11e0-8308-003067a72b32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1af53b09-c268-11e0-8308-003067a72b32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1af53b09-c268-11e0-8308-003067a72b32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1af53b09-c268-11e0-8308-003067a72b32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1af53b09-c268-11e0-8308-003067a72b32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1af53b09-c268-11e0-8308-003067a72b32}\ not found.
File I:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92e934f0-19ef-11e0-9bf7-00138f9363a1}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d0d698-19ec-11e0-9bf6-bfec7e776b98}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9d0d69e-19ec-11e0-9bf6-bfec7e776b98}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4b6eaa5-0add-11e2-869a-003067a72b32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4b6eaa5-0add-11e2-869a-003067a72b32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4b6eaa5-0add-11e2-869a-003067a72b32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4b6eaa5-0add-11e2-869a-003067a72b32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4b6eaa5-0add-11e2-869a-003067a72b32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4b6eaa5-0add-11e2-869a-003067a72b32}\ not found.
File I:\Startme.exe not found.
C:\Documents and Settings\All Users\Application Data\boost_interprocess folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CC386FD2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:63C68F03 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:38D2EA83 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{BE9CA23E-C5F5-410E-A3E5-8DD7657F80C8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE9CA23E-C5F5-410E-A3E5-8DD7657F80C8}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 1595264 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: User
->Temp folder emptied: 719103891 bytes
->Temporary Internet Files folder emptied: 2358240328 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 243659740 bytes
->Flash cache emptied: 861133 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6135362 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 42354 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 380592749 bytes
 
Total Files Cleaned = 3,538.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04162014_230959

Files\Folders moved on Reboot...
C:\Documents and Settings\User\Local Settings\Temp\JavaDeployReg.log moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\WEAYF3OT\PortalPlayer_94[1].swf moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\VXZDV1CV\8n77RrR4jg0[1].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\VXZDV1CV\postmessageRelay[5].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\VF1I4EHC\cur_zin[1].cur moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QOZQ34VW\338612-computer-starts-slowly[1].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QOZQ34VW\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\QOZQ34VW\nQhiC-wSiJx0pvEuJl8d8A[1].eot moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\Q2HUAPBL\2987337741[1].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\Q2HUAPBL\r[10].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\Q2HUAPBL\sync[2].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\P77WGA8A\8n77RrR4jg0[1].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\KLP7PWYW\2986410465[1].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\JN591NHI\fastbutton[1].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\GK4KR7M6\o[1].htm moved successfully.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4M8H7L0Y\like[1].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

For AdwareCleaner, after running the scan, a message "Pending, Please uncheck all elements you don't want to remove" appears and nothing happens after half an hour. This is the second time I've run it and the same thing happens. Is this normal?

 

For Junkware Removal Tool, here's the log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by User on 04/17/2014 Thu at  6:15:10.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\baidu"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Application Data\baidu"
Successfully deleted: [Folder] "C:\Program Files\baidu"

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/17/2014 Thu at  6:21:31.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

For FRST, here's the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-04-2014
Ran by User (administrator) on USER-8CE73256DD on 17-04-2014 06:22:56
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Shenzhen QVOD Technology Co.,Ltd) H:\Program Files\QvodPlayer\QvodTerminal.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(FS2YOU) C:\Program Files\GridService\peer.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.) C:\Program Files\iQIYI\QiyiService.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
() C:\Documents and Settings\User\Desktop\AdwCleaner.exe
(Microsoft Corporation) C:\WINDOWS\system32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13574144 2008-10-07] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [86016 2008-10-07] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM\...\Run: [QvodTerminal] => H:\Program Files\QvodPlayer\QvodTerminal.exe [1236096 2013-12-11] (Shenzhen QVOD Technology Co.,Ltd)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Grid Service] => C:\Program Files\GridService\peer.exe [4993024 2013-10-10] (FS2YOU)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-21-343818398-179605362-1801674531-1003\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-343818398-179605362-1801674531-1003\...\Run: [Facebook Update] => C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-343818398-179605362-1801674531-1003\...\Run: [Google Update*] => [X] <===== ATTENTION (ZeroAccess rootkit hidden path)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soccernet.com/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} http://dl_dir.qq.com...MMInstaller.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.c...oft_webscan.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ad...ash/swflash.cab
Winsock: Catalog9 01 C:\Program Files\YouKu\youkuclient\ikutm.dll [94976] (youku.com)
Winsock: Catalog9 02 C:\Program Files\YouKu\youkuclient\ikutm.dll [94976] (youku.com)
Winsock: Catalog9 22 C:\Program Files\YouKu\youkuclient\ikutm.dll [94976] (youku.com)
Tcpip\Parameters: [DhcpNameServer] 202.156.1.16 218.186.2.16 218.186.2.6

FireFox:
========
FF Plugin: @baidu.com/npxbdsetup - C:\WINDOWS\Downloaded Program Files\443437\npxbdsetup.dll ()
FF Plugin: @baidu.com/npxbdyy - C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\npxbdyy.dll No File
FF Plugin: @iqiyi.com/npclient - C:\Program Files\iQIYI\npclient.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pptv.com/plugin - C:\Program Files\Internet Explorer\PPLite\plugin\3.4.0.0111\npplugin2.dll (PPLive Corporation)
FF Plugin: @qvod.com/QvodInsert - H:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @qvod.com/QvodShare - H:\Program Files\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @sohu.com/npifox - H:\Program Files\搜狐影音\npifox.dll ()
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @qvod.com/QvodInsert - H:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: KuaiWanInsert - H:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR DefaultSearchKeyword: google.com.sg
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (PPLive PPTV Plugin) - C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.3117\npplugin2.dll (PPLive Corporation)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Media Go Detector) - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (56iCan Browser Plugin) - H:\Program Files\56ican\np56icanplugin.dll No File
CHR Plugin: (BaiduPlayer Browser Plugin) - H:\Program Files\Baidu\BaiduPlayer\1.17.0.172\npxbdyy.dll ()
CHR Plugin: (npifox Dynamic Link Library) - H:\Program Files\搜狐影音\npifox.dll ()
CHR Extension: (Google Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-20]
CHR Extension: (Google Drive) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-20]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-20]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-20]
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-20]

========================== Services (Whitelisted) =================

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-05] (Nero AG)
R2 QiyiService; C:\Program Files\iQIYI\QiyiService.exe [458832 2013-11-26] (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 BIOS; C:\WINDOWS\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group)
R1 BS_I2cIo; C:\WINDOWS\system32\drivers\BS_I2cIo.sys [6272 2010-05-17] (BIOSTAR Group)
R1 FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [12160 2001-08-23] (Microsoft Corporation)
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-04] ()
S3 ivusb; C:\WINDOWS\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl95fd76c6; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C03DDEA6-C3B2-4753-A5AB-4606CFE974FC}\MpKsl95fd76c6.sys [39464 2014-04-17] (Microsoft Corporation)
R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-12-13] ()
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-30] (Almico Software)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-17 06:22 - 2014-04-17 06:23 - 00016093 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-04-17 06:22 - 2014-04-17 06:22 - 00000000 ____D () C:\Documents and Settings\User\Desktop\FRST-OlderVersion
2014-04-17 06:21 - 2014-04-17 06:21 - 00001214 _____ () C:\Documents and Settings\User\Desktop\JRT.txt
2014-04-16 23:23 - 2014-04-16 23:23 - 00020346 _____ () C:\Documents and Settings\User\Desktop\04162014_230959.log
2014-04-16 23:09 - 2014-04-16 23:09 - 00000000 ____D () C:\_OTL
2014-04-16 23:01 - 2014-04-17 06:22 - 01146880 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-04-16 23:00 - 2014-04-16 23:00 - 01016261 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2014-04-16 22:58 - 2014-04-16 22:58 - 01426178 _____ () C:\Documents and Settings\User\Desktop\AdwCleaner.exe
2014-04-16 20:40 - 2014-04-16 20:40 - 00082514 _____ () C:\OTL.Txt
2014-04-16 20:40 - 2014-04-16 20:40 - 00047654 _____ () C:\Extras.Txt
2014-04-16 20:33 - 2014-04-16 20:33 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2014-04-09 23:29 - 2014-04-09 23:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 23:24 - 2014-04-09 23:25 - 00013160 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 23:18 - 2014-04-09 23:29 - 00015291 _____ () C:\WINDOWS\KB2922229.log
2014-03-30 20:30 - 2014-03-30 20:30 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-03-26 23:42 - 2014-04-17 06:03 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-03-26 05:23 - 2014-03-26 05:23 - 00001739 _____ () C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
2014-03-19 17:56 - 2014-03-19 17:56 - 00000281 _____ () C:\Documents and Settings\All Users\Documents\Shortcut to Maxtor (H).lnk

==================== One Month Modified Files and Folders =======

2014-04-17 06:23 - 2014-04-17 06:22 - 00016093 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-04-17 06:22 - 2014-04-17 06:22 - 00000000 ____D () C:\Documents and Settings\User\Desktop\FRST-OlderVersion
2014-04-17 06:22 - 2014-04-16 23:01 - 01146880 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-04-17 06:22 - 2013-11-11 23:39 - 00000000 ____D () C:\FRST
2014-04-17 06:22 - 2012-07-19 05:48 - 00000536 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-17 06:21 - 2014-04-17 06:21 - 00001214 _____ () C:\Documents and Settings\User\Desktop\JRT.txt
2014-04-17 06:03 - 2014-03-26 23:42 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-04-17 05:54 - 2013-11-11 20:47 - 00000000 ____D () C:\AdwCleaner
2014-04-17 05:53 - 2013-08-09 11:13 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 05:53 - 2011-01-07 07:23 - 01682424 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-17 05:44 - 2011-01-07 12:32 - 00000000 ____D () C:\Program Files\gogobox
2014-04-17 05:42 - 2001-08-23 20:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-17 05:40 - 2014-03-13 14:48 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-17 05:40 - 2013-08-09 11:13 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 05:40 - 2011-01-07 07:28 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-17 05:40 - 2011-01-06 23:00 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-17 05:40 - 2011-01-06 23:00 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-16 23:23 - 2014-04-16 23:23 - 00020346 _____ () C:\Documents and Settings\User\Desktop\04162014_230959.log
2014-04-16 23:17 - 2011-01-07 07:20 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-16 23:16 - 2011-01-07 07:28 - 00032436 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-16 23:16 - 2011-01-07 07:28 - 00000178 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-04-16 23:09 - 2014-04-16 23:09 - 00000000 ____D () C:\_OTL
2014-04-16 23:00 - 2014-04-16 23:00 - 01016261 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2014-04-16 22:58 - 2014-04-16 22:58 - 01426178 _____ () C:\Documents and Settings\User\Desktop\AdwCleaner.exe
2014-04-16 21:53 - 2012-11-13 12:07 - 00011036 _____ () C:\Documents and Settings\User\Desktop\[HDzone][ATV][1996][撞到正][林文龍+文頌娴][國語全30集][DVD-RMVB][1].txt
2014-04-16 21:26 - 2012-03-15 09:16 - 00000994 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003UA.job
2014-04-16 20:40 - 2014-04-16 20:40 - 00082514 _____ () C:\OTL.Txt
2014-04-16 20:40 - 2014-04-16 20:40 - 00047654 _____ () C:\Extras.Txt
2014-04-16 20:33 - 2014-04-16 20:33 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2014-04-16 07:00 - 2014-02-26 20:08 - 00000000 ____D () C:\FOJ
2014-04-16 06:57 - 2011-01-07 12:41 - 00000000 ____D () C:\Program Files\BitComet
2014-04-16 06:26 - 2012-03-15 09:16 - 00000972 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003Core.job
2014-04-16 05:46 - 2011-01-13 21:55 - 00000004 _____ () C:\authres.html
2014-04-15 22:05 - 2013-11-26 19:34 - 00000087 _____ () C:\WINDOWS\psnetwork.ini
2014-04-15 19:35 - 2011-01-06 22:55 - 00427543 _____ () C:\WINDOWS\setupapi.log
2014-04-15 07:55 - 2011-08-09 20:39 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-04-15 06:39 - 2011-01-07 12:32 - 00123904 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-12 18:15 - 2011-01-07 21:55 - 00000000 ____D () C:\Documents and Settings\User\Application Data\dvdcss
2014-04-11 19:21 - 2011-01-07 12:29 - 00000000 ____D () C:\Documents and Settings\User\Application Data\tigerplayer
2014-04-10 05:56 - 2013-08-09 11:13 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-04-10 03:05 - 2011-08-09 20:12 - 00928168 _____ () C:\WINDOWS\DPINST.LOG
2014-04-10 00:37 - 2011-02-23 17:13 - 03408326 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-343818398-179605362-1801674531-1003-0.dat
2014-04-10 00:37 - 2011-02-23 17:13 - 00146698 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-04-09 23:29 - 2014-04-09 23:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 23:29 - 2014-04-09 23:18 - 00015291 _____ () C:\WINDOWS\KB2922229.log
2014-04-09 23:29 - 2013-07-19 05:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-09 23:29 - 2011-01-06 22:57 - 01882614 _____ () C:\WINDOWS\iis6.log
2014-04-09 23:29 - 2011-01-06 22:57 - 01718051 _____ () C:\WINDOWS\FaxSetup.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00830628 _____ () C:\WINDOWS\ocgen.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00789493 _____ () C:\WINDOWS\tsoc.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00582516 _____ () C:\WINDOWS\comsetup.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00528034 _____ () C:\WINDOWS\msmqinst.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00351190 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00301698 _____ () C:\WINDOWS\netfxocm.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00118787 _____ () C:\WINDOWS\MedCtrOC.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00095277 _____ () C:\WINDOWS\ocmsn.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00087088 _____ () C:\WINDOWS\tabletoc.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00086155 _____ () C:\WINDOWS\msgsocm.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-09 23:25 - 2014-04-09 23:24 - 00013160 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 23:25 - 2011-01-09 12:09 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-09 23:25 - 2011-01-07 12:14 - 00153902 _____ () C:\WINDOWS\updspapi.log
2014-04-09 23:25 - 2011-01-06 22:57 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-08 16:30 - 2014-03-13 14:48 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-07 19:01 - 2013-08-20 05:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2014-03-31 22:28 - 2012-10-07 14:08 - 00001042 _____ () C:\Documents and Settings\User\Application Data\coreavc.ini
2014-03-31 22:28 - 2012-10-07 14:08 - 00000138 _____ () C:\WINDOWS\vsfilter.INI
2014-03-31 22:22 - 2012-11-19 23:07 - 00000000 ____D () C:\FFOutput
2014-03-31 21:00 - 2014-03-08 17:26 - 00000000 ____D () C:\Justice Heroes
2014-03-30 20:30 - 2014-03-30 20:30 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-03-26 23:33 - 2012-05-01 16:06 - 00001698 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-03-26 23:33 - 2011-06-09 23:31 - 00001917 _____ () C:\WINDOWS\epplauncher.mif
2014-03-26 23:32 - 2011-06-09 23:30 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-26 05:23 - 2014-03-26 05:23 - 00001739 _____ () C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
2014-03-26 05:21 - 2011-04-30 18:09 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-23 09:55 - 2011-01-07 07:21 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-03-22 20:25 - 2014-01-05 22:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Sony Mobile
2014-03-22 20:24 - 2014-01-05 22:24 - 00000000 ____D () C:\Program Files\Sony Mobile
2014-03-20 19:47 - 2011-01-07 12:54 - 00000000 ____D () C:\Program Files\RaySource
2014-03-19 17:56 - 2014-03-19 17:56 - 00000281 _____ () C:\Documents and Settings\All Users\Documents\Shortcut to Maxtor (H).lnk

Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

The Addition.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-04-2014
Ran by User at 2014-04-17 06:23:27
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

7 Wonders Magical Mystery Tour 1.00 (HKLM\...\7 Wonders Magical Mystery Tour 1.00) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Airline Baggage Mania 1.00 (HKLM\...\Airline Baggage Mania 1.00) (Version: 1.00 - Games)
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BaiduPlayer1.19.0.137 (HKLM\...\BaiduPlayer) (Version: 1.19.0 - Baidu Online Network Technology (Beijing) Co., Ltd.)
Ballad of Solar 1.00 (HKLM\...\Ballad of Solar 1.00) (Version: 1.00 - Games)
Be Richest 1.00 (HKLM\...\Be Richest 1.00) (Version:  - )
BiosNotice (HKLM\...\{1E4A6F03-4D71-4496-9B2D-71C8B59F64DE}) (Version:  - )
BitComet 1.07 (HKLM\...\BitComet) (Version: 1.07 - ~RnySmile~)
Blooming Daisies 1.00 (HKLM\...\Blooming Daisies 1.00) (Version:  - )
BrowseToSave (HKLM\...\{6BB5ABD5-3CD2-48CF-AA24-74F0B0568923}) (Version: 1.0 - ) <==== ATTENTION
Build a lot 6 On Vacation 1.2 (HKLM\...\Build a lot 6 On Vacation 1.2) (Version:  - )
Build a lot Fairy Tales 1.00 (HKLM\...\Build a lot Fairy Tales 1.00) (Version:  - )
Building the Great Wall of China 1.00 (HKLM\...\Building the Great Wall of China 1.00) (Version: 1.00 - Games)
Chinese Traditional Fonts Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-2448-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Coffee Rush 3 1.00 (HKLM\...\Coffee Rush 3 1.00) (Version:  - )
Cooking Dash 3 Thrills and Spills Collectors Edition 1.00 (HKLM\...\Cooking Dash 3 Thrills and Spills Collectors Edition 1.00) (Version:  - )
CPUID HWMonitor 1.17 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Cradle Of Egypt Collectors Edition 1.00 (HKLM\...\Cradle Of Egypt Collectors Edition 1.00) (Version:  - )
Cradle Of Rome 2 1.00 (HKLM\...\Cradle Of Rome 2 1.00) (Version:  - )
Dragon Empire (HKLM\...\Dragon Empire_is1) (Version:  - )
Easy St. Tycoon (HKCU\...\Easy St. Tycoon) (Version:  - )
EZDownloader (HKLM\...\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - EZDownloader)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
Fishers Family Farm 1.00 (HKLM\...\Fishers Family Farm 1.00) (Version:  - )
FMRTE (HKLM\...\{18651D22-C569-40DA-9DCE-0F98A4BBE19F}) (Version: 4.1.2 - BraCa Soft)
FMRTE 14.1.3.3 (HKLM\...\{D0E2EE37-5AA9-4B4F-8D3F-5D5459778864}_is1) (Version: 14.1.3.3 - Raul Bravo)
FMRTE 5.2.4 (HKLM\...\{63486834-B10B-4DD4-8216-C8D66A157D7E}_is1) (Version: 5.2.4 - Raul Bravo)
Football Manager 2012 (HKLM\...\Steam App 71270) (Version:  - SI Games)
Football Manager 2012 Editor (HKLM\...\Steam App 71400) (Version:  - )
Football Manager 2012 Resource Archiver (HKLM\...\Steam App 71410) (Version:  - )
Football Manager 2014 (HKLM\...\Steam App 231670) (Version:  - Sports Interactive)
Football Manager 2014 Editor (HKLM\...\Steam App 242460) (Version:  - )
Football Manager 2014 Resource Archiver (HKLM\...\Steam App 242480) (Version:  - )
FormatFactory (HKLM\...\{DBC12450-EB73-4B1D-A2E0-EFEE811720B2}) (Version: 1.60 - FreeTime)
FormatFactory 3.2.1.0 (HKLM\...\FormatFactory) (Version: 3.2.1.0 - Free Time)
FPE 2001 (HKLM\...\FPE 2001) (Version:  - )
Go-Go Gourmet 2 - Chef of the Year (HKLM\...\Go-Go Gourmet 2 - Chef of the Year1.0) (Version: 1.0 - Adnan_Boy 2008)
GOGOBOX (HKLM\...\GOGOBOX) (Version: 2.0.7.3 - 痴グмΤそNEXTLiNK Technology Co., Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
Happy Kingdom 1.0 (HKLM\...\Happy Kingdom 1.0) (Version: 1.0 - Games)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5241 - Intel Corporation)
iTudou 2.6.10.0 (HKLM\...\iTudou) (Version: 2.6.10.0 - 土豆网)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Jewel Quest 6 The Sapphire Dragon Collectors Edition 1.00 (HKLM\...\Jewel Quest 6 The Sapphire Dragon Collectors Edition 1.00) (Version:  - )
Kingsoft Office 2010  (6.6.0.2496) (HKLM\...\Kingsoft Office) (Version: 6.6.0.2496 - Kingsoft Corp.)
Mahjong Royal Towers 1.00 (HKLM\...\Mahjong Royal Towers 1.00) (Version: 1.00 - Games)
Mahjongg - Legends of the Tiles (HKLM\...\Mahjongg - Legends of the Tiles) (Version:  - On Hand Software)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Media Go (HKLM\...\{BE4F388F-E7B6-43E8-8856-6B74AC375A87}) (Version: 1.8.121 - Sony)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MiPony 1.3.0 (HKLM\...\MiPony) (Version: 1.3.0 - )
MpcStar 5.3 (HKLM\...\MpcStar) (Version: 5.3 - www.mpcstar.com)
Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurningROM 10 Help (CHM) (Version: 10.5.10100 - Nero AG) Hidden
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero BurnRights 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Control Center 10 (Version: 10.2.10600.0.6 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (Version: 10.5.10000 - Nero AG) Hidden
Nero Core Components 10 (Version: 2.0.17400.8.2 - Nero AG) Hidden
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Oriental Dreams (HKLM\...\Oriental Dreams_is1) (Version:  - )
PlayStation®Network Downloader (HKLM\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.06.00741 - Sony Computer Entertainment Inc.)
PlayStation®Store (HKLM\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.3.3.12540 - Sony Computer Entertainment Inc.)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Rapport (Version: 3.5.1304.66 - Trusteer) Hidden
RaySource 2.4.0.2 (HKLM\...\RaySource) (Version: 2.4.0.2 - RaySource Group)
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.30.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6215 - Realtek Semiconductor Corp.)
Snap.Do (HKLM\...\{C8A28D99-7591-45DC-8AF5-DBFB572CC8DA}) (Version: 1.161.1.12640 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{3581bea1-b5b1-4e06-a474-e1b985b85d37}) (Version: 1.161.1.12640 - ReSoft Ltd.) <==== ATTENTION
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.4.201403101311 - Sony Mobile Communications AB)
Sony PC Companion 2.10.197 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
SopCast 3.2.9 (HKLM\...\SopCast) (Version: 3.2.9 - www.sopcast.com)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Supermarket Mania 2 1.00 (HKLM\...\Supermarket Mania 2 1.00) (Version:  - )
Trade Mania 1.00 (HKLM\...\Trade Mania 1.00) (Version:  - )
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1304.66 - Trusteer)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VLC media player 0.9.8a (HKLM\...\VLC media player) (Version: 0.9.8a - VideoLAN Team)
vShare.tv plugin 1.3 (HKLM\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ATTENTION
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WhoCrashed 3.01 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
winniethepoohcur (HKLM\...\{AC7F2C31-9BBE-46A4-9C36-B2FA08B9F446}) (Version: 1.0.0 - FileSubmit)
WinRAR 壓縮工具 (HKLM\...\WinRAR archiver) (Version:  - )
Youku iku (HKLM\...\iKu) (Version: 1.7.0.517 - Youku.com)
优酷客户端 (HKLM\...\YoukuClient) (Version: 4.5.0.2200 - youkutudou, Inc.)
快播 5.18.161 (HKLM\...\QvodPlayer) (Version: 5.18.161 - Shenzhen Qvod Technology Co.,Ltd)
手机顽童圣诞特别版 (HKLM\...\手机顽童_is1) (Version:  - 飞度无限科技有限公司, Inc.)
搜狐影音 (HKLM\...\搜狐影音) (Version: 4.0.0.54 - 搜狐公司)
搜狐影音3.1.0.0 (HKLM\...\{03C8F224-5374-423D-BA14-270610258E83}_is1) (Version:  - 搜狐公司)
新浪Live (HKLM\...\新浪Live) (Version: 1.0 - Beijing SINA Information Technology Co.)
爱奇艺视频2.0 (HKLM\...\爱奇艺视频) (Version: 2.8.0.23 - QIYI, Inc.)
硕鼠 0.4.7.6 正式版 (HKLM\...\硕鼠) (Version: 0.4.7.6 正式版 - flvcd.com)
腾讯视频 (HKLM\...\qqlive) (Version: 8.42.6278.0 - 腾讯科技(深圳)有限公司)
金庸群侠苍龙版 (HKLM\...\金庸群侠苍龙版_is1) (Version:  - )
鼠标连点器 2.0 (HKLM\...\{F5D73EED-4AAD-4784-84EA-A57FF75BC23D}_is1) (Version: 2.0 - 天心工作室)

==================== Restore Points  =========================

23-03-2014 07:22:04 System Checkpoint
24-03-2014 09:05:47 Software Distribution Service 3.0
25-03-2014 10:39:29 Software Distribution Service 3.0
26-03-2014 10:48:03 System Checkpoint
26-03-2014 15:31:20 Software Distribution Service 3.0
26-03-2014 15:44:20 Software Distribution Service 3.0
27-03-2014 21:56:35 Software Distribution Service 3.0
28-03-2014 23:53:47 Software Distribution Service 3.0
30-03-2014 00:14:37 Software Distribution Service 3.0
31-03-2014 04:07:07 Software Distribution Service 3.0
01-04-2014 08:54:59 Software Distribution Service 3.0
02-04-2014 10:24:52 System Checkpoint
02-04-2014 19:35:32 Software Distribution Service 3.0
03-04-2014 22:00:21 Software Distribution Service 3.0
04-04-2014 22:42:42 System Checkpoint
05-04-2014 05:14:28 Software Distribution Service 3.0
06-04-2014 07:03:57 System Checkpoint
06-04-2014 21:26:42 Software Distribution Service 3.0
07-04-2014 11:01:17 Installed Rapport
07-04-2014 22:04:32 Software Distribution Service 3.0
08-04-2014 23:43:54 System Checkpoint
09-04-2014 04:40:44 Software Distribution Service 3.0
09-04-2014 15:24:28 Software Distribution Service 3.0
09-04-2014 19:04:38 Sony PC Companion
10-04-2014 21:51:04 Software Distribution Service 3.0
12-04-2014 00:13:39 Software Distribution Service 3.0
13-04-2014 00:16:01 Software Distribution Service 3.0
14-04-2014 06:49:08 System Checkpoint
14-04-2014 21:53:24 Software Distribution Service 3.0
15-04-2014 23:30:02 System Checkpoint
16-04-2014 08:40:51 Software Distribution Service 3.0
16-04-2014 15:10:22 OTL Restore Point - 4/16/2014 11:10:17 PM

==================== Hosts content: ==========================

2001-08-23 20:00 - 2013-11-16 08:48 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003Core.job => C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003UA.job => C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2013-07-07 19:42 - 2014-02-03 15:51 - 01125592 _____ () C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2011-08-09 20:11 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2011-08-09 20:11 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2013-04-19 14:56 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
2011-08-09 20:11 - 2010-01-11 15:44 - 00053248 _____ () C:\Program Files\Sony\Sony PC Companion\VObject.dll
2014-02-14 10:25 - 2014-02-14 10:25 - 00571392 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
2011-08-09 20:11 - 2013-10-31 11:35 - 00070880 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2014-04-16 22:58 - 2014-04-16 22:58 - 01426178 _____ () C:\Documents and Settings\User\Desktop\AdwCleaner.exe

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2014 06:16:00 AM) (Source: Application Error) (User: )
Description: Faulting application MsMpEng.exe, version 4.5.216.0, faulting module mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.
Processing media-specific event for [MsMpEng.exe!ws!]

Error: (04/17/2014 05:53:06 AM) (Source: Application Error) (User: )
Description: Faulting application MsMpEng.exe, version 4.5.216.0, faulting module mpengine.dll, version 1.1.10501.0, fault address 0x003d684d.
Processing media-specific event for [MsMpEng.exe!ws!]

Error: (04/17/2014 05:51:19 AM) (Source: ESENT) (User: )
Description: wuaueng.dll (3080) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (04/17/2014 05:51:19 AM) (Source: ESENT) (User: )
Description: wuauclt (3080) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (04/17/2014 05:51:09 AM) (Source: ESENT) (User: )
Description: wuaueng.dll (3080) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (04/17/2014 05:51:09 AM) (Source: ESENT) (User: )
Description: wuauclt (3080) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (04/17/2014 05:50:39 AM) (Source: ESENT) (User: )
Description: wuaueng.dll (2872) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (04/17/2014 05:50:39 AM) (Source: ESENT) (User: )
Description: wuauclt (2872) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (04/17/2014 05:50:29 AM) (Source: ESENT) (User: )
Description: wuaueng.dll (2872) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (04/17/2014 05:50:29 AM) (Source: ESENT) (User: )
Description: wuauclt (2872) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

System errors:
=============
Error: (04/17/2014 06:16:01 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (04/17/2014 06:15:58 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

 Feature: %%834

 Error Code: 0x80004005

 Error description: Unspecified error

 Reason: %%838

Error: (04/17/2014 06:03:23 AM) (Source: Microsoft Antimalware) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (04/17/2014 05:53:25 AM) (Source: Microsoft Antimalware) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (04/17/2014 05:53:06 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (04/17/2014 05:53:06 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

 Feature: %%834

 Error Code: 0x80004005

 Error description: Unspecified error

 Reason: %%838

Error: (04/17/2014 05:47:23 AM) (Source: DCOM) (User: USER-8CE73256DD)
Description: The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register with DCOM within the required timeout.

Error: (04/17/2014 05:42:40 AM) (Source: Microsoft Antimalware) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (04/17/2014 05:42:17 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (04/17/2014 05:40:40 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.10 for the Network Card with network address 003067A72B32 has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Microsoft Office Sessions:
=========================
Error: (04/17/2014 06:16:00 AM) (Source: Application Error)(User: )
Description: MsMpEng.exe4.5.216.0mpengine.dll1.1.10501.0003d684d

Error: (04/17/2014 05:53:06 AM) (Source: Application Error)(User: )
Description: MsMpEng.exe4.5.216.0mpengine.dll1.1.10501.0003d684d

Error: (04/17/2014 05:51:19 AM) (Source: ESENT)(User: )
Description: wuaueng.dll3080SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)

Error: (04/17/2014 05:51:19 AM) (Source: ESENT)(User: )
Description: wuauclt3080C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (04/17/2014 05:51:09 AM) (Source: ESENT)(User: )
Description: wuaueng.dll3080SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)

Error: (04/17/2014 05:51:09 AM) (Source: ESENT)(User: )
Description: wuauclt3080C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (04/17/2014 05:50:39 AM) (Source: ESENT)(User: )
Description: wuaueng.dll2872SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)

Error: (04/17/2014 05:50:39 AM) (Source: ESENT)(User: )
Description: wuauclt2872C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (04/17/2014 05:50:29 AM) (Source: ESENT)(User: )
Description: wuaueng.dll2872SUS20ClientDataStore: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)

Error: (04/17/2014 05:50:29 AM) (Source: ESENT)(User: )
Description: wuauclt2872C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 3037.17 MB
Available physical RAM: 2401.53 MB
Total Pagefile: 4922.97 MB
Available Pagefile: 4469.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1937.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.87 GB) (Free:11.33 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (DATA) (Fixed) (Total:232.88 GB) (Free:2.83 GB) NTFS
Drive f: (HT250GB_1) (Fixed) (Total:58.59 GB) (Free:0.48 GB) NTFS
Drive g: (HT250GB_2) (Fixed) (Total:174.29 GB) (Free:1.53 GB) NTFS
Drive h: (Maxtor) (Fixed) (Total:189.92 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 82BE65FC)
Partition 1: (Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=174 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 7AA57AA5)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 190 GB) (Disk ID: 844D9B2F)
Partition 1: (Not Active) - (Size=190 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

About my computer, so far it's ok now but I'm not sure whether it's because the problem has been solved or because it's been some time since I've started my computer. My computer will be slow for around 1 hour when I started it but after that, the speed will be normal.

 

Thanks for your help.


  • 0

#5
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts

For AdwareCleaner, after running the scan, a message "Pending, Please uncheck all elements you don't want to remove" appears and nothing happens after half an hour. This is the second time I've run it and the same thing happens. Is this normal?

Please follow my instructions carefully. It says that you need to click Clean after the Scan has finished. After you have done that do a new FRST Scan please.
  • 0

#6
dif4

dif4

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts

Hi Machiavelli,

 

My apologies for the misunderstanding, I misunderstood and thought that there will be an indication when the scanning is completed for AdwareCleaner.

 

Here's the AdwareCleaner log:

 

# AdwCleaner v3.023 - Report created 17/04/2014 at 19:43:01
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - USER-8CE73256DD
# Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [H:\Program Files\Baidu\BaiduPlayer\1.17.0.172\BaiduP2PService.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\BaiduP2PService.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\StatReport.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\BaiduPlayer.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\All Users\Application Data\Baidu\BaiduPlayer\bdupdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\BaiduSetupAx_0.exe]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v34.0.1847.116

[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6214 octets] - [11/11/2013 20:47:28]
AdwCleaner[R1].txt - [2752 octets] - [16/04/2014 23:25:03]
AdwCleaner[R2].txt - [2812 octets] - [17/04/2014 05:54:09]
AdwCleaner[R3].txt - [2618 octets] - [17/04/2014 19:42:10]
AdwCleaner[S0].txt - [5249 octets] - [11/11/2013 20:49:22]
AdwCleaner[S1].txt - [2557 octets] - [17/04/2014 19:43:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2617 octets] ##########

 

 

Here's the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-04-2014
Ran by User (administrator) on USER-8CE73256DD on 17-04-2014 19:51:40
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Shenzhen QVOD Technology Co.,Ltd) H:\Program Files\QvodPlayer\QvodTerminal.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(FS2YOU) C:\Program Files\GridService\peer.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.) C:\Program Files\iQIYI\QiyiService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13574144 2008-10-07] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [86016 2008-10-07] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM\...\Run: [QvodTerminal] => H:\Program Files\QvodPlayer\QvodTerminal.exe [1236096 2013-12-11] (Shenzhen QVOD Technology Co.,Ltd)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Grid Service] => C:\Program Files\GridService\peer.exe [4993024 2013-10-10] (FS2YOU)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-21-343818398-179605362-1801674531-1003\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-343818398-179605362-1801674531-1003\...\Run: [Facebook Update] => C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-343818398-179605362-1801674531-1003\...\Run: [Google Update*] => [X] <===== ATTENTION (ZeroAccess rootkit hidden path)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soccernet.com/
SearchScopes: HKLM - DefaultScope value is missing.
BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} http://dl_dir.qq.com...MMInstaller.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.c...oft_webscan.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ad...ash/swflash.cab
Winsock: Catalog9 01 C:\Program Files\YouKu\youkuclient\ikutm.dll [94976] (youku.com)
Winsock: Catalog9 02 C:\Program Files\YouKu\youkuclient\ikutm.dll [94976] (youku.com)
Winsock: Catalog9 22 C:\Program Files\YouKu\youkuclient\ikutm.dll [94976] (youku.com)
Tcpip\Parameters: [DhcpNameServer] 202.156.1.16 218.186.2.16 218.186.2.6

FireFox:
========
FF Plugin: @baidu.com/npxbdsetup - C:\WINDOWS\Downloaded Program Files\443437\npxbdsetup.dll ()
FF Plugin: @baidu.com/npxbdyy - C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\npxbdyy.dll No File
FF Plugin: @iqiyi.com/npclient - C:\Program Files\iQIYI\npclient.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pptv.com/plugin - C:\Program Files\Internet Explorer\PPLite\plugin\3.4.0.0111\npplugin2.dll (PPLive Corporation)
FF Plugin: @qvod.com/QvodInsert - H:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @qvod.com/QvodShare - H:\Program Files\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @sohu.com/npifox - H:\Program Files\搜狐影音\npifox.dll ()
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @qvod.com/QvodInsert - H:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: KuaiWanInsert - H:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR DefaultSearchKeyword: google.com.sg
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (PPLive PPTV Plugin) - C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.3117\npplugin2.dll (PPLive Corporation)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Media Go Detector) - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (56iCan Browser Plugin) - H:\Program Files\56ican\np56icanplugin.dll No File
CHR Plugin: (BaiduPlayer Browser Plugin) - H:\Program Files\Baidu\BaiduPlayer\1.17.0.172\npxbdyy.dll ()
CHR Plugin: (npifox Dynamic Link Library) - H:\Program Files\搜狐影音\npifox.dll ()
CHR Extension: (Google Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-20]
CHR Extension: (Google Drive) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-20]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-20]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-20]
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-20]

========================== Services (Whitelisted) =================

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-05] (Nero AG)
R2 QiyiService; C:\Program Files\iQIYI\QiyiService.exe [458832 2013-11-26] (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 BIOS; C:\WINDOWS\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group)
R1 BS_I2cIo; C:\WINDOWS\system32\drivers\BS_I2cIo.sys [6272 2010-05-17] (BIOSTAR Group)
R1 FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [12160 2001-08-23] (Microsoft Corporation)
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-04] ()
S3 ivusb; C:\WINDOWS\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKslf9e0e0d1; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C03DDEA6-C3B2-4753-A5AB-4606CFE974FC}\MpKslf9e0e0d1.sys [39464 2014-04-17] (Microsoft Corporation)
R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-12-13] ()
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-30] (Almico Software)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-17 19:51 - 2014-04-17 19:51 - 00002697 _____ () C:\Documents and Settings\User\Desktop\AdwCleaner[S1].txt
2014-04-17 06:23 - 2014-04-17 06:23 - 00030353 _____ () C:\Documents and Settings\User\Desktop\Addition.txt
2014-04-17 06:22 - 2014-04-17 19:51 - 00016116 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-04-17 06:21 - 2014-04-17 06:21 - 00001214 _____ () C:\Documents and Settings\User\Desktop\JRT.txt
2014-04-16 23:23 - 2014-04-16 23:23 - 00020346 _____ () C:\Documents and Settings\User\Desktop\04162014_230959.log
2014-04-16 23:09 - 2014-04-16 23:09 - 00000000 ____D () C:\_OTL
2014-04-16 23:01 - 2014-04-17 06:22 - 01146880 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-04-16 23:00 - 2014-04-16 23:00 - 01016261 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2014-04-16 22:58 - 2014-04-16 22:58 - 01426178 _____ () C:\Documents and Settings\User\Desktop\AdwCleaner.exe
2014-04-16 20:40 - 2014-04-16 20:40 - 00082514 _____ () C:\OTL.Txt
2014-04-16 20:40 - 2014-04-16 20:40 - 00047654 _____ () C:\Extras.Txt
2014-04-16 20:33 - 2014-04-16 20:33 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2014-04-09 23:29 - 2014-04-09 23:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 23:24 - 2014-04-09 23:25 - 00013160 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 23:18 - 2014-04-09 23:29 - 00015291 _____ () C:\WINDOWS\KB2922229.log
2014-03-30 20:30 - 2014-03-30 20:30 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-03-26 23:42 - 2014-04-17 06:03 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-03-26 05:23 - 2014-03-26 05:23 - 00001739 _____ () C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
2014-03-19 17:56 - 2014-03-19 17:56 - 00000281 _____ () C:\Documents and Settings\All Users\Documents\Shortcut to Maxtor (H).lnk

==================== One Month Modified Files and Folders =======

2014-04-17 19:52 - 2013-08-09 11:13 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 19:51 - 2014-04-17 19:51 - 00002697 _____ () C:\Documents and Settings\User\Desktop\AdwCleaner[S1].txt
2014-04-17 19:51 - 2014-04-17 06:22 - 00016116 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-04-17 19:51 - 2013-11-11 23:39 - 00000000 ____D () C:\FRST
2014-04-17 19:49 - 2011-01-07 07:23 - 01702057 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-17 19:49 - 2001-08-23 20:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-17 19:48 - 2014-03-13 14:48 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-17 19:48 - 2013-08-09 11:13 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 19:48 - 2011-01-07 07:28 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-17 19:48 - 2011-01-06 23:00 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-04-17 19:48 - 2011-01-06 23:00 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-17 19:43 - 2013-11-11 20:47 - 00000000 ____D () C:\AdwCleaner
2014-04-17 19:43 - 2011-01-07 07:28 - 00032436 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-17 19:43 - 2011-01-07 07:28 - 00000178 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-04-17 19:22 - 2012-07-19 05:48 - 00000536 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-17 18:26 - 2012-03-15 09:16 - 00000994 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003UA.job
2014-04-17 06:26 - 2012-03-15 09:16 - 00000972 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003Core.job
2014-04-17 06:23 - 2014-04-17 06:23 - 00030353 _____ () C:\Documents and Settings\User\Desktop\Addition.txt
2014-04-17 06:22 - 2014-04-16 23:01 - 01146880 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-04-17 06:21 - 2014-04-17 06:21 - 00001214 _____ () C:\Documents and Settings\User\Desktop\JRT.txt
2014-04-17 06:03 - 2014-03-26 23:42 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-04-17 05:44 - 2011-01-07 12:32 - 00000000 ____D () C:\Program Files\gogobox
2014-04-16 23:23 - 2014-04-16 23:23 - 00020346 _____ () C:\Documents and Settings\User\Desktop\04162014_230959.log
2014-04-16 23:17 - 2011-01-07 07:20 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-16 23:09 - 2014-04-16 23:09 - 00000000 ____D () C:\_OTL
2014-04-16 23:00 - 2014-04-16 23:00 - 01016261 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2014-04-16 22:58 - 2014-04-16 22:58 - 01426178 _____ () C:\Documents and Settings\User\Desktop\AdwCleaner.exe
2014-04-16 21:53 - 2012-11-13 12:07 - 00011036 _____ () C:\Documents and Settings\User\Desktop\[HDzone][ATV][1996][撞到正][林文龍+文頌娴][國語全30集][DVD-RMVB][1].txt
2014-04-16 20:40 - 2014-04-16 20:40 - 00082514 _____ () C:\OTL.Txt
2014-04-16 20:40 - 2014-04-16 20:40 - 00047654 _____ () C:\Extras.Txt
2014-04-16 20:33 - 2014-04-16 20:33 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2014-04-16 07:00 - 2014-02-26 20:08 - 00000000 ____D () C:\FOJ
2014-04-16 06:57 - 2011-01-07 12:41 - 00000000 ____D () C:\Program Files\BitComet
2014-04-16 05:46 - 2011-01-13 21:55 - 00000004 _____ () C:\authres.html
2014-04-15 22:05 - 2013-11-26 19:34 - 00000087 _____ () C:\WINDOWS\psnetwork.ini
2014-04-15 19:35 - 2011-01-06 22:55 - 00427543 _____ () C:\WINDOWS\setupapi.log
2014-04-15 07:55 - 2011-08-09 20:39 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-04-15 06:39 - 2011-01-07 12:32 - 00123904 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-12 18:15 - 2011-01-07 21:55 - 00000000 ____D () C:\Documents and Settings\User\Application Data\dvdcss
2014-04-11 19:21 - 2011-01-07 12:29 - 00000000 ____D () C:\Documents and Settings\User\Application Data\tigerplayer
2014-04-10 05:56 - 2013-08-09 11:13 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-04-10 03:05 - 2011-08-09 20:12 - 00928168 _____ () C:\WINDOWS\DPINST.LOG
2014-04-10 00:37 - 2011-02-23 17:13 - 03408326 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-343818398-179605362-1801674531-1003-0.dat
2014-04-10 00:37 - 2011-02-23 17:13 - 00146698 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-04-09 23:29 - 2014-04-09 23:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 23:29 - 2014-04-09 23:18 - 00015291 _____ () C:\WINDOWS\KB2922229.log
2014-04-09 23:29 - 2013-07-19 05:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-09 23:29 - 2011-01-06 22:57 - 01882614 _____ () C:\WINDOWS\iis6.log
2014-04-09 23:29 - 2011-01-06 22:57 - 01718051 _____ () C:\WINDOWS\FaxSetup.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00830628 _____ () C:\WINDOWS\ocgen.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00789493 _____ () C:\WINDOWS\tsoc.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00582516 _____ () C:\WINDOWS\comsetup.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00528034 _____ () C:\WINDOWS\msmqinst.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00351190 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00301698 _____ () C:\WINDOWS\netfxocm.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00118787 _____ () C:\WINDOWS\MedCtrOC.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00095277 _____ () C:\WINDOWS\ocmsn.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00087088 _____ () C:\WINDOWS\tabletoc.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00086155 _____ () C:\WINDOWS\msgsocm.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-09 23:25 - 2014-04-09 23:24 - 00013160 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 23:25 - 2011-01-09 12:09 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-09 23:25 - 2011-01-07 12:14 - 00153902 _____ () C:\WINDOWS\updspapi.log
2014-04-09 23:25 - 2011-01-06 22:57 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-08 16:30 - 2014-03-13 14:48 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-07 19:01 - 2013-08-20 05:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2014-03-31 22:28 - 2012-10-07 14:08 - 00001042 _____ () C:\Documents and Settings\User\Application Data\coreavc.ini
2014-03-31 22:28 - 2012-10-07 14:08 - 00000138 _____ () C:\WINDOWS\vsfilter.INI
2014-03-31 22:22 - 2012-11-19 23:07 - 00000000 ____D () C:\FFOutput
2014-03-31 21:00 - 2014-03-08 17:26 - 00000000 ____D () C:\Justice Heroes
2014-03-30 20:30 - 2014-03-30 20:30 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-03-26 23:33 - 2012-05-01 16:06 - 00001698 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-03-26 23:33 - 2011-06-09 23:31 - 00001917 _____ () C:\WINDOWS\epplauncher.mif
2014-03-26 23:32 - 2011-06-09 23:30 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-26 05:23 - 2014-03-26 05:23 - 00001739 _____ () C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
2014-03-26 05:21 - 2011-04-30 18:09 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-23 09:55 - 2011-01-07 07:21 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-03-22 20:25 - 2014-01-05 22:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Sony Mobile
2014-03-22 20:24 - 2014-01-05 22:24 - 00000000 ____D () C:\Program Files\Sony Mobile
2014-03-20 19:47 - 2011-01-07 12:54 - 00000000 ____D () C:\Program Files\RaySource
2014-03-19 17:56 - 2014-03-19 17:56 - 00000281 _____ () C:\Documents and Settings\All Users\Documents\Shortcut to Maxtor (H).lnk

Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Thanks for your help.


Edited by dif4, 17 April 2014 - 06:07 AM.

  • 0

#7
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hey,
Hope everything is good.

Step 1: FRST Fix

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally.
After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 2: FRST Scan
  • Run FRST.
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 4: ESET

Please disable your AntiVirus before doing these steps!
  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here
How to do this?
  • Visit this website here
  • You will see a screen like this:

    e922iil8.png
    • Click Run ESET Online Scanner

      4e3svhbd.png
    • A Window will open (see above) - please click on the link
    • A window will pop up - please download the file to your Desktop
    • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

      p35jbmyy.png
    • Tick the box next to YES, I accept the Terms of Use then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

      p3b9meru.png
    • Make sure that the option Remove found threats is NOT checked.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Then click on Start
    • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • I want you to uninstall following programs (XP: Start > Control Panel > Add/Remove Programs | Vista / Win7 / Win8: Start > Control Panel > uninstall a program):
    • ESET Online Scanner
Step 5: Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Attached Files


  • 0

#8
dif4

dif4

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts

Hi,

 

Here's the FRST Fix log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-04-2014
Ran by User at 2014-04-17 22:38:05 Run:1
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-343818398-179605362-1801674531-1003\...\Run: [Google Update*] => [X] <===== ATTENTION (ZeroAccess rootkit hidden path)
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll No File
FF Plugin: @baidu.com/npxbdyy - C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\npxbdyy.dll No File
*****************

HKU\S-1-5-21-343818398-179605362-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy => Key deleted successfully.
C:\Program Files\Baidu\BaiduPlayer\1.19.0.137\npxbdyy.dll not found.

==== End of Fixlog ====

 

 

Here's the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-04-2014
Ran by User (administrator) on USER-8CE73256DD on 17-04-2014 22:38:37
Running from C:\Documents and Settings\User\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Shenzhen QVOD Technology Co.,Ltd) H:\Program Files\QvodPlayer\QvodTerminal.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(FS2YOU) C:\Program Files\GridService\peer.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.) C:\Program Files\iQIYI\QiyiService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13574144 2008-10-07] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMcTray.dll [86016 2008-10-07] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM\...\Run: [QvodTerminal] => H:\Program Files\QvodPlayer\QvodTerminal.exe [1236096 2013-12-11] (Shenzhen QVOD Technology Co.,Ltd)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Grid Service] => C:\Program Files\GridService\peer.exe [4993024 2013-10-10] (FS2YOU)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-21-343818398-179605362-1801674531-1003\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-343818398-179605362-1801674531-1003\...\Run: [Facebook Update] => C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-343818398-179605362-1801674531-1003\...\Run: [Google Update*] => [X] <===== ATTENTION (ZeroAccess rootkit hidden path)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soccernet.com/
BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} http://dl_dir.qq.com...MMInstaller.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.c...oft_webscan.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ad...ash/swflash.cab
Winsock: Catalog9 01 C:\Program Files\YouKu\youkuclient\ikutm.dll [94976] (youku.com)
Winsock: Catalog9 02 C:\Program Files\YouKu\youkuclient\ikutm.dll [94976] (youku.com)
Winsock: Catalog9 22 C:\Program Files\YouKu\youkuclient\ikutm.dll [94976] (youku.com)
Tcpip\Parameters: [DhcpNameServer] 202.156.1.16 218.186.2.16 218.186.2.6

FireFox:
========
FF Plugin: @baidu.com/npxbdsetup - C:\WINDOWS\Downloaded Program Files\443437\npxbdsetup.dll ()
FF Plugin: @iqiyi.com/npclient - C:\Program Files\iQIYI\npclient.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pptv.com/plugin - C:\Program Files\Internet Explorer\PPLite\plugin\3.4.0.0111\npplugin2.dll (PPLive Corporation)
FF Plugin: @qvod.com/QvodInsert - H:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @qvod.com/QvodShare - H:\Program Files\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @sohu.com/npifox - H:\Program Files\搜狐影音\npifox.dll ()
FF Plugin: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @qvod.com/QvodInsert - H:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: KuaiWanInsert - H:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR DefaultSearchKeyword: google.com.sg
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (PPLive PPTV Plugin) - C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.3117\npplugin2.dll (PPLive Corporation)
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Media Go Detector) - C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (56iCan Browser Plugin) - H:\Program Files\56ican\np56icanplugin.dll No File
CHR Plugin: (BaiduPlayer Browser Plugin) - H:\Program Files\Baidu\BaiduPlayer\1.17.0.172\npxbdyy.dll ()
CHR Plugin: (npifox Dynamic Link Library) - H:\Program Files\搜狐影音\npifox.dll ()
CHR Extension: (Google Docs) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-20]
CHR Extension: (Google Drive) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-20]
CHR Extension: (YouTube) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-20]
CHR Extension: (Google Search) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-20]
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Gmail) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-20]

========================== Services (Whitelisted) =================

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-05] (Nero AG)
R2 QiyiService; C:\Program Files\iQIYI\QiyiService.exe [458832 2013-11-26] (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 BIOS; C:\WINDOWS\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group)
R1 BS_I2cIo; C:\WINDOWS\system32\drivers\BS_I2cIo.sys [6272 2010-05-17] (BIOSTAR Group)
R1 FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [12160 2001-08-23] (Microsoft Corporation)
S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-04] ()
S3 ivusb; C:\WINDOWS\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKslf9e0e0d1; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C03DDEA6-C3B2-4753-A5AB-4606CFE974FC}\MpKslf9e0e0d1.sys [39464 2014-04-17] (Microsoft Corporation)
R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-12-13] ()
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-30] (Almico Software)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-17 22:19 - 2014-04-17 22:19 - 17305616 _____ (Malwarebytes Corporation ) C:\mbam-setup-2.0.1.1004.exe
2014-04-17 22:19 - 2014-04-17 22:19 - 00987448 _____ () C:\Documents and Settings\User\Desktop\SecurityCheck.exe
2014-04-17 19:51 - 2014-04-17 19:51 - 00002697 _____ () C:\Documents and Settings\User\Desktop\AdwCleaner[S1].txt
2014-04-17 06:23 - 2014-04-17 06:23 - 00030353 _____ () C:\Documents and Settings\User\Desktop\Addition.txt
2014-04-17 06:22 - 2014-04-17 22:39 - 00016022 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-04-17 06:21 - 2014-04-17 06:21 - 00001214 _____ () C:\Documents and Settings\User\Desktop\JRT.txt
2014-04-16 23:23 - 2014-04-16 23:23 - 00020346 _____ () C:\Documents and Settings\User\Desktop\04162014_230959.log
2014-04-16 23:09 - 2014-04-16 23:09 - 00000000 ____D () C:\_OTL
2014-04-16 23:01 - 2014-04-17 06:22 - 01146880 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-04-16 23:00 - 2014-04-16 23:00 - 01016261 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2014-04-16 22:58 - 2014-04-16 22:58 - 01426178 _____ () C:\Documents and Settings\User\Desktop\AdwCleaner.exe
2014-04-16 20:40 - 2014-04-16 20:40 - 00082514 _____ () C:\OTL.Txt
2014-04-16 20:40 - 2014-04-16 20:40 - 00047654 _____ () C:\Extras.Txt
2014-04-16 20:33 - 2014-04-16 20:33 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2014-04-09 23:29 - 2014-04-09 23:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 23:24 - 2014-04-09 23:25 - 00013160 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 23:18 - 2014-04-09 23:29 - 00015291 _____ () C:\WINDOWS\KB2922229.log
2014-03-30 20:30 - 2014-03-30 20:30 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-03-26 23:42 - 2014-04-17 06:03 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-03-26 05:23 - 2014-03-26 05:23 - 00001739 _____ () C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
2014-03-19 17:56 - 2014-03-19 17:56 - 00000281 _____ () C:\Documents and Settings\All Users\Documents\Shortcut to Maxtor (H).lnk

==================== One Month Modified Files and Folders =======

2014-04-17 22:39 - 2014-04-17 06:22 - 00016022 _____ () C:\Documents and Settings\User\Desktop\FRST.txt
2014-04-17 22:38 - 2013-11-11 23:39 - 00000000 ____D () C:\FRST
2014-04-17 22:22 - 2012-07-19 05:48 - 00000536 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-17 22:19 - 2014-04-17 22:19 - 17305616 _____ (Malwarebytes Corporation ) C:\mbam-setup-2.0.1.1004.exe
2014-04-17 22:19 - 2014-04-17 22:19 - 00987448 _____ () C:\Documents and Settings\User\Desktop\SecurityCheck.exe
2014-04-17 22:18 - 2013-07-07 19:35 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-04-17 21:52 - 2013-08-09 11:13 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 21:26 - 2012-03-15 09:16 - 00000994 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003UA.job
2014-04-17 21:22 - 2012-11-13 12:07 - 00011044 _____ () C:\Documents and Settings\User\Desktop\[HDzone][ATV][1996][撞到正][林文龍+文頌娴][國語全30集][DVD-RMVB][1].txt
2014-04-17 21:22 - 2011-01-07 07:28 - 00032474 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-17 21:03 - 2011-01-07 21:55 - 00000000 ____D () C:\Documents and Settings\User\Application Data\dvdcss
2014-04-17 20:35 - 2013-11-26 19:34 - 00000087 _____ () C:\WINDOWS\psnetwork.ini
2014-04-17 20:00 - 2011-01-07 07:23 - 01705004 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-17 19:51 - 2014-04-17 19:51 - 00002697 _____ () C:\Documents and Settings\User\Desktop\AdwCleaner[S1].txt
2014-04-17 19:49 - 2001-08-23 20:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-17 19:48 - 2014-03-13 14:48 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-17 19:48 - 2013-08-09 11:13 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 19:48 - 2011-01-07 07:28 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-17 19:48 - 2011-01-06 23:00 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-04-17 19:48 - 2011-01-06 23:00 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-17 19:43 - 2013-11-11 20:47 - 00000000 ____D () C:\AdwCleaner
2014-04-17 19:43 - 2011-01-07 07:28 - 00000178 ___SH () C:\Documents and Settings\User\ntuser.ini
2014-04-17 06:26 - 2012-03-15 09:16 - 00000972 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003Core.job
2014-04-17 06:23 - 2014-04-17 06:23 - 00030353 _____ () C:\Documents and Settings\User\Desktop\Addition.txt
2014-04-17 06:22 - 2014-04-16 23:01 - 01146880 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2014-04-17 06:21 - 2014-04-17 06:21 - 00001214 _____ () C:\Documents and Settings\User\Desktop\JRT.txt
2014-04-17 06:03 - 2014-03-26 23:42 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-04-17 05:44 - 2011-01-07 12:32 - 00000000 ____D () C:\Program Files\gogobox
2014-04-16 23:23 - 2014-04-16 23:23 - 00020346 _____ () C:\Documents and Settings\User\Desktop\04162014_230959.log
2014-04-16 23:17 - 2011-01-07 07:20 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-16 23:09 - 2014-04-16 23:09 - 00000000 ____D () C:\_OTL
2014-04-16 23:00 - 2014-04-16 23:00 - 01016261 _____ (Thisisu) C:\Documents and Settings\User\Desktop\JRT.exe
2014-04-16 22:58 - 2014-04-16 22:58 - 01426178 _____ () C:\Documents and Settings\User\Desktop\AdwCleaner.exe
2014-04-16 20:40 - 2014-04-16 20:40 - 00082514 _____ () C:\OTL.Txt
2014-04-16 20:40 - 2014-04-16 20:40 - 00047654 _____ () C:\Extras.Txt
2014-04-16 20:33 - 2014-04-16 20:33 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\User\Desktop\OTL.exe
2014-04-16 07:00 - 2014-02-26 20:08 - 00000000 ____D () C:\FOJ
2014-04-16 06:57 - 2011-01-07 12:41 - 00000000 ____D () C:\Program Files\BitComet
2014-04-16 05:46 - 2011-01-13 21:55 - 00000004 _____ () C:\authres.html
2014-04-15 19:35 - 2011-01-06 22:55 - 00427543 _____ () C:\WINDOWS\setupapi.log
2014-04-15 07:55 - 2011-08-09 20:39 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-04-15 06:39 - 2011-01-07 12:32 - 00123904 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-11 19:21 - 2011-01-07 12:29 - 00000000 ____D () C:\Documents and Settings\User\Application Data\tigerplayer
2014-04-10 05:56 - 2013-08-09 11:13 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-04-10 03:05 - 2011-08-09 20:12 - 00928168 _____ () C:\WINDOWS\DPINST.LOG
2014-04-10 00:37 - 2011-02-23 17:13 - 03408326 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-343818398-179605362-1801674531-1003-0.dat
2014-04-10 00:37 - 2011-02-23 17:13 - 00146698 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-04-09 23:29 - 2014-04-09 23:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 23:29 - 2014-04-09 23:18 - 00015291 _____ () C:\WINDOWS\KB2922229.log
2014-04-09 23:29 - 2013-07-19 05:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-09 23:29 - 2011-01-06 22:57 - 01882614 _____ () C:\WINDOWS\iis6.log
2014-04-09 23:29 - 2011-01-06 22:57 - 01718051 _____ () C:\WINDOWS\FaxSetup.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00830628 _____ () C:\WINDOWS\ocgen.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00789493 _____ () C:\WINDOWS\tsoc.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00582516 _____ () C:\WINDOWS\comsetup.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00528034 _____ () C:\WINDOWS\msmqinst.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00351190 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00301698 _____ () C:\WINDOWS\netfxocm.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00118787 _____ () C:\WINDOWS\MedCtrOC.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00095277 _____ () C:\WINDOWS\ocmsn.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00087088 _____ () C:\WINDOWS\tabletoc.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00086155 _____ () C:\WINDOWS\msgsocm.log
2014-04-09 23:29 - 2011-01-06 22:57 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-09 23:25 - 2014-04-09 23:24 - 00013160 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 23:25 - 2011-01-09 12:09 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-09 23:25 - 2011-01-07 12:14 - 00153902 _____ () C:\WINDOWS\updspapi.log
2014-04-09 23:25 - 2011-01-06 22:57 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-08 16:30 - 2014-03-13 14:48 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-07 19:01 - 2013-08-20 05:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2014-03-31 22:28 - 2012-10-07 14:08 - 00001042 _____ () C:\Documents and Settings\User\Application Data\coreavc.ini
2014-03-31 22:28 - 2012-10-07 14:08 - 00000138 _____ () C:\WINDOWS\vsfilter.INI
2014-03-31 22:22 - 2012-11-19 23:07 - 00000000 ____D () C:\FFOutput
2014-03-31 21:00 - 2014-03-08 17:26 - 00000000 ____D () C:\Justice Heroes
2014-03-30 20:30 - 2014-03-30 20:30 - 00107256 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-03-26 23:33 - 2012-05-01 16:06 - 00001698 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-03-26 23:33 - 2011-06-09 23:31 - 00001917 _____ () C:\WINDOWS\epplauncher.mif
2014-03-26 23:32 - 2011-06-09 23:30 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-26 05:23 - 2014-03-26 05:23 - 00001739 _____ () C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
2014-03-26 05:21 - 2011-04-30 18:09 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-23 09:55 - 2011-01-07 07:21 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-03-22 20:25 - 2014-01-05 22:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Sony Mobile
2014-03-22 20:24 - 2014-01-05 22:24 - 00000000 ____D () C:\Program Files\Sony Mobile
2014-03-20 19:47 - 2011-01-07 12:54 - 00000000 ____D () C:\Program Files\RaySource
2014-03-19 17:56 - 2014-03-19 17:56 - 00000281 _____ () C:\Documents and Settings\All Users\Documents\Shortcut to Maxtor (H).lnk

Some content of TEMP:
====================
C:\Documents and Settings\User\Local Settings\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Here's the Malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/17/2014
Scan Time: 11:21:57 PM
Logfile: Malwarebytes.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.17.03
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 240993
Time Elapsed: 40 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Trojan.Zaccess, HKU\S-1-5-21-343818398-179605362-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^a??a?¤, Quarantined, [d82847b90af616eaff3c778bdd23c13f],

Registry Data: 2
PUP.Optional.SnapDo.A, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.c...Date=11/11/2013, Good: (www.google.com), Bad: (http://feed.snapdo.c...82f8a92ae56b14f]
PUP.Optional.SnapDo.A, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.c...Date=11/11/2013, Good: (www.google.com), Bad: (http://feed.snapdo.c...5a2bc6023e18d73]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

Here's the ESET log:

 

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3dbe338e3b382d4abc9cdbbffac80040
# engine=17928
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-17 04:07:04
# local_time=2014-04-18 12:07:04 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5892 16777213 88 94 1902861 61891277 0 0
# scanned=3491
# found=4
# cleaned=0
# scan_time=158
sh=A88E2DB4D5260E0B7337FF81BC951CFA633A67BE ft=1 fh=f7fc64a2f8c74c7c vn="a variant of Win32/Hao123.A potentially unwanted application" ac=I fn="C:\BaiduPlayerun_72043058.exe"
sh=2DE50229B0B0A12BF5A2C2467711C78300A70598 ft=0 fh=0000000000000000 vn="a variant of Win32/Hao123.A potentially unwanted application" ac=I fn="C:\FFSetup3.0.1.zip"
sh=D30DD70463DF07167074F8AC8B16911C8E2851AF ft=1 fh=4bbcab664373bacf vn="a variant of Win32/Hao123.A potentially unwanted application" ac=I fn="C:\iku2.1_setup.exe"
sh=EFFA317DA954D0B13124D8F151FA6E6CAA599F85 ft=1 fh=309673886b68a786 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll.vir"
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3dbe338e3b382d4abc9cdbbffac80040
# engine=17934
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-18 06:11:21
# local_time=2014-04-18 02:11:21 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5892 16777213 88 94 1953518 61941934 0 0
# scanned=584537
# found=99
# cleaned=0
# scan_time=14786
sh=A88E2DB4D5260E0B7337FF81BC951CFA633A67BE ft=1 fh=f7fc64a2f8c74c7c vn="a variant of Win32/Hao123.A potentially unwanted application" ac=I fn="C:\BaiduPlayerun_72043058.exe"
sh=2DE50229B0B0A12BF5A2C2467711C78300A70598 ft=0 fh=0000000000000000 vn="a variant of Win32/Hao123.A potentially unwanted application" ac=I fn="C:\FFSetup3.0.1.zip"
sh=D30DD70463DF07167074F8AC8B16911C8E2851AF ft=1 fh=4bbcab664373bacf vn="a variant of Win32/Hao123.A potentially unwanted application" ac=I fn="C:\iku2.1_setup.exe"
sh=EFFA317DA954D0B13124D8F151FA6E6CAA599F85 ft=1 fh=309673886b68a786 vn="Win32/Toolbar.Linkury.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll.vir"
sh=CAB49CCC1333546DE9AA7328EA61700925A8DAA7 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\User\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\16\5118a050-2fd347ee"
sh=C96C4241335AD2C691B0A414014EAFD59F496180 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\User\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\33\766b5c61-557d0649"
sh=EDC8FFFE4551960C9832D902F0328DFDE57F2CF6 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\User\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\36\2f05c1a4-48c9bf82"
sh=9AA0799700D97440CCAFD68053C4A9E7A224CF17 ft=1 fh=e1506fff763c62ee vn="a variant of Win32/MiniUPnP.A potentially unsafe application" ac=I fn="C:\Download\GOGOBoxSetup.exe"
sh=81D834A626295462A9AEEB988FCDC359A30B92B8 ft=1 fh=dd5f89bf0e8ffd82 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Download\hwmonitor_1.17-setup.exe"
sh=565CD2F7734844AA2C6EAEBE96AEEB2D911EAB96 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.BD potentially unsafe application" ac=I fn="C:\Download\Reflexorator.rar"
sh=27D1AB80035E702A79D0F308FD25821AF444DFB3 ft=1 fh=8caaa74c8a35d573 vn="a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application" ac=I fn="C:\Download\siw.exe"
sh=F1A359B565F2F632B93FCEE2815CDDC8C9382CD7 ft=0 fh=0000000000000000 vn="a variant of Win32/FlyStudio potentially unwanted application" ac=I fn="C:\Downloads\《仙剑奇侠传5》破解.rar"
sh=94B7AD876318580287608E11B413C645DE4EC44D ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application" ac=I fn="C:\Downloads\Nero Multimedia Suite 10 (2010) [FullDVD][MULTi][WwW.ZoNaTorrent.CoM]\Nero Multimedia Suite 10 (2010) [FullDVD][MULTi][WwW.ZoNaTorrent.CoM].iso"
sh=DFBC604464EA0AC051D6C87BDD8BC1F5112EBEB4 ft=1 fh=3503db1eb21935db vn="a variant of Win32/MiniUPnP.A potentially unsafe application" ac=I fn="C:\Program Files\gogobox\upnp\upnp.exe"
sh=D995944F2F62BBA2A8ABCAD4F8F45674772F4545 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\WD 40GB\BKUP\My Documents\Internet\Archives\TVB Anniversary Awards_files\eaini_s.js"
sh=22C805CE2F715CC085EE9AEDF07C04F41EBBC8AB ft=1 fh=030b815959ffd3d1 vn="multiple threats" ac=I fn="C:\WINDOWS\Cursors\winniethepoohcur.exe"
sh=565CD2F7734844AA2C6EAEBE96AEEB2D911EAB96 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.BD potentially unsafe application" ac=I fn="F:\Thumb Drive\Reflexorator.rar"
sh=A52CCB009646C4E4AF5932FC29E0D1F03F913682 ft=0 fh=0000000000000000 vn="a variant of Android/Penetho.A potentially unsafe application" ac=I fn="H:\HP\145201vso41eegs6sfed6c.apk"
sh=105B3421D8B644B418F149E42C0D2286093F85C6 ft=0 fh=0000000000000000 vn="a variant of Android/Penetho.A potentially unsafe application" ac=I fn="H:\HP\145201vso41eegs6sfed6c.zip"
sh=F179C457C607D3A1B2C9A87AC989C349391D620E ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GS potentially unsafe application" ac=I fn="H:\HP\25az.com_jxlz_D1297.apk"
sh=726CB6C0BE3D14694EC7AC3F41543E90B4F3AED7 ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GS potentially unsafe application" ac=I fn="H:\HP\25az.com_tjb_D2475.apk"
sh=64693D66E631BD4A6976D37A4A4E1C11A251BF5A ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.FH potentially unsafe application" ac=I fn="H:\HP\android_yzdd_1_3_HD.apk"
sh=1970B01825EF01C82BE15D15C29579A9FADFB2D1 ft=0 fh=0000000000000000 vn="Android/SMSKey.O potentially unsafe application" ac=I fn="H:\HP\ASJT_AndroidSmallKey_Sms.apk"
sh=E8B143A0694B7CD233B7C9A52CAF769EA6783ACC ft=0 fh=0000000000000000 vn="a variant of Android/SMSKey.O potentially unsafe application" ac=I fn="H:\HP\ASQT.apk"
sh=B6ECAE61ACF5B81E435DB2BDEC4AF2D7D2755671 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.AdsWo.B potentially unwanted application" ac=I fn="H:\HP\birzzle and scamps blueskyhk.rar"
sh=0DC5F3BBA2B58CC42F39A13A6F15E65AFA0E5F7F ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GH potentially unsafe application" ac=I fn="H:\HP\dg_signed.apk"
sh=A16AF11A3CB214F2791E7DB05A0AD3C6958CE40D ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.Dowgin.P potentially unwanted application" ac=I fn="H:\HP\DSZW.apk"
sh=FE60611925DB9E0007AD9FEE433E878FDE42B427 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.Dowgin.P potentially unwanted application" ac=I fn="H:\HP\fanren1.apk"
sh=028E343175D33F7E630FFF35E39187D7B1F7D235 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.Dowgin.C potentially unwanted application" ac=I fn="H:\HP\fanren2.apk"
sh=A8A96840E406FE713EE5A5C300E94D641D1277A1 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.Commplat.B potentially unwanted application" ac=I fn="H:\HP\findsomething.apk"
sh=C24016A6D1A30D519175ADEEE1559C2018523A7F ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.AdsWo.B potentially unwanted application" ac=I fn="H:\HP\G00185_GoldMiner_v2.1.rar"
sh=ADC959F0E4C8B2FA84AA247339AB22EB9A582F25 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.AdsWo.B potentially unwanted application" ac=I fn="H:\HP\G00185_Gold_Miner_v2.1.apk"
sh=D9177DD390C429AA0627E995E6E8BEFCBF8BA223 ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GS potentially unsafe application" ac=I fn="H:\HP\GJCQ.apk"
sh=DC7D67D58F0A20C6BE43BF74346637926BE82D69 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.Dowgin.L potentially unwanted application" ac=I fn="H:\HP\gjxcb.apk"
sh=20386E80E7F5187F00BCC5FD937D5B5C1F330C1E ft=0 fh=0000000000000000 vn="a variant of Android/SMSKey.O potentially unsafe application" ac=I fn="H:\HP\GYCS.apk"
sh=6324AB32352E3885C8EFF8557C9CBFD2143122DE ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GS potentially unsafe application" ac=I fn="H:\HP\hjkg_592az.com.apk"
sh=D487BCB86A85C46B53A710F097B681E8C9768759 ft=0 fh=0000000000000000 vn="a variant of Android/SMSKey.O potentially unsafe application" ac=I fn="H:\HP\JianXia_Android_SMS.apk"
sh=6C643BD880AD47DFB618C452D23DDC399CCAA913 ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GS potentially unsafe application" ac=I fn="H:\HP\js_signed.apk"
sh=FEEE4091C582A8DD6C92C656D3C52C0975CC7FD6 ft=0 fh=0000000000000000 vn="Android/SMSreg.AK potentially unsafe application" ac=I fn="H:\HP\mgdxc_592az.com.apk"
sh=DB017FE07B7C877159F73C741D80ED0D11375B72 ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GH potentially unsafe application" ac=I fn="H:\HP\MHXZ.apk"
sh=2F8E108623EF934846DDCF52DDC9A2478CF71D2D ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GS potentially unsafe application" ac=I fn="H:\HP\MJCS.apk"
sh=418897CA8580974C5FF670C8DE1809799D1ED9F1 ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GS potentially unsafe application" ac=I fn="H:\HP\MJQY.apk"
sh=6FA8094211B5B4545258E77D08621B630FAC8124 ft=0 fh=0000000000000000 vn="a variant of Android/SMSKey.O potentially unsafe application" ac=I fn="H:\HP\QSQ_AndroidSmallKey_SMS.apk"
sh=3EBE110D882C02E96C3A1F9903E7A3946D06F682 ft=0 fh=0000000000000000 vn="a variant of Android/SMSKey.O potentially unsafe application" ac=I fn="H:\HP\ShenBing_AndroidSmallKey_SMS.apk"
sh=E505F58DED2E16B4174F4FCE882B969A592A9F0F ft=0 fh=0000000000000000 vn="a variant of Android/SMSKey.O potentially unsafe application" ac=I fn="H:\HP\ShenMa_Android_SMS.apk"
sh=91727A09C3FC1C3E0B20578825141B26CF552BB0 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.Dowgin.C potentially unwanted application" ac=I fn="H:\HP\sljt.apk"
sh=B2520914FB2C292DAA532434FDB1E0006FBE389C ft=0 fh=0000000000000000 vn="a variant of Android/SMSKey.O potentially unsafe application" ac=I fn="H:\HP\SLJT_AndroidSmallKey_SMS2.apk"
sh=53F8DE848076CB4EBA2B7E1B23F4C3A9B3208237 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.Dowgin.L potentially unwanted application" ac=I fn="H:\HP\SSDL.apk"
sh=339171762906C79EE6371B55ACCD1F0BAECA3B90 ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.DH potentially unsafe application" ac=I fn="H:\HP\tlbb1.apk"
sh=B85968B9273D61DCA9B32C5FAA4EFF7B5AB494E3 ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.DH potentially unsafe application" ac=I fn="H:\HP\TLBB2.apk"
sh=4F94CC7A29EB66F19BB6EAD8DB48F7F3B8B73C25 ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GS potentially unsafe application" ac=I fn="H:\HP\WMZS.apk"
sh=DED2035120911C103EB55D1DEC04F6A7DB9A68F8 ft=0 fh=0000000000000000 vn="a variant of Android/SMSKey.N potentially unsafe application" ac=I fn="H:\HP\wuqingjianwaizhuan.apk"
sh=53252C3791F611BA24DC42FE54E726A7081DD516 ft=0 fh=0000000000000000 vn="a variant of Android/SMSKey.O potentially unsafe application" ac=I fn="H:\HP\XianDao_Android_SMS.apk"
sh=92D976F9FD7E1FD540C50E0DF73AAD3B184CE366 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.Dowgin.P potentially unwanted application" ac=I fn="H:\HP\XJWQ.apk"
sh=D8CC2F84F5254421E1CE351AFC223A9E24392F34 ft=0 fh=0000000000000000 vn="a variant of Android/SMSKey.O potentially unsafe application" ac=I fn="H:\HP\XLBMY_Android_SMS.apk"
sh=78AEA4A93AEFF300AC97B984EBAD8A19D0791AFA ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GS potentially unsafe application" ac=I fn="H:\HP\XMJ.apk"
sh=5515286377135691A03BE6E38AFAA66351B93159 ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.FM potentially unsafe application" ac=I fn="H:\HP\XXLYZ.apk"
sh=9C9DD0213E1C60DF63123EEFBB1AA0EDD2495469 ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GH potentially unsafe application" ac=I fn="H:\HP\XXQX.apk"
sh=DE5C91112821DC17FB195593E8EBDCE47345CFC3 ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GH potentially unsafe application" ac=I fn="H:\HP\xxqy.apk"
sh=1B65A758786FD6DEF1BBE346D9B019DD97EA61E5 ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GH potentially unsafe application" ac=I fn="H:\HP\XXZYL.apk"
sh=57AB7E36965883FFB4ED7F80B56CD5B724E054ED ft=0 fh=0000000000000000 vn="a variant of Android/SMSKey.O potentially unsafe application" ac=I fn="H:\HP\YJXML_AndroidSmallKey_SMS.apk"
sh=F036C606398230F592CD2CCB5F1EF661027CCE7C ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.Dowgin.C potentially unwanted application" ac=I fn="H:\HP\YSXJ.apk"
sh=0D2DF658823DE313C641AE515BE167122AF5E7A5 ft=0 fh=0000000000000000 vn="a variant of Android/SMSKey.O potentially unsafe application" ac=I fn="H:\HP\ZJXY_AndroidSmallKey_SMS.apk"
sh=95A9ECFDDA13EC5FA60633CB8B013CE1274F471C ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GQ potentially unsafe application" ac=I fn="H:\HP\zwdzjs_wjb_v30.3.apk"
sh=5CC596DD73994B7E2A675C46A7FC6EE22A7621BD ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GQ potentially unsafe application" ac=I fn="H:\HP\一战到底.apk"
sh=6664F10229DF5478EF3D30F417B7C42D03A73F2B ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GQ potentially unsafe application" ac=I fn="H:\HP\三国大时代2一统天下破解版 v1.7.0_moshao.com.apk"
sh=530DDFCBE237E8912668CD61A524947FC5C5FC5E ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GC potentially unsafe application" ac=I fn="H:\HP\世界足球商店版 免WIFI免ROOT免谷歌市场离线中文版.gpk"
sh=E55C5B5618971064DF6B1BA2824CAEB533283615 ft=0 fh=0000000000000000 vn="a variant of Android/SMSKey.O potentially unsafe application" ac=I fn="H:\HP\仙魔九界.apk"
sh=1E994D14B29487A7A90AC405A734A8018F4C4A85 ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GS potentially unsafe application" ac=I fn="H:\HP\仙魔缘-法定乾坤.apk"
sh=6EA89C1BF56F8F82AA9DD4951CBCF3C5EACAB7FA ft=0 fh=0000000000000000 vn="a variant of Android/SMSKey.N potentially unsafe application" ac=I fn="H:\HP\剑问天下_Touch_with_sword_v1[1].00.apk"
sh=22A63BE314862592B8A50CB7E31569AAAD253890 ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GS potentially unsafe application" ac=I fn="H:\HP\古剑问心 完美破解版.apk"
sh=6597EA2D58FAF766B17D518F9A2D54EEF18CA3B9 ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GQ potentially unsafe application" ac=I fn="H:\HP\向着胜利前进破解版 v4.1.2_www.7723.cn.apk"
sh=54E0A91E3970F42D1BED6BCC244307B32DAFEBFC ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.FR potentially unsafe application" ac=I fn="H:\HP\大富豪内购破解版.apk"
sh=ADF6300312BC4377A9AD345DEBB75DF775EC8393 ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GP potentially unsafe application" ac=I fn="H:\HP\大掌门_1.8.2.apk"
sh=14396748C3F0244DD6E92018B93DD364959B1ED7 ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.EQ potentially unsafe application" ac=I fn="H:\HP\天师钟馗内购破解版.apk"
sh=E4101F72B2E687CCD71BD54B3ADC3C9DA840FF90 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.Ganlet.C potentially unwanted application" ac=I fn="H:\HP\成吉思汗的宝藏EmpireTreasure.apk"
sh=130770339F632885402E3D0B8C4BA263ED5453A6 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.Commplat.B potentially unwanted application" ac=I fn="H:\HP\找你妹_内购破解版.apk"
sh=F1B63431A1C49A3D9CE5B21D97C5859CA79A308D ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.EQ potentially unsafe application" ac=I fn="H:\HP\明星生活起点内购破解版【592az.com】.apk"
sh=AD66492DE9EC6B8B842A76736D57F92D738AF623 ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GS potentially unsafe application" ac=I fn="H:\HP\植物大战僵尸2内购破解版.apk"
sh=3445E1B426DB491BA36794A708336486AEE46790 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.Dowgin.L potentially unwanted application" ac=I fn="H:\HP\植物大战僵尸2高清版内购破解版.apk"
sh=2C652D25087EAFC5052C8774E2E76CA16E429B1D ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GS potentially unsafe application" ac=I fn="H:\HP\植物大战僵尸2:奇妙时空之旅 V1.0.1.apk"
sh=7FE00EF88AC743A0FBF24CED5B05EC55BE3FF6BB ft=0 fh=0000000000000000 vn="a variant of Android/SMSKey.N potentially unsafe application" ac=I fn="H:\HP\武当七侠.apk"
sh=2AAD6B4E4FF46E7AF19A5EF5FFB3D8BFDD939B21 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.Dowgin.L potentially unwanted application" ac=I fn="H:\HP\水浒无双-真龙之剑金币修改版.apk"
sh=E106EC6A3AA551E52B07110F9D0799EFC6A4D563 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.Commplat.B potentially unwanted application" ac=I fn="H:\HP\江湖行.apk"
sh=36407560C79A84A0FEA88017B62C2AFD5B5B5A1A ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.EQ potentially unsafe application" ac=I fn="H:\HP\消消看 糖斗罗内购破解版【592az.com】.apk"
sh=8E254804FAB3ABFBC844F6053BA3E743B90C05C5 ft=0 fh=0000000000000000 vn="Android/SMSreg.AK potentially unsafe application" ac=I fn="H:\HP\消除大师(农场版)内购破解版【592az.com】.apk"
sh=8D31F3FBE28B8210724454105195C6E36E606199 ft=0 fh=0000000000000000 vn="Android/SMSreg.AK potentially unsafe application" ac=I fn="H:\HP\猎命江湖完美内购破解版.apk"
sh=C2BD10A6C707C33373682B751017E2500EF22DBD ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GQ potentially unsafe application" ac=I fn="H:\HP\猜你妹安卓修改.apk"
sh=825B0C971F1A0018EAD45D9B6D7EB35A296B14BE ft=0 fh=0000000000000000 vn="a variant of Android/Ksapp.J trojan" ac=I fn="H:\HP\真龙之谷v1.0BT.apk"
sh=B447737C3F691329EDC6F419727F17BF4762FD9F ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GS potentially unsafe application" ac=I fn="H:\HP\钻石迷城中文破解版.apk"
sh=2F3047AFEC71EAF8A5FCD33252E4D66F222BC20A ft=0 fh=0000000000000000 vn="Android/SMSreg.AK potentially unsafe application" ac=I fn="H:\HP\黄金矿工之天天寻宝内购破解【592az.com】.apk"
sh=64693D66E631BD4A6976D37A4A4E1C11A251BF5A ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.FH potentially unsafe application" ac=I fn="H:\HP\Android\android_yzdd_1_3_HD.apk"
sh=5CC596DD73994B7E2A675C46A7FC6EE22A7621BD ft=0 fh=0000000000000000 vn="a variant of Android/SMSreg.GQ potentially unsafe application" ac=I fn="H:\HP\Android\一战到底.apk"
sh=E55C5B5618971064DF6B1BA2824CAEB533283615 ft=0 fh=0000000000000000 vn="a variant of Android/SMSKey.O potentially unsafe application" ac=I fn="H:\HP\Android\仙魔九界.apk"
sh=E4101F72B2E687CCD71BD54B3ADC3C9DA840FF90 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.Ganlet.C potentially unwanted application" ac=I fn="H:\HP\Android\成吉思汗的宝藏EmpireTreasure.apk"
sh=130770339F632885402E3D0B8C4BA263ED5453A6 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.Commplat.B potentially unwanted application" ac=I fn="H:\HP\Android\找你妹_内购破解版.apk"
sh=E106EC6A3AA551E52B07110F9D0799EFC6A4D563 ft=0 fh=0000000000000000 vn="a variant of Android/AdDisplay.Commplat.B potentially unwanted application" ac=I fn="H:\HP\Android\江湖行.apk"
 

 

Here's the Security Check log:

 

 Results of screen317's Security Check version 0.99.81 
 Windows XP Service Pack 3 x86 (UAC is disabled!) 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 37 
 Java 7 Update 51 
 Adobe Reader 9 
 Adobe Reader XI 
 Google Chrome 33.0.1750.154 
 Google Chrome 34.0.1847.116 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 30% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

Thanks for your help.


  • 0

#9
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hello,
it seems that the Apps for your Android phone are Malware. I thought I should inform you about that. It would be good to install an AV on your Android phone.

Step 1: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :Files
    C:\BaiduPlayerun_72043058.exe
    C:\FFSetup3.0.1.zip
    C:\iku2.1_setup.exe
    C:\Download\GOGOBoxSetup.exe
    C:\Download\hwmonitor_1.17-setup.exe
    C:\Download\Reflexorator.rar
    C:\Download\siw.exe
    C:\Downloads\《仙剑奇侠传5》破解.rar
    C:\Downloads\Nero Multimedia Suite 10 (2010) [FullDVD][MULTi][WwW.ZoNaTorrent.CoM]\Nero Multimedia Suite 10 (2010) [FullDVD][MULTi][WwW.ZoNaTorrent.CoM].iso
    C:\Program Files\gogobox
    C:\WD 40GB\BKUP\My Documents\Internet\Archives\TVB Anniversary Awards_files\eaini_s.js
    C:\WINDOWS\Cursors\winniethepoohcur.exe
    F:\Thumb Drive\Reflexorator.rar
    
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.
Step 2: CKScanner

Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on CKScanner.exe and select Run as Administrator)
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
Step 3: Defragmentation of your hard drive

If you don't use a SSD please follow the steps below.
  • Please open My Computer
  • Right-click the local disk volume (which you like to defragment) and then click Properties
  • On the Tools tab, click Defragment Now
  • Click Defragment
Step 4: Question

Please report on how the computer is running. Any issues?
  • 0

#10
dif4

dif4

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts

Hi,

 

Here's the OTL log:

 

OTL logfile created on: 4/18/2014 9:34:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.97 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 77.28% Memory free
4.81 Gb Paging File | 4.26 Gb Available in Paging File | 88.58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.87 Gb Total Space | 8.51 Gb Free Space | 3.65% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 2.65 Gb Free Space | 1.14% Space Free | Partition Type: NTFS
Drive F: | 58.59 Gb Total Space | 0.48 Gb Free Space | 0.81% Space Free | Partition Type: NTFS
Drive G: | 174.29 Gb Total Space | 1.40 Gb Free Space | 0.80% Space Free | Partition Type: NTFS
Drive H: | 189.92 Gb Total Space | 3.69 Gb Free Space | 1.94% Space Free | Partition Type: NTFS
 
Computer Name: USER-8CE73256DD | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/16 20:33:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2014/03/30 20:30:08 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/03/30 20:30:08 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/12/11 17:52:14 | 001,236,096 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- H:\Program Files\QvodPlayer\QvodTerminal.exe
PRC - [2013/11/26 19:34:27 | 000,458,832 | ---- | M] (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.) -- C:\Program Files\iQIYI\QiyiService.exe
PRC - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2013/10/31 11:35:30 | 000,449,760 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2013/10/10 12:50:08 | 004,993,024 | ---- | M] (FS2YOU) -- C:\Program Files\GridService\peer.exe
PRC - [2010/05/05 04:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2008/04/14 11:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/14 10:25:58 | 000,571,392 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2014/02/03 15:51:10 | 001,125,592 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013/09/13 10:02:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2013/05/20 11:58:08 | 000,620,718 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/04/30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011/07/07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\Report.dll
MOD - [2010/01/11 15:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\VObject.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/03/30 20:30:08 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/03/13 04:22:24 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/11/26 19:34:27 | 000,458,832 | ---- | M] (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.) [Auto | Running] -- C:\Program Files\iQIYI\QiyiService.exe -- (QiyiService)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/05 04:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/04/18 21:22:14 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C03DDEA6-C3B2-4753-A5AB-4606CFE974FC}\MpKsl2e7d5d0c.sys -- (MpKsl2e7d5d0c)
DRV - [2014/03/30 20:30:22 | 000,228,888 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/03/30 20:30:22 | 000,156,024 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/03/30 20:30:22 | 000,107,256 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/12/13 05:51:06 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2012/12/30 04:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2012/07/21 19:42:37 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/07/21 19:42:37 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/10/05 18:11:24 | 006,164,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/09/09 15:13:02 | 000,234,728 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/05/17 17:11:22 | 000,006,272 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/04/08 03:32:48 | 000,116,224 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/04/14 08:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/03/16 14:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2001/08/23 20:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.soccernet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}: "URL" = http://www.google.co...1I7NDKB_enSG548
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdsetup: C:\WINDOWS\Downloaded Program Files\443437\npxbdsetup.dll ()
FF - HKLM\Software\MozillaPlugins\@iqiyi.com/npclient: C:\Program Files\iQIYI\npclient.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\3.4.0.0111\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: H:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: H:\Program Files\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@sohu.com/npifox: H:\Program Files\搜狐影音\npifox.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: H:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: H:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft庐 DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft庐 DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: PPLive PPTV Plugin (Enabled) = C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.3117\npplugin2.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: 56iCan Browser Plugin (Enabled) = H:\Program Files\56ican\np56icanplugin.dll
CHR - plugin: BaiduPlayer Browser Plugin (Enabled) = H:\Program Files\Baidu\BaiduPlayer\1.17.0.172\npxbdyy.dll
CHR - plugin: npifox Dynamic Link Library (Enabled) = H:\Program Files\鎼滅嫄褰遍煶\npifox.dll
CHR - Extension: Google Docs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/11/16 08:48:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Grid Service] C:\Program Files\GridService\peer.exe (FS2YOU)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QvodTerminal] H:\Program Files\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &使用FLVCD获取本页视频的下载地址 - C:\Documents and Settings\User\Application Data\flvcd\flvcd_link.htm ()
O8 - Extra context menu item: &使用FLVCD获取该视频的下载地址 - C:\Documents and Settings\User\Application Data\flvcd\flvcd_href.htm ()
O8 - Extra context menu item: Download with Mipony - H:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: 使用快播按图找片 - H:\Program Files\QvodPlayer\AddIn\ImgSeed.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O15 - HKLM\..Trusted Domains: gogobox.com.tw ([]gb2 in Trusted sites)
O15 - HKLM\..Trusted Domains: gogobox.com.tw ([]http in Trusted sites)
O16 - DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} http://dl_dir.qq.com...MMInstaller.cab (InstallHelper Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.c...oft_webscan.cab (Emsisoft Web Malware Scan)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ad...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84BB2E11-9558-430C-8909-EDB3C4C1FB8B}: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99500004-75DD-4DC2-A969-0129C59083B3}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/07 07:24:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/06/15 09:36:56 | 001,029,537 | ---- | M] () - H:\AutoClick.rar -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/17 22:41:13 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/17 22:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/17 22:40:53 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/17 22:40:52 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/17 22:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/17 22:19:00 | 017,305,616 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\mbam-setup-2.0.1.1004.exe
[2014/04/16 23:09:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/16 23:01:21 | 001,146,880 | ---- | C] (Farbar) -- C:\Documents and Settings\User\Desktop\FRST.exe
[2014/04/16 23:00:46 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2014/04/16 20:33:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/03/30 20:30:22 | 000,107,256 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/18 21:30:22 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003UA.job
[2014/04/18 21:22:21 | 000,000,536 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/18 21:21:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/18 21:20:09 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/18 21:20:09 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/18 21:15:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/18 20:56:35 | 000,468,480 | ---- | M] () -- C:\Documents and Settings\User\Desktop\CKScanner.exe
[2014/04/18 20:52:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/18 19:06:39 | 000,123,904 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/17 23:50:30 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/17 22:19:13 | 000,987,448 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2014/04/17 22:19:05 | 017,305,616 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\mbam-setup-2.0.1.1004.exe
[2014/04/17 20:35:26 | 000,000,087 | ---- | M] () -- C:\WINDOWS\psnetwork.ini
[2014/04/17 06:26:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003Core.job
[2014/04/17 06:22:49 | 001,146,880 | ---- | M] (Farbar) -- C:\Documents and Settings\User\Desktop\FRST.exe
[2014/04/17 06:03:24 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/04/16 23:00:56 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2014/04/16 22:58:52 | 001,426,178 | ---- | M] () -- C:\Documents and Settings\User\Desktop\AdwCleaner.exe
[2014/04/16 20:33:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/04/16 05:46:46 | 000,000,004 | ---- | M] () -- C:\authres.html
[2014/04/15 07:55:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/04/10 05:56:58 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/04/09 23:25:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/04/08 16:30:13 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/03 09:51:06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/03/31 22:28:01 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\User\Application Data\coreavc.ini
[2014/03/31 22:28:01 | 000,000,138 | ---- | M] () -- C:\WINDOWS\vsfilter.INI
[2014/03/30 20:30:22 | 000,107,256 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2014/03/26 23:33:07 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/03/26 05:23:42 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
 
========== Files Created - No Company Name ==========
 
[2014/04/18 20:56:35 | 000,468,480 | ---- | C] () -- C:\Documents and Settings\User\Desktop\CKScanner.exe
[2014/04/17 22:19:09 | 000,987,448 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2014/04/16 22:58:46 | 001,426,178 | ---- | C] () -- C:\Documents and Settings\User\Desktop\AdwCleaner.exe
[2014/03/26 23:42:58 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/03/26 05:23:42 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
[2013/11/26 19:34:41 | 000,000,087 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2013/10/24 14:27:46 | 002,310,992 | ---- | C] () -- C:\WINDOWS\System32\shellfire.dll
[2013/09/22 21:31:15 | 000,000,149 | ---- | C] () -- C:\WINDOWS\phw.ini
[2013/06/14 23:52:56 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2012/11/30 06:28:11 | 000,000,305 | ---- | C] () -- C:\WINDOWS\System32\bdsecushr.dat
[2012/10/07 14:08:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\vsfilter.INI
[2012/10/07 14:08:25 | 000,001,042 | ---- | C] () -- C:\Documents and Settings\User\Application Data\coreavc.ini
[2011/02/23 17:13:02 | 003,408,326 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-343818398-179605362-1801674531-1003-0.dat
[2011/02/23 17:13:01 | 000,146,698 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/07 12:32:53 | 000,123,904 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2011/01/07 12:29:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 11:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 11:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/01/07 07:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2013/01/20 21:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Application Data
[2011/01/11 12:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2013/07/07 01:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grid
[2013/11/10 14:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/01/07 07:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
[2013/10/16 22:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KuaiWan
[2014/01/16 20:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LocalStorage
[2012/04/27 21:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/02/08 15:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NatGeoGames
[2011/02/02 13:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2013/11/26 19:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2013/11/26 19:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QiYi
[2013/12/24 17:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RaySource
[2012/03/09 05:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2014/03/22 20:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Mobile
[2011/02/19 14:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2013/04/18 10:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/07/07 19:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2012/04/27 21:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Anarchy
[2011/10/20 07:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Awem
[2013/12/25 09:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\baiduAddr
[2011/01/20 13:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BlamGames
[2013/03/23 11:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Building the Great Wall of China
[2012/07/26 09:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CometPlayer
[2011/01/09 02:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Pro
[2011/09/09 23:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\dekovir
[2013/08/22 20:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\flvcd
[2013/11/17 13:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FMRTE14
[2012/06/08 17:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FMRTEv5
[2011/02/02 12:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Go-Go Gourmet Chef of the Year
[2013/04/16 23:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Happy Kingdom
[2013/07/22 23:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HipSoft
[2011/01/09 02:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IObit
[2011/01/07 07:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Kingsoft
[2012/09/28 22:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mipony
[2011/02/08 15:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NatGeoGames
[2011/02/02 13:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlayFirst
[2013/11/26 19:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPlive
[2013/11/09 08:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPStream
[2013/09/22 21:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPStreamSetup
[2013/11/26 19:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Qiyi
[2013/07/05 22:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/08/09 20:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
[2011/02/19 14:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sports Interactive
[2011/01/08 15:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Supermarket Mania 2
[2014/04/11 19:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\tigerplayer
[2013/11/08 19:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Wandoujia2
[2014/03/11 06:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\youku
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012/08/09 09:57:41 | 000,000,000 | ---D | M](C:\Program Files\??êó) -- C:\Program Files\˶Êó
[2012/08/09 09:57:41 | 000,000,000 | ---D | M](C:\Program Files\??êó) -- C:\Program Files\˶Êó
(C:\Program Files\??êó) -- C:\Program Files\˶Êó

< End of report >

 

 

Here's the CKScanner log:

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\documents and settings\user\favorites\download sites\download games (to use with keygen).url
c:\documents and settings\user\favorites\useful sites\cracks 1.url
c:\documents and settings\user\favorites\useful sites\cracks 2.url
c:\documents and settings\user\favorites\useful sites\cracks 3.url
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part01.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part02.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part03.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part04.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part05.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part06.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part07.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part08.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part09.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part10.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part11.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part12.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part13.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part14.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part15.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part16.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part17.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part18.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part19.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part20.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part21.rar
c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part22.rar
c:\program files\bitcomet\torrents\fifa 14 ultimate edition [multi14][pcdvd][full unlocked][wait crack][3dm][www.gamestorrents.com].torrent
c:\program files\bitcomet\torrents\fifa 14 ultimate edition [multi14][pcdvd][full unlocked][wait crack][3dm][www.gamestorrents.com].xml
c:\wd 40gb\bkup\my documents\internet\the gentle crackdown.htm
c:\wd 40gb\bkup\my documents\internet\archives\crack for software.htm
c:\wd 40gb\bkup\my download files\games\bejeweled 2\sounds\firecrackle.ogg
c:\wd 40gb\bkup\my download files\games\mah jong quest\images\tile_firecracker-1.pnge
c:\wd 40gb\bkup\my download files\games\mah jong quest\images\tile_firecracker-2.pnge
c:\wd 40gb\bkup\my download files\games\mah jong quest\images\tile_firecracker-3.pnge
c:\wd 40gb\bkup\my download files\games\mah jong quest\images\tile_firecracker1.pnge
c:\wd 40gb\bkup\my download files\games\mah jong quest\images\kwazi3\level5-1cracktop.jpge
c:\wd 40gb\bkup\my download files\games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack1.jpge
c:\wd 40gb\bkup\my download files\games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack2.jpge
c:\wd 40gb\documents and settings\charlene\favorites\download sites\download games (to use with keygen).url
c:\wd 40gb\documents and settings\charlene\favorites\useful sites\cracks 1.url
c:\wd 40gb\documents and settings\charlene\favorites\useful sites\cracks 2.url
c:\wd 40gb\documents and settings\charlene\favorites\useful sites\cracks 3.url
scanner sequence 3.ZZ.11.COAPHZ
 ----- EOF -----

 

 

About Defragmentation of my hard drive, what is SSD?

 

As for my computer, it still takes a while before everything is up to speed. Previously it would take around 1 hr, just now it took around half an hour. Is the slowness also because of the low disk free space in C drive? Previously my disk free space is sometimes lower than now but the speed is ok.

 

Thanks for your help.   :thumbsup: 
 


  • 0

Advertisements


#11
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hi,
 

what is SSD?

Can you tell me the model of your PC? Did you upgraded anything?
 

Is the slowness also because of the low disk free space in C drive? Previously my disk free space is sometimes lower than now but the speed is ok.


Yes, I warned you about that in my first post, I would recommend uninstalling useless programs to get more free space.

Step 1: Illegal Software Warning

In your log(s) I see some things which are related to illegal Sofware. We do not support illegal Software. With the fix below we will remove the illegal software. If you opt not to remove I will have to withdraw my free assistance per this forums terms of use.

Following file(s) is/are illegal:
  • c:\documents and settings\user\favorites\download sites\download games (to use with keygen).url
  • c:\documents and settings\user\favorites\useful sites\cracks 1.url
  • c:\documents and settings\user\favorites\useful sites\cracks 2.url
  • c:\documents and settings\user\favorites\useful sites\cracks 3.url
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part01.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part02.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part03.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part04.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part05.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part06.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part07.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part08.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part09.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part10.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part11.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part12.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part13.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part14.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part15.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part16.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part17.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part18.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part19.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part20.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part21.rar
  • c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part22.rar
  • c:\program files\bitcomet\torrents\fifa 14 ultimate edition [multi14][pcdvd][full unlocked][wait crack][3dm][www.gamestorrents.com].torrent
  • c:\program files\bitcomet\torrents\fifa 14 ultimate edition [multi14][pcdvd][full unlocked][wait crack][3dm][www.gamestorrents.com].xml
  • c:\wd 40gb\bkup\my documents\internet\the gentle crackdown.htm
  • c:\wd 40gb\bkup\my documents\internet\archives\crack for software.htm
  • c:\wd 40gb\bkup\my download files\games\bejeweled 2\sounds\firecrackle.ogg
  • c:\wd 40gb\bkup\my download files\games\mah jong quest\images\tile_firecracker-1.pnge
  • c:\wd 40gb\bkup\my download files\games\mah jong quest\images\tile_firecracker-2.pnge
  • c:\wd 40gb\bkup\my download files\games\mah jong quest\images\tile_firecracker-3.pnge
  • c:\wd 40gb\bkup\my download files\games\mah jong quest\images\tile_firecracker1.pnge
  • c:\wd 40gb\bkup\my download files\games\mah jong quest\images\kwazi3\level5-1cracktop.jpge
  • c:\wd 40gb\bkup\my download files\games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack1.jpge
  • c:\wd 40gb\bkup\my download files\games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack2.jpge
  • c:\wd 40gb\documents and settings\charlene\favorites\download sites\download games (to use with keygen).url
  • c:\wd 40gb\documents and settings\charlene\favorites\useful sites\cracks 1.url
  • c:\wd 40gb\documents and settings\charlene\favorites\useful sites\cracks 2.url
  • c:\wd 40gb\documents and settings\charlene\favorites\useful sites\cracks 3.url
Step 2: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    O15 - HKLM\..Trusted Domains: gogobox.com.tw ([]gb2 in Trusted sites)
    O15 - HKLM\..Trusted Domains: gogobox.com.tw ([]http in Trusted sites)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
    
    :Files
    c:\documents and settings\user\favorites\download sites\download games (to use with keygen).url
    c:\documents and settings\user\favorites\useful sites\cracks 1.url
    c:\documents and settings\user\favorites\useful sites\cracks 2.url
    c:\documents and settings\user\favorites\useful sites\cracks 3.url
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part01.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part02.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part03.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part04.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part05.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part06.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part07.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part08.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part09.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part10.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part11.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part12.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part13.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part14.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part15.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part16.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part17.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part18.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part19.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part20.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part21.rar
    c:\downloads\古劍奇譼\gujian_1.4.8_full_cracked-hotgirlnow.com-pc_game_chi.part22.rar
    c:\program files\bitcomet\torrents\fifa 14 ultimate edition [multi14][pcdvd][full unlocked][wait crack][3dm][www.gamestorrents.com].torrent
    c:\program files\bitcomet\torrents\fifa 14 ultimate edition [multi14][pcdvd][full unlocked][wait crack][3dm][www.gamestorrents.com].xml
    c:\wd 40gb\bkup\my documents\internet\the gentle crackdown.htm
    c:\wd 40gb\bkup\my documents\internet\archives\crack for software.htm
    c:\wd 40gb\bkup\my download files\games\bejeweled 2\sounds\firecrackle.ogg
    c:\wd 40gb\bkup\my download files\games\mah jong quest\images\tile_firecracker-1.pnge
    c:\wd 40gb\bkup\my download files\games\mah jong quest\images\tile_firecracker-2.pnge
    c:\wd 40gb\bkup\my download files\games\mah jong quest\images\tile_firecracker-3.pnge
    c:\wd 40gb\bkup\my download files\games\mah jong quest\images\tile_firecracker1.pnge
    c:\wd 40gb\bkup\my download files\games\mah jong quest\images\kwazi3\level5-1cracktop.jpge
    c:\wd 40gb\bkup\my download files\games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack1.jpge
    c:\wd 40gb\bkup\my download files\games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack2.jpge
    c:\wd 40gb\documents and settings\charlene\favorites\download sites\download games (to use with keygen).url
    c:\wd 40gb\documents and settings\charlene\favorites\useful sites\cracks 1.url
    c:\wd 40gb\documents and settings\charlene\favorites\useful sites\cracks 2.url
    c:\wd 40gb\documents and settings\charlene\favorites\useful sites\cracks 3.url
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

  • 0

#12
dif4

dif4

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts

Hi,

 

My computer is an assembled one which I bought from a shop so no particular model.

 

Here's the OTL log:

 

OTL logfile created on: 4/19/2014 12:47:04 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.97 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 79.87% Memory free
4.81 Gb Paging File | 4.36 Gb Available in Paging File | 90.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.87 Gb Total Space | 8.33 Gb Free Space | 3.58% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 2.65 Gb Free Space | 1.14% Space Free | Partition Type: NTFS
Drive F: | 58.59 Gb Total Space | 0.48 Gb Free Space | 0.81% Space Free | Partition Type: NTFS
Drive G: | 174.29 Gb Total Space | 1.36 Gb Free Space | 0.78% Space Free | Partition Type: NTFS
Drive H: | 189.92 Gb Total Space | 3.68 Gb Free Space | 1.94% Space Free | Partition Type: NTFS
 
Computer Name: USER-8CE73256DD | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/16 20:33:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2014/03/30 20:30:08 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/03/30 20:30:08 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/12/11 17:52:14 | 001,236,096 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- H:\Program Files\QvodPlayer\QvodTerminal.exe
PRC - [2013/11/26 19:34:27 | 000,458,832 | ---- | M] (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.) -- C:\Program Files\iQIYI\QiyiService.exe
PRC - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2013/10/31 11:35:30 | 000,449,760 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2013/10/10 12:50:08 | 004,993,024 | ---- | M] (FS2YOU) -- C:\Program Files\GridService\peer.exe
PRC - [2010/05/05 04:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2008/04/14 11:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/23 20:00:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sndvol32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/14 10:25:58 | 000,571,392 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2014/02/03 15:51:10 | 001,125,592 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/10/31 11:35:46 | 000,070,880 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013/09/13 10:02:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2013/05/20 11:58:08 | 000,620,718 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/04/30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011/07/07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\Report.dll
MOD - [2010/01/11 15:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\VObject.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/03/30 20:30:08 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/03/13 04:22:24 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/11/26 19:34:27 | 000,458,832 | ---- | M] (BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD.) [Auto | Running] -- C:\Program Files\iQIYI\QiyiService.exe -- (QiyiService)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/05 04:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/04/19 00:47:10 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C03DDEA6-C3B2-4753-A5AB-4606CFE974FC}\MpKslad24c9f5.sys -- (MpKslad24c9f5)
DRV - [2014/03/30 20:30:22 | 000,228,888 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2014/03/30 20:30:22 | 000,156,024 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2014/03/30 20:30:22 | 000,107,256 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/12/13 05:51:06 | 000,340,432 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys -- (RapportCerberus_59849)
DRV - [2012/12/30 04:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2012/07/21 19:42:37 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/07/21 19:42:37 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/10/05 18:11:24 | 006,164,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010/09/09 15:13:02 | 000,234,728 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/07/29 00:25:42 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/05/17 17:11:22 | 000,006,272 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/04/08 03:32:48 | 000,116,224 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/04/14 08:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/03/16 14:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2001/08/23 20:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.soccernet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{F7AF02FD-F5FE-4175-AE15-A0E004D02D4E}: "URL" = http://www.google.co...1I7NDKB_enSG548
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdsetup: C:\WINDOWS\Downloaded Program Files\443437\npxbdsetup.dll ()
FF - HKLM\Software\MozillaPlugins\@iqiyi.com/npclient: C:\Program Files\iQIYI\npclient.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files\Internet Explorer\PPLite\plugin\3.4.0.0111\npplugin2.dll (PPLive Corporation)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: H:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: H:\Program Files\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@sohu.com/npifox: H:\Program Files\搜狐影音\npifox.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: H:\Program Files\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: H:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft庐 DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft庐 DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: PPLive PPTV Plugin (Enabled) = C:\Program Files\Internet Explorer\PPLite\plugin\1.0.1.3117\npplugin2.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: 56iCan Browser Plugin (Enabled) = H:\Program Files\56ican\np56icanplugin.dll
CHR - plugin: BaiduPlayer Browser Plugin (Enabled) = H:\Program Files\Baidu\BaiduPlayer\1.17.0.172\npxbdyy.dll
CHR - plugin: npifox Dynamic Link Library (Enabled) = H:\Program Files\鎼滅嫄褰遍煶\npifox.dll
CHR - Extension: Google Docs = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/11/16 08:48:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Grid Service] C:\Program Files\GridService\peer.exe (FS2YOU)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QvodTerminal] H:\Program Files\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &使用FLVCD获取本页视频的下载地址 - C:\Documents and Settings\User\Application Data\flvcd\flvcd_link.htm ()
O8 - Extra context menu item: &使用FLVCD获取该视频的下载地址 - C:\Documents and Settings\User\Application Data\flvcd\flvcd_href.htm ()
O8 - Extra context menu item: Download with Mipony - H:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: 使用快播按图找片 - H:\Program Files\QvodPlayer\AddIn\ImgSeed.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)
O16 - DPF: {1DABF8D5-8430-4985-9B7F-A30E53D709B3} http://dl_dir.qq.com...MMInstaller.cab (InstallHelper Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.c...oft_webscan.cab (Emsisoft Web Malware Scan)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ad...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84BB2E11-9558-430C-8909-EDB3C4C1FB8B}: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99500004-75DD-4DC2-A969-0129C59083B3}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/07 07:24:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/06/15 09:36:56 | 001,029,537 | ---- | M] () - H:\AutoClick.rar -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/17 22:41:13 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/17 22:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/17 22:40:53 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/17 22:40:52 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/17 22:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/17 22:19:00 | 017,305,616 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\mbam-setup-2.0.1.1004.exe
[2014/04/16 23:09:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/16 23:01:21 | 001,146,880 | ---- | C] (Farbar) -- C:\Documents and Settings\User\Desktop\FRST.exe
[2014/04/16 23:00:46 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2014/04/16 20:33:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/03/30 20:30:22 | 000,107,256 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/19 00:46:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/19 00:44:54 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/19 00:44:54 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/04/19 00:40:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/19 00:26:01 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003UA.job
[2014/04/19 00:22:00 | 000,000,536 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/18 23:52:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/18 21:40:51 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/04/18 20:56:35 | 000,468,480 | ---- | M] () -- C:\Documents and Settings\User\Desktop\CKScanner.exe
[2014/04/18 19:06:39 | 000,123,904 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/17 23:50:30 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/17 22:19:13 | 000,987,448 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2014/04/17 22:19:05 | 017,305,616 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\mbam-setup-2.0.1.1004.exe
[2014/04/17 20:35:26 | 000,000,087 | ---- | M] () -- C:\WINDOWS\psnetwork.ini
[2014/04/17 06:26:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-343818398-179605362-1801674531-1003Core.job
[2014/04/17 06:22:49 | 001,146,880 | ---- | M] (Farbar) -- C:\Documents and Settings\User\Desktop\FRST.exe
[2014/04/16 23:00:56 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2014/04/16 22:58:52 | 001,426,178 | ---- | M] () -- C:\Documents and Settings\User\Desktop\AdwCleaner.exe
[2014/04/16 20:33:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2014/04/16 05:46:46 | 000,000,004 | ---- | M] () -- C:\authres.html
[2014/04/15 07:55:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/04/10 05:56:58 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/04/09 23:25:32 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/04/08 16:30:13 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/04/03 09:51:06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/03/31 22:28:01 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\User\Application Data\coreavc.ini
[2014/03/31 22:28:01 | 000,000,138 | ---- | M] () -- C:\WINDOWS\vsfilter.INI
[2014/03/30 20:30:22 | 000,107,256 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2014/03/26 23:33:07 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014/03/26 05:23:42 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
 
========== Files Created - No Company Name ==========
 
[2014/04/18 20:56:35 | 000,468,480 | ---- | C] () -- C:\Documents and Settings\User\Desktop\CKScanner.exe
[2014/04/17 22:19:09 | 000,987,448 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SecurityCheck.exe
[2014/04/16 22:58:46 | 001,426,178 | ---- | C] () -- C:\Documents and Settings\User\Desktop\AdwCleaner.exe
[2014/03/26 23:42:58 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/03/26 05:23:42 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
[2013/11/26 19:34:41 | 000,000,087 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2013/10/24 14:27:46 | 002,310,992 | ---- | C] () -- C:\WINDOWS\System32\shellfire.dll
[2013/09/22 21:31:15 | 000,000,149 | ---- | C] () -- C:\WINDOWS\phw.ini
[2013/06/14 23:52:56 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2012/11/30 06:28:11 | 000,000,305 | ---- | C] () -- C:\WINDOWS\System32\bdsecushr.dat
[2012/10/07 14:08:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\vsfilter.INI
[2012/10/07 14:08:25 | 000,001,042 | ---- | C] () -- C:\Documents and Settings\User\Application Data\coreavc.ini
[2011/02/23 17:13:02 | 003,408,326 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-343818398-179605362-1801674531-1003-0.dat
[2011/02/23 17:13:01 | 000,146,698 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/07 12:32:53 | 000,123,904 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2011/01/07 12:29:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 11:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 11:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/01/07 07:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2013/01/20 21:42:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Application Data
[2011/01/11 12:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2013/07/07 01:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grid
[2013/11/10 14:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/01/07 07:41:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kingsoft
[2013/10/16 22:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KuaiWan
[2014/01/16 20:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LocalStorage
[2012/04/27 21:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/02/08 15:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NatGeoGames
[2011/02/02 13:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2013/11/26 19:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
[2013/11/26 19:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QiYi
[2013/12/24 17:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RaySource
[2012/03/09 05:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2014/03/22 20:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Mobile
[2011/02/19 14:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2013/04/18 10:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/07/07 19:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2012/04/27 21:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Anarchy
[2011/10/20 07:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Awem
[2013/12/25 09:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\baiduAddr
[2011/01/20 13:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BlamGames
[2013/03/23 11:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Building the Great Wall of China
[2012/07/26 09:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CometPlayer
[2011/01/09 02:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAEMON Tools Pro
[2011/09/09 23:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\dekovir
[2013/08/22 20:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\flvcd
[2013/11/17 13:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FMRTE14
[2012/06/08 17:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FMRTEv5
[2011/02/02 12:58:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Go-Go Gourmet Chef of the Year
[2013/04/16 23:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Happy Kingdom
[2013/07/22 23:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HipSoft
[2011/01/09 02:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IObit
[2011/01/07 07:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Kingsoft
[2012/09/28 22:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mipony
[2011/02/08 15:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\NatGeoGames
[2011/02/02 13:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlayFirst
[2013/11/26 19:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPlive
[2013/11/09 08:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPStream
[2013/09/22 21:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PPStreamSetup
[2013/11/26 19:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Qiyi
[2013/07/05 22:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/08/09 20:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sony
[2011/02/19 14:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sports Interactive
[2011/01/08 15:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Supermarket Mania 2
[2014/04/11 19:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\tigerplayer
[2013/11/08 19:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Wandoujia2
[2014/03/11 06:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\youku
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012/08/09 09:57:41 | 000,000,000 | ---D | M](C:\Program Files\??êó) -- C:\Program Files\˶Êó
[2012/08/09 09:57:41 | 000,000,000 | ---D | M](C:\Program Files\??êó) -- C:\Program Files\˶Êó
(C:\Program Files\??êó) -- C:\Program Files\˶Êó

< End of report >

 

 

Thank you.


  • 0

#13
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Hello,

Did you uninstalled useless programs now or not?
 

My computer is an assembled one which I bought from a shop so no particular model.

OK, then please follow the steps below.
  • Right click on the My Computer icon on the desktop, then select Manage
  • The Computer Management window will show up - click on Device Manager in the left column
  • In the window on the right, next to Disk drives, click on the + sign next to it to reveal your drive's model number (in this case, ST3160812AS). See the image below:

    4983-4.jpg

    More information on how to do this click here
  • Take a screenshot and attach the screenshot to your next reply.

    How to take a screenshot:

    Follow the instructions here

  • 0

#14
dif4

dif4

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 104 posts

Hi,

 

I have just deleted what i can from the C drive.

 

I have also attached a screenshot of my hard drives.

 

Thanks for your help.

Attached Files

  • Attached File  1.bmp   840.05KB   116 downloads

  • 0

#15
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,700 posts
Please do this:
  • Please open My Computer
  • Right-click the local disk volume (which you like to defragment) and then click Properties
  • On the Tools tab, click Defragment Now
  • Click Defragment
How is the computer running now?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP