Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP!browser (IE & FireFox) hijacked by hao123.com! [Solve


  • This topic is locked This topic is locked

#1
capercat

capercat

    Member

  • Member
  • PipPip
  • 14 posts

Hi all,

 

I've been having this problem of my browsers (IE & Firefox) redirecting to hao123.com everytime I opened them, google chrome seems fine. I've tried googling the many ways of removing it and none seems to work. :upset:  It's just so frustrating  :ranting:  and I'm hoping that someone here could help me out. I've seen others posting with similar problems posting their logs out, but I'm basically not so much of an advanced user of the computer, so I don't know how to do that.. hopefully someone here can guide this noobie on how to get rid of this problem.

 

Your help will be very much appreciated.

Many thanks in advance!

 

:surrender: :surrender: :surrender: :surrender: :surrender:


Edited by capercat, 22 September 2014 - 10:03 AM.

  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Very glad to help. :thumbsup:

 

Please follow the instructions below. Once I see the scan results I can work up a fix and coach you through the process. :)

 

51a5d669693dd-icon_OTL.png Scan with OTL

Please download OTL by OldTimer and save the file to your desktop.



  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Make sure that Scan All Users, LOP check and Purity check are ticked.
  • For 64-bit systems only - make sure that Include 64-bit option is also ticked.
  • Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
  • Section Extra Registry is also set to Use Safelist.
  • Push Run Scan and wait patiently.
  • Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).
     

Please include the content of both logfiles in your next reply.

 

 


  • 0

#3
capercat

capercat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

from OTL notepad:

 

OTL logfile created on: 23/9/2014 8:49:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jean\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy
 
7.91 Gb Total Physical Memory | 5.39 Gb Available Physical Memory | 68.16% Memory free
15.81 Gb Paging File | 13.01 Gb Available in Paging File | 82.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420.33 Gb Total Space | 197.41 Gb Free Space | 46.96% Space Free | Partition Type: NTFS
Drive D: | 30.48 Gb Total Space | 4.97 Gb Free Space | 16.29% Space Free | Partition Type: NTFS
 
Computer Name: JEAN-PC | User Name: Jean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/23 20:48:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jean\Downloads\OTL(1).exe
PRC - [2014/09/22 01:46:39 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/09/13 08:52:04 | 036,414,624 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jean\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/08/15 23:58:02 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
PRC - [2014/08/14 18:20:40 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2014/08/08 00:39:08 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2014/08/07 20:05:26 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014/08/07 20:04:02 | 001,021,008 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2014/08/07 20:03:40 | 000,802,384 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2014/08/07 20:03:38 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/08/07 20:03:37 | 000,751,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/08/07 20:03:36 | 001,043,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2014/07/31 08:15:54 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2014/06/24 15:38:12 | 000,014,256 | ---- | M] () -- C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe
PRC - [2013/12/21 14:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/21 10:27:06 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/06/29 01:18:59 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
PRC - [2012/04/04 06:09:46 | 000,446,392 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
PRC - [2012/03/19 22:58:25 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2012/03/19 22:56:13 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011/11/27 22:57:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/07/29 07:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/15 19:46:52 | 000,548,864 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE
PRC - [2010/12/05 09:39:24 | 000,224,352 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe
PRC - [2010/12/05 09:39:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/10/14 15:59:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/14 15:59:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/23 19:13:41 | 000,043,008 | ---- | M] () -- c:\Users\Jean\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpptrv7q.dll
MOD - [2014/09/22 01:46:39 | 003,734,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/09/13 08:20:58 | 003,610,624 | ---- | M] () -- C:\Users\Jean\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/06/24 15:38:12 | 000,014,256 | ---- | M] () -- C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe
MOD - [2014/02/05 19:52:52 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/05 19:52:32 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/24 03:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Jean\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/03/19 22:58:25 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2012/03/19 22:56:13 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2011/07/29 07:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 07:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/17 01:53:14 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2011/02/17 01:51:10 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
MOD - [2010/12/05 09:41:06 | 000,482,400 | ---- | M] () -- C:\Program Files (x86)\Lenovo\YouCam\subsys\YouCam\MediaObj.dll
MOD - [2010/12/05 09:40:56 | 000,064,608 | ---- | M] () -- C:\Program Files (x86)\Lenovo\YouCam\subsys\YouCam\ImageWrapper.dll
MOD - [2010/12/05 09:40:30 | 000,658,528 | ---- | M] () -- C:\Program Files (x86)\Lenovo\YouCam\Koan\_ssl.pyd
MOD - [2010/12/05 09:40:30 | 000,056,416 | ---- | M] () -- C:\Program Files (x86)\Lenovo\YouCam\Koan\_socket.pyd
MOD - [2010/12/05 09:40:24 | 000,085,088 | ---- | M] () -- C:\Program Files (x86)\Lenovo\YouCam\Koan\_ctypes.pyd
MOD - [2010/12/05 09:40:24 | 000,056,416 | ---- | M] () -- C:\Program Files (x86)\Lenovo\YouCam\Koan\pyloader.dll
MOD - [2010/12/05 09:40:14 | 000,056,416 | ---- | M] () -- C:\Program Files (x86)\Lenovo\YouCam\IntelGMAScreenRotate.dll
MOD - [2010/12/05 09:40:14 | 000,052,320 | ---- | M] () -- C:\Program Files (x86)\Lenovo\YouCam\NVScreenRotate.dll
MOD - [2010/12/05 09:40:08 | 000,113,760 | ---- | M] () -- C:\Program Files (x86)\Lenovo\YouCam\Intel945ScreenRotate.dll
MOD - [2010/12/05 09:39:14 | 000,275,752 | ---- | M] () -- C:\Program Files (x86)\Lenovo\YouCam\subsys\YouCam\BlackCat.dll
MOD - [2010/08/20 11:08:20 | 000,659,456 | ---- | M] () -- C:\Windows\SysWOW64\vmprp331.ax
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/19 06:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/12/15 02:04:56 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/09/22 01:46:39 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/18 01:55:19 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/08/07 20:05:26 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/08/07 20:04:02 | 001,021,008 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2014/08/07 20:03:40 | 000,802,384 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2014/08/07 20:03:38 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/08/07 20:03:36 | 001,043,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2014/03/21 06:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/21 14:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 16:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/06/29 01:18:59 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe -- (ScsiAccess)
SRV - [2012/12/21 02:22:47 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/15 20:10:08 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/03/19 23:06:20 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2011/11/27 22:57:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/12/28 16:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files (x86)\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/10/14 15:59:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/14 15:59:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/09/22 22:53:15 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2014/07/28 10:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/06/26 18:51:11 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2014/06/08 12:05:08 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/10/07 17:52:26 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/02/12 23:19:57 | 000,141,376 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2013/02/12 23:19:57 | 000,114,608 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/19 23:09:47 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2012/03/19 23:09:45 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012/03/19 22:52:01 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012/03/19 22:52:01 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/27 22:57:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/10/24 15:47:28 | 000,313,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/09/29 11:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/29 11:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/23 06:12:56 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/06/15 11:51:18 | 000,250,752 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/21 19:00:46 | 001,438,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/02 06:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/02/18 16:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/14 19:13:32 | 000,349,224 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/12/14 19:13:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/14 19:13:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/14 19:13:08 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/14 19:13:08 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/12/05 09:39:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/08/16 17:28:50 | 000,008,320 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuvcflt.sys -- (vmuvcflt)
DRV:64bit: - [2010/06/17 17:18:28 | 000,246,376 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/21 22:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
IE - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/
IE - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
IE - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 20 0C 0D 7B D6 CF 01  [binary data]
IE - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll File not found
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll File not found
FF - HKCU\Software\MozillaPlugins\wondershare.com/FantashowPlugin: C:\Program Files (x86)\Wondershare\Fantashow Plus\npFantashowPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/17 20:58:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/13 14:30:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/21 10:27:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/09/22 01:46:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/22 22:21:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/13 14:30:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/09/22 01:46:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/22 22:21:12 | 000,000,000 | ---D | M]
 
[2012/07/16 00:08:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Extensions
[2014/09/22 23:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\har2h3uw.default-1411397776565\extensions
[2014/09/22 01:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/09/22 01:46:35 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2014/09/22 01:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/22 01:46:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/01/12 16:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2011/07/12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.co...=LENN&bmod=LENN
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - default_search_provider: B1A6D57E466BC16C7C11A9D94CBAC4A86B8399C4B4E0EA2A030DDA4E61367FFC (Enabled)
CHR - default_search_provider: search_url = 2AACCBC9CB6F2E243A2AF94ABDA64824B6A3B7081DBC3E46B7D35BA68779FF07
CHR - default_search_provider: suggest_url =
CHR - homepage: 99D3F79BC3C005B67DEBB780202484292B03CCC3FE86C9D9C66CF45B74AE526A
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: RealDownloader = C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Google Wallet = C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo> = C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (A1FD2BF5-1B68-0042-9CF6-7127D5E41514 Class) - {A1FD2BF5-1B68-0042-9CF6-7127D5E41514} - C:\Program Files (x86)\QvodPlayer\AddIn\{A1FD2BF5-1B68-0042-9CF6-7127D5E41514}\QvodAddr.dll File not found
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Lenovo)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found
O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jean\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C5E3A72-FDE2-4FAA-9BF1-AB32C8BFB9F2}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D44F8173-79BC-49E1-87E3-37F991CECD90}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/15 23:17:09 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/23 20:33:35 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\Skype
[2014/09/23 20:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/09/23 20:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/09/23 19:51:02 | 000,000,000 | R--D | C] -- C:\Users\Jean\iCloudDrive
[2014/09/23 19:51:02 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Local\Apple Inc
[2014/09/23 18:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/09/22 23:27:36 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/09/22 22:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/09/22 21:55:45 | 000,000,000 | -HSD | C] -- C:\Users\Jean\AppData\Local\EmieUserList
[2014/09/22 21:55:45 | 000,000,000 | -HSD | C] -- C:\Users\Jean\AppData\Local\EmieSiteList
[2014/09/22 21:42:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/09/22 21:42:47 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/09/22 21:42:34 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/09/22 21:42:34 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/09/22 21:42:34 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/09/22 21:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/09/22 01:46:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/09/22 00:42:02 | 000,000,000 | ---D | C] -- C:\Users\Jean\AppData\Roaming\Baidu
[2014/09/22 00:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Baidu
[2014/09/18 02:06:21 | 000,000,000 | ---D | C] -- C:\Users\Jean\Desktop\misc
[2014/09/18 02:05:53 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/09/18 02:05:53 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/09/18 02:05:51 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/09/18 02:05:51 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/09/18 02:05:51 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/09/18 02:05:51 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/09/18 02:05:51 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/09/18 02:05:51 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/09/18 02:05:51 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014/09/18 02:05:51 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/09/18 02:05:51 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014/09/18 02:05:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/09/18 02:05:51 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/09/18 02:05:50 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/09/18 02:05:50 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/09/18 02:05:50 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/09/18 02:05:50 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/09/18 02:05:50 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/09/18 02:05:50 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/09/18 02:05:50 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/09/18 02:05:50 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/09/18 02:05:50 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/09/18 02:05:50 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/09/18 02:05:50 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/09/18 02:05:49 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014/09/18 02:05:49 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/09/18 02:05:49 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/09/18 02:05:49 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/09/18 02:05:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/09/18 02:05:48 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014/09/18 02:05:48 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/09/18 02:05:48 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/09/18 02:05:47 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/09/18 02:05:46 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/09/18 02:05:46 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/09/18 01:56:55 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll
[2014/09/18 01:56:55 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll
[2014/09/18 01:55:05 | 010,036,224 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2014/09/18 00:15:59 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWorkspace.dll
[2014/09/18 00:15:59 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TSWorkspace.dll
[2014/09/18 00:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/09/18 00:15:15 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2014/09/18 00:14:38 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2014/09/18 00:14:36 | 000,578,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/09/18 00:14:36 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/09/18 00:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/09/18 00:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/09/17 23:57:20 | 000,000,000 | ---D | C] -- C:\Users\Jean\Desktop\Bangkok
[2014/09/03 17:11:49 | 000,000,000 | ---D | C] -- C:\Users\Jean\Desktop\mt hutt snowboard
[2014/08/29 11:15:56 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/23 20:52:22 | 000,028,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/23 20:52:22 | 000,028,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/23 20:33:28 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/09/23 20:28:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/23 20:28:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/23 19:55:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/09/23 19:17:18 | 000,782,510 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/09/23 19:17:18 | 000,667,112 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/09/23 19:17:18 | 000,126,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/09/23 19:12:15 | 000,139,641 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2014/09/23 19:11:42 | 000,000,198 | ---- | M] () -- C:\windows\tasks\AutoKMS.job
[2014/09/23 19:11:28 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/09/23 19:11:20 | 2072,367,103 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/23 01:17:00 | 000,000,198 | ---- | M] () -- C:\windows\tasks\AutoKMSDaily.job
[2014/09/22 22:53:15 | 000,032,512 | ---- | M] () -- C:\windows\SysNative\drivers\hitmanpro37.sys
[2014/09/22 22:50:43 | 000,001,876 | ---- | M] () -- C:\windows\SysNative\.crusader
[2014/09/22 21:42:30 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/09/22 21:42:29 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/09/22 21:42:29 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/09/22 21:42:29 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/09/22 00:00:21 | 000,001,047 | ---- | M] () -- C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/09/22 00:00:16 | 000,001,013 | ---- | M] () -- C:\Users\Jean\Desktop\Dropbox.lnk
[2014/09/18 02:22:27 | 000,000,954 | ---- | M] () -- C:\Users\Jean\AppData\Roaming\coreavc.ini
[2014/09/18 02:03:48 | 000,766,820 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/09/18 01:55:12 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/09/18 01:55:12 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/09/18 01:55:05 | 010,036,224 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2014/09/18 00:31:26 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/18 00:15:42 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/09/05 10:10:43 | 000,578,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/09/05 10:05:42 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/08/30 08:50:42 | 004,968,144 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2014/09/23 20:33:28 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/09/22 22:50:43 | 000,001,876 | ---- | C] () -- C:\windows\SysNative\.crusader
[2014/09/22 22:50:36 | 000,032,512 | ---- | C] () -- C:\windows\SysNative\drivers\hitmanpro37.sys
[2014/09/18 00:15:42 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/02/14 09:08:31 | 000,000,954 | ---- | C] () -- C:\Users\Jean\AppData\Roaming\coreavc.ini
[2014/02/10 17:43:14 | 000,004,608 | ---- | C] () -- C:\Users\Jean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/13 14:24:19 | 000,221,287 | ---- | C] () -- C:\windows\hpoins19.dat
[2012/11/13 14:24:19 | 000,013,898 | ---- | C] () -- C:\windows\hpomdl19.dat
[2012/07/15 22:24:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 10:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 09:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/07/15 23:20:27 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Autodesk
[2014/09/22 00:42:02 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Baidu
[2014/07/12 23:27:07 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\BitComet
[2012/07/15 22:44:15 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\CometPlayer
[2014/09/23 19:14:00 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Dropbox
[2013/06/29 01:19:16 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Netscape
[2012/07/17 00:23:11 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\NJStar
[2014/07/09 22:47:47 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Oracle
[2013/06/29 01:17:56 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Photodex
[2013/07/07 22:40:47 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Publish Providers
[2013/07/07 22:40:43 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Sony
[2013/10/03 07:54:15 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/10/19 07:51:53 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\tigerplayer
[2012/07/08 19:45:10 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\TP
[2012/10/26 20:37:48 | 000,000,000 | ---D | M] -- C:\Users\Jean\AppData\Roaming\Xilisoft
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2014/04/14 22:26:38 | 000,000,000 | ---D | M](C:\Users\Jean\Desktop\??????) -- C:\Users\Jean\Desktop\来自星星的你
[2014/04/14 21:53:07 | 000,000,000 | ---D | C](C:\Users\Jean\Desktop\??????) -- C:\Users\Jean\Desktop\来自星星的你
[2013/10/07 13:14:41 | 099,577,146 | ---- | M] ()(C:\windows\SysWow64\???) -- C:\windows\SysWow64\਺怼
[2013/10/07 13:14:41 | 099,577,146 | ---- | C] ()(C:\windows\SysWow64\???) -- C:\windows\SysWow64\਺怼
[2013/10/07 11:15:38 | 099,502,603 | ---- | M] ()(C:\windows\SysWow64\???_) -- C:\windows\SysWow64\붡簯_
[2013/10/07 11:15:38 | 099,502,603 | ---- | C] ()(C:\windows\SysWow64\???_) -- C:\windows\SysWow64\붡簯_

< End of report >
 


  • 0

#4
capercat

capercat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

from extras.txt notepad:

 

OTL Extras logfile created on: 23/9/2014 8:49:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jean\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy
 
7.91 Gb Total Physical Memory | 5.39 Gb Available Physical Memory | 68.16% Memory free
15.81 Gb Paging File | 13.01 Gb Available in Paging File | 82.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420.33 Gb Total Space | 197.41 Gb Free Space | 46.96% Space Free | Partition Type: NTFS
Drive D: | 30.48 Gb Total Space | 4.97 Gb Free Space | 16.29% Space Free | Partition Type: NTFS
 
Computer Name: JEAN-PC | User Name: Jean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-3258969739-3741549816-3797926332-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CC34008-43BA-4DC4-99CA-446748B03B52}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{1F10E61F-AE81-432E-9D89-B99521A45806}" = lport=139 | protocol=6 | dir=in | app=system |
"{29C9BBF2-1633-45A5-9C0D-C534631E4D03}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{34FBCD7A-12B9-4C71-875E-A92EBE6D87E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D6DD7A4-205E-42A9-9D71-F99ED9C403A9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{56DD71DE-2223-460C-BD01-7580ABE55380}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |
"{61745196-7E0B-4D84-9050-3831933AA321}" = lport=445 | protocol=6 | dir=in | app=system |
"{6223368D-C016-4F30-94F0-2E8F1897488B}" = rport=138 | protocol=17 | dir=out | app=system |
"{6767D215-0ABB-459B-9949-C11B8DADF342}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6850E910-D022-44E3-8D9B-1544C0BC072A}" = rport=139 | protocol=6 | dir=out | app=system |
"{94AC5801-FAA7-4463-823A-E58985E55AE1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{9BE3600E-EED1-42EE-B8B8-EFDA7FA132BE}" = rport=137 | protocol=17 | dir=out | app=system |
"{C872CD99-8A2B-4D32-96E2-264745CF548D}" = lport=138 | protocol=17 | dir=in | app=system |
"{C8F7C6A7-1E62-4BC1-904B-E8408B709DD4}" = rport=445 | protocol=6 | dir=out | app=system |
"{E1B88FDB-00F8-4BA3-B895-09106BF647FA}" = lport=137 | protocol=17 | dir=in | app=system |
"{F7A92F15-1153-4E91-A0EE-B71C746F0C92}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014DCF30-403E-49E1-A313-C597DC69D8F4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{021F700A-7E3A-4EE9-87A0-A71256449298}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{0654ED73-F4F0-4488-AE67-E41B135E0411}" = protocol=58 | dir=in | [email protected],-28545 |
"{12F4FD41-A1BF-48BA-9344-E0AEFA00FFB7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{18376548-0AD0-496B-87D5-5546DB084CD7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{1BBC2790-5564-4DE9-90C7-ADAC07DC5885}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2C00551E-77B6-4AF5-947E-1F744463AE6F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{2C430264-65CF-414D-A7B9-803467C1F021}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2D8BC2F2-456C-4980-80BC-2CBD4ED0267A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2DD33C2C-DC15-460B-8FD8-673E0988C0C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{35EDE792-CFA1-447B-B63E-1777BD531867}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{3C7FA76E-EC75-41FA-ACA8-C3A2D0730608}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3DDAB8AD-2D22-45EE-982D-F8FA8F5FC626}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{3E8FF2D2-FBF5-4BFE-A503-ADA7878538EF}" = dir=in | app=c:\users\jean\appdata\local\torch\plugins\torrent\torchtorrent.exe |
"{42D0B24F-8CE0-4C27-9600-03946B572635}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4DACF0DB-4C83-4F7E-A62C-FB61372C9EFE}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{50CE0BFB-4F37-429D-B9B2-FA511CBA2D96}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{515F01B0-23C3-430D-BB47-450C56CE08A2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{56458945-5F86-498F-AD06-5A231839BD04}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{57D65159-418D-4589-85B6-AE8F57AD277C}" = protocol=6 | dir=in | app=c:\users\jean\appdata\roaming\dropbox\bin\dropbox.exe |
"{5BB5CE05-DA8D-4A0C-B18F-C11EFA45E691}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{5E994429-7E91-415F-8AB7-8D1464D16B7D}" = protocol=17 | dir=in | app=c:\users\jean\appdata\roaming\dropbox\bin\dropbox.exe |
"{65B63E07-B4E9-4B4A-B731-B2E1463F98CE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{677877AC-941C-4852-B05D-2B7A70FA61F4}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{6F8AAEB6-32D7-45EE-AAC0-6F6374ED3D7A}" = protocol=1 | dir=in | [email protected],-28543 |
"{7D35408A-960A-494E-9155-A87C21943FCC}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{7E522BFD-29B4-4CB3-AC04-EFD424C34E98}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{80146BDA-48F9-4EF5-9D35-BABB96A0DCE6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{83FD6EC0-A585-4F0B-ABF8-1EFC686571F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{87BD150F-E255-45F4-BE6A-084497A6CE92}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8B0B7B91-6545-4186-8F87-142328E95C21}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8EBFA48C-29B7-4C4E-B6D1-F4BB6E21FB82}" = protocol=17 | dir=in | app=c:\users\jean\downloads\2013070519462851d6b21405873.exe |
"{98FE9273-1B32-44CB-8175-C9256369978B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9B48461F-2C50-45D2-A9E2-6E25AD5E953C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{9F2C9685-943B-45B6-841C-814162458B4E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A3B30D26-98D2-427A-929C-B5A4BED1888D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{A482BFA8-E7E3-4C10-99EC-640855FFDE04}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{A6232041-7E55-4EE4-9DB9-337FA94CDDC9}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A6768AFE-149F-41D7-8267-DD3F46625FC5}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A7711278-E816-40C2-AA4C-F00D7631DD72}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |
"{AB0C2B1C-C6C0-4F41-A6B8-AC73A0191C80}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{AF658821-E7E4-42A0-9CFB-DC9AA0ED96D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{AFE4091B-E6DC-48A6-9CC4-83FD3B172B79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3CE384E-BCD4-41BA-93A3-F14A5C03EC25}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{B6EA9E30-039A-4D80-9C5D-6D897CFC7070}" = protocol=6 | dir=in | app=c:\users\jean\downloads\2013070519462851d6b21405873.exe |
"{C0D773C6-CC5D-4D78-B8EE-919CBBB4B30A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{C5745D1D-AE54-4118-A732-90AF5AA174FE}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C662AAE4-ADD4-445B-8EC7-425DDC87795E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C77F613B-65BE-4D83-9D92-2EFB5B89A1E2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA430A69-D13D-459B-838C-7B0F4CD360EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D798D800-ED6D-42A0-A734-A2F8A3907D7E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D8B8EF18-53E7-4E4F-ADB6-E19CF51016E3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{DA725506-3953-4A96-BA23-00A432898F0D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{DE078489-A43D-4975-9DCA-C0040229D05A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{E17CA40C-B4F0-4256-B7D8-CB610AA9E6A6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{E2D4D5CF-7E58-455A-82C1-096C21D511CB}" = protocol=1 | dir=out | [email protected],-28544 |
"{F33563FD-69F3-43B7-9BC5-4F667D5DB71C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{F36F896B-6BDE-4062-AAF0-6FD5EA9B1082}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.6\flashbuilder.exe |
"{FA9BE90E-1967-49D5-9791-343E6208918E}" = protocol=58 | dir=out | [email protected],-28546 |
"{FDFD6B32-C2A7-476F-A10A-30EF3B719327}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{02E5BCCA-317C-418F-9E06-42526E050829}" = Windows Live Family Safety
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6096C0CC-7E19-4355-87F0-627EC5AA146D}" = iCloud
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A7500970-FE98-11E1-B560-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B678797F-DF38-4556-8A31-8B818E261868}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Premium Sound Control Panel
"{F46AA0F1-E284-4878-A462-5F11B9166C0E}" = iTunes
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.20
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{381CC72A-6BC3-430a-A847-A7BCEB63A8A1}" = SPSS 13.0 for Windows
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C39EF9B4-0C4F-4D48-8665-8FD45BFF3961}" = Lenovo MuteSync
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2DC2589-C894-43DD-BA70-8FDCA7360584}" = 5600
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Avira AntiVir Desktop" = Avira Internet Security
"BitComet" = BitComet 1.35
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup" = DivX Setup
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{C39EF9B4-0C4F-4D48-8665-8FD45BFF3961}" = Lenovo MuteSync
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"LINE" = LINE
"Mozilla Firefox 32.0.2 (x86 en-US)" = Mozilla Firefox 32.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MpcStar" = MpcStar 5.3
"NJStar Communicator" = NJStar Communicator
"Photodex Presenter" = Photodex Presenter
"ProShow Producer" = ProShow Producer
"RealPlayer 15.0" = RealPlayer
"RealPlayer 16.0" = RealPlayer
"Steam App 212500" = The Lord of the Rings Online™
"Steam App 570" = Dota 2
"VeriFace" = VeriFace
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3258969739-3741549816-3797926332-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Torch" = Torch
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21/9/2014 12:38:56 PM | Computer Name = Jean-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22/9/2014 9:01:01 AM | Computer Name = Jean-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22/9/2014 9:23:30 AM | Computer Name = Jean-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22/9/2014 10:06:07 AM | Computer Name = Jean-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22/9/2014 10:54:51 AM | Computer Name = Jean-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22/9/2014 11:15:03 AM | Computer Name = Jean-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22/9/2014 11:31:13 AM | Computer Name = Jean-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rndlresolversvc.exe, version: 0.0.0.0,
time stamp: 0x520c0269  Faulting module name: rndlresolversvc.exe, version: 0.0.0.0,
 time stamp: 0x520c0269  Exception code: 0xc0000005  Fault offset: 0x00003035  Faulting
 process id: 0xbc4  Faulting application start time: 0x01cfd67a2f2b0680  Faulting application
 path: C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe  Faulting
 module path: C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
Report
 Id: 7bf3ad7e-426d-11e4-8677-047d7b8d997d
 
Error - 22/9/2014 11:32:20 AM | Computer Name = Jean-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23/9/2014 5:03:20 AM | Computer Name = Jean-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23/9/2014 7:13:14 AM | Computer Name = Jean-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 7/9/2014 11:44:30 PM | Computer Name = Jean-PC | Source = Service Control Manager | ID = 7000
Description = The HP Network Devices Support service failed to start due to the
following error:   %%1053
 
Error - 8/9/2014 11:54:08 AM | Computer Name = Jean-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
 timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
 your computer manufacturer for an upgraded BIOS. In some situations, this error
 may cause the computer to function incorrectly.
 
Error - 21/9/2014 12:42:01 PM | Computer Name = Jean-PC | Source = Service Control Manager | ID = 7030
Description = The BDSGRTP Service service is marked as an interactive service.  
However, the system is configured to not allow interactive services.  This service
 may not function properly.
 
Error - 22/9/2014 9:05:59 AM | Computer Name = Jean-PC | Source = Service Control Manager | ID = 7022
Description = The NVIDIA Update Service Daemon service hung on starting.
 
Error - 22/9/2014 10:53:20 AM | Computer Name = Jean-PC | Source = Service Control Manager | ID = 7024
Description = The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific
 error %%0.
 
Error - 23/9/2014 5:02:12 AM | Computer Name = Jean-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Apple
 Mobile Device service to connect.
 
Error - 23/9/2014 5:02:12 AM | Computer Name = Jean-PC | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
 error:   %%1053
 
Error - 23/9/2014 7:12:12 AM | Computer Name = Jean-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Apple
 Mobile Device service to connect.
 
Error - 23/9/2014 7:12:12 AM | Computer Name = Jean-PC | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
 error:   %%1053
 
Error - 23/9/2014 7:22:35 AM | Computer Name = Jean-PC | Source = Service Control Manager | ID = 7031
Description = The Avira FireWall service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart
 the service.
 
 
< End of report >
 


  • 0

#5
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi,

 

A quick question, these folders are on your desktop. To your knowledge, are they legitimate?

 

[2014/04/14 22:26:38 | 000,000,000 | ---D | M](C:\Users\Jean\Desktop\??????) -- C:\Users\Jean\Desktop\来自星星的你
[2014/04/14 21:53:07 | 000,000,000 | ---D | C](C:\Users\Jean\Desktop\??????) -- C:\Users\Jean\Desktop\来自星星的你


  • 0

#6
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi,

 

Ok, much work to do, so let's get started :)

 

 

I've spotted signs of a P2P program installed on your machine.

icon_exclaim.gifBe warned:

P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected: unsecured ports, downloaded cracks... There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

I'm rather sure that if you'll continue using P2P, you'll be often visiting our Malware Removal Forum.
I strongly recommend full uninstallation of any P2P apps (if so, please do it from the Control Panel > Add/Remove Programs), but if you want to leave them on your OS (cause this is optional), at least please refrain from using it until we finish our work with cleaning your computer now.

My friendly advice: at least, when downloading any files from P2P network, scan them at Jotti or VirScan.

 

Please uninstall the following two programs:
- BitComet
- Windows Sidebar
 
51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:

:Commands
[SetRestorePoint]
 
:otl
PRC - [2014/06/24 15:38:12 | 000,014,256 | ---- | M] () -- C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe
MOD - [2014/06/24 15:38:12 | 000,014,256 | ---- | M] () -- C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe
IE - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll File not found
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll File not found
FF - HKCU\Software\MozillaPlugins\wondershare.com/FantashowPlugin: C:\Program Files (x86)\Wondershare\Fantashow Plus\npFantashowPlugin.dll File not found
[2012/07/16 00:08:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Extensions
[2014/09/22 23:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\har2h3uw.default-1411397776565\extensions
[2014/09/22 01:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/09/22 01:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
O2 - BHO: (A1FD2BF5-1B68-0042-9CF6-7127D5E41514 Class) - {A1FD2BF5-1B68-0042-9CF6-7127D5E41514} - C:\Program Files (x86)\QvodPlayer\AddIn\{A1FD2BF5-1B68-0042-9CF6-7127D5E41514}\QvodAddr.dll File not found
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2:64bit: - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found
O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

:Files
C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe
 
:Commands
[ResetHosts]
[EmptyTemp]
[Reboot]
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

 

 

adwcleaner_new.png Scan with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your desktop.
 
  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and click Scan.
  • Upon completion, click Report. A log (AdwCleaner[R*].txt) will open.
 
Please include the contents of that file in your reply.
 

JRTbythisisu.png Fix with Junkware Removal Tool
 
Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
 
Please include the contents of that file in your reply.
 
Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.
 
51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
createsrpoint;
process;
services-list;
systemspecs;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;
installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 
To summarize, you'll posting back the OTL Moved File log, adwCleaner log, JRT log and ZOEK log.
 
And, let me know how the computer is working too.

 


  • 0

#7
capercat

capercat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Hi,

 

A quick question, these folders are on your desktop. To your knowledge, are they legitimate?

 

[2014/04/14 22:26:38 | 000,000,000 | ---D | M](C:\Users\Jean\Desktop\??????) -- C:\Users\Jean\Desktop\来自星星的你
[2014/04/14 21:53:07 | 000,000,000 | ---D | C](C:\Users\Jean\Desktop\??????) -- C:\Users\Jean\Desktop\来自星星的你

yes they are legitimate..i copied it from a friend


  • 0

#8
capercat

capercat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

below are the logs:

 

OTL log:

 

All processes killed
Error: Unable to interpret <:Commands [createrestorepoint] :otl  PRC - [2014/06/24 15:38:12 | 000,014,256 | ---- | M] () -- C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe> in the current context!
Error: Unable to interpret <MOD - [2014/06/24 15:38:12 | 000,014,256 | ---- | M] () -- C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02> in the current context!
Error: Unable to interpret <FF - user.js - File not found> in the current context!
Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found> in the current context!
Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context!
Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context!
Error: Unable to interpret <FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll File not found> in the current context!
Error: Unable to interpret <FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll File not found> in the current context!
Error: Unable to interpret <FF - HKCU\Software\MozillaPlugins\wondershare.com/FantashowPlugin: C:\Program Files (x86)\Wondershare\Fantashow Plus\npFantashowPlugin.dll File not found> in the current context!
Error: Unable to interpret <[2012/07/16 00:08:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Extensions> in the current context!
Error: Unable to interpret <[2014/09/22 23:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\har2h3uw.default-1411397776565\extensions> in the current context!
Error: Unable to interpret <[2014/09/22 01:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions> in the current context!
Error: Unable to interpret <[2014/09/22 01:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions> in the current context!
Error: Unable to interpret <CHR - default_search_provider: search_url => in the current context!
Error: Unable to interpret <CHR - default_search_provider: suggest_url => in the current context!
Error: Unable to interpret <O2 - BHO: (A1FD2BF5-1B68-0042-9CF6-7127D5E41514 Class) - {A1FD2BF5-1B68-0042-9CF6-7127D5E41514} - C:\Program Files (x86)\QvodPlayer\AddIn\{A1FD2BF5-1B68-0042-9CF6-7127D5E41514}\QvodAddr.dll File not found> in the current context!
Error: Unable to interpret <O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)> in the current context!
Error: Unable to interpret <O2:64bit: - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: []  File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000..\Run: [Power2GoExpress] NA File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001..\Run: [AdobeBridge]  File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\livecall - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msnim - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlpg - No CLSID value found> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\ms-help - No CLSID value found> in the current context!
Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
========== FILES ==========
File\Folder C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe :commands [resethosts] [emptytemp] [reboot] not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 09232014_221105

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


  • 0

#9
capercat

capercat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

adwcleaner log:

 

# AdwCleaner v3.310 - Report created 23/09/2014 at 22:20:36
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jean - JEAN-PC
# Running from : C:\Users\Jean\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Partner Service

***** [ Files / Folders ] *****

File Found : C:\Users\Jean\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
File Found : C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
File Found : C:\Users\Jean\Desktop\Torch.lnk
Folder Found : C:\Program Files (x86)\Common Files\baidu
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Uniblue
Folder Found : C:\ProgramData\Uniblue\DriverScanner
Folder Found : C:\Users\Jean\AppData\Local\torch
Folder Found : C:\Users\Jean\AppData\LocalLow\baidu
Folder Found : C:\Users\Jean\AppData\LocalLow\HPAppData
Folder Found : C:\Users\Jean\AppData\Roaming\baidu
Folder Found : C:\Users\Public\Device

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\torch
Key Found : [x64] HKCU\Software\StartSearch
Key Found : [x64] HKCU\Software\torch
Key Found : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Found : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9}
Key Found : HKLM\SOFTWARE\torch
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\Uniblue\DriverScanner
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.2 (x86 en-US)

[ File : C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\har2h3uw.default-1411397776565\prefs.js ]

Line Found : user_pref("extensions.ui.lastCategory", "addons://search/hao123");

-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4251 octets] - [23/09/2014 22:18:39]
AdwCleaner[R1].txt - [4149 octets] - [23/09/2014 22:20:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [4209 octets] ##########
 


  • 0

#10
capercat

capercat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.0 (09.22.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jean on Tue 23/09/2014 at 22:26:57.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Jean\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\Jean\appdata\local\torch"
Successfully deleted: [Folder] "C:\Users\Jean\appdata\locallow\baidu"
Successfully deleted: [Folder] "C:\Users\Jean\appdata\locallow\boost_interprocess"
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{0A33A2AC-5F00-4AAD-A8DD-8AB39FB60BF3}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{124399E1-2A2F-427C-8BF8-37BEB42F0DDE}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{1F563ADC-7A93-48A1-9A00-80AFD6196964}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{32FFDE14-5AA2-42AA-B2C6-341248CD8D40}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{429597EC-152E-4B67-92DA-D16D84D364B8}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{4AD0AB56-A452-48E2-93B7-458B1943A4A0}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{6412037C-432B-4750-9F5E-41BB84CB3D3C}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{79186122-D3AF-4B15-9C2A-5FF6FCF0DFCC}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{973E8574-ACA8-4697-86F1-87FE19883A5D}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{9950CEFE-F626-406E-AAEB-0E107CE1C11A}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{A8CDCFF2-3853-4D40-AA6A-A3AC6FFCF0E2}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{D86EFFE1-71D9-4316-A6F6-C99138CA39F0}
Successfully deleted: [Empty Folder] C:\Users\Jean\appdata\local\{E0331E94-EC7E-41ED-B6AE-F0386975051E}



~~~ FireFox

Successfully deleted the following from C:\Users\Jean\AppData\Roaming\mozilla\firefox\profiles\har2h3uw.default-1411397776565\prefs.js

user_pref("extensions.ui.lastCategory", "addons://search/hao123");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 23/09/2014 at 22:29:43.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

Advertisements


#11
capercat

capercat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Zoek.exe v5.0.0.0 Updated 21-09-2014
Tool run by Jean on Tue 23/09/2014 at 22:38:00.82.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jean\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

23/9/2014 10:40:37 PM Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

5600  
5600_Help  
5600Trb  
64 Bit HP CIO Components Installer  
Adobe Acrobat 9 Pro - English, Fran‡ais, Deutsch  
Adobe AIR  
Adobe Creative Suite 6 Master Collection  
Adobe Flash Player 15 ActiveX  
Adobe Flash Player 15 Plugin  
Adobe Help Manager  
Adobe Media Player  
Adobe Reader XI (11.0.08)  
AIO_CDB_ProductContext  
AIO_CDB_Software  
AIO_Scan  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
Avira Internet Security  
bl  
Bonjour  
BufferChm  
Copy  
D3DX10  
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition  
Destinations  
DeviceDiscovery  
DivX Setup  
DocProc  
Dota 2  
Dropbox  
Energy Management  
Fax  
Google Chrome  
Google Earth Plug-in  
Google Toolbar for Internet Explorer  
Google Update Helper  
GPBaseService2  
HP Customer Participation Program 13.0  
HP Imaging Device Functions 13.0  
HP Photosmart Essential 3.5  
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B  
HP Smart Web Printing 4.51  
HP Solution Center 13.0  
HP Update  
HPPhotoGadget  
HPPhotoSmartDiscLabelContent1  
HPPhotosmartEssential  
HPProductAssistant  
HPSSupply  
iCloud  
Intel® Control Center  
Intel® Management Engine Components  
Intel® Processor Graphics  
Intel® Rapid Storage Technology  
iTunes  
Java 7 Update 67  
Java Auto Updater  
Junk Mail filter update  
Lenovo Bluetooth with Enhanced Data Rate Software  
Lenovo EasyCamera  
Lenovo EE Boot Optimizer  
Lenovo MuteSync  
Lenovo OneKey Recovery  
Lenovo YouCam  
Lenovo_Wireless_Driver  
LINE  
MarketResearch  
Mesh Runtime  
Messenger ????  
Messenger ?????  
Messenger Companion  
Microsoft .NET Framework 4.5.1  
Microsoft Application Error Reporting  
Microsoft Office Access MUI (English) 2010  
Microsoft Office Access Setup Metadata MUI (English) 2010  
Microsoft Office Excel MUI (English) 2010  
Microsoft Office Home and Student 2010  
Microsoft Office Office 32-bit Components 2010  
Microsoft Office OneNote MUI (English) 2010  
Microsoft Office Outlook MUI (English) 2010  
Microsoft Office PowerPoint MUI (English) 2010  
Microsoft Office Proof (English) 2010  
Microsoft Office Proof (French) 2010  
Microsoft Office Proof (Spanish) 2010  
Microsoft Office Proofing (English) 2010  
Microsoft Office Publisher MUI (English) 2010  
Microsoft Office Shared 32-bit MUI (English) 2010  
Microsoft Office Shared MUI (English) 2010  
Microsoft Office Shared Setup Metadata MUI (English) 2010  
Microsoft Office Single Image 2010  
Microsoft Office Word MUI (English) 2010  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft_VC80_ATL_x86  
Microsoft_VC80_ATL_x86_x64  
Microsoft_VC80_CRT_x86  
Microsoft_VC80_CRT_x86_x64  
Microsoft_VC80_MFC_x86  
Microsoft_VC80_MFC_x86_x64  
Microsoft_VC80_MFCLOC_x86  
Microsoft_VC80_MFCLOC_x86_x64  
Microsoft_VC90_ATL_x86  
Microsoft_VC90_ATL_x86_x64  
Microsoft_VC90_CRT_x86  
Microsoft_VC90_CRT_x86_x64  
Microsoft_VC90_MFC_x86  
Microsoft_VC90_MFC_x86_x64  
Microsoft_VC90_MFCLOC_x86  
Mozilla Firefox 32.0.2 (x86 en-US)  
Mozilla Maintenance Service  
MpcStar 5.3  
MSVCRT  
MSVCRT Redists  
MSVCRT_amd64  
MSXML 4.0 SP2 (KB954430)  
MSXML 4.0 SP2 (KB973688)  
Network64  
NJStar Communicator  
NVIDIA Control Panel 285.90  
NVIDIA Graphics Driver 285.90  
NVIDIA Install Application  
NVIDIA Optimus 1.5.21  
NVIDIA Update Components  
OCR Software by I.R.I.S. 13.0  
Onekey Theater  
PDF Settings CS6  
ph  
Photodex Presenter  
Power2Go  
ProShow Producer  
PxMergeModule  
QuickTime 7  
RealDownloader  
RealNetworks - Microsoft Visual C++ 2008 Runtime  
RealNetworks - Microsoft Visual C++ 2010 Runtime  
RealPlayer  
Realtek Ethernet Controller Driver For Windows 7  
Realtek High Definition Audio Driver  
Realtek USB 2.0 Card Reader  
Realtek USB 2.0 Reader Driver  
RealUpgrade 1.1  
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)  
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition  
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition  
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition  
Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition  
Security Update for Microsoft Office 2010 (KB2881071) 64-Bit Edition  
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition  
Shop for HP Supplies  
Skype Toolbars  
SkypeT 6.20  
SmartWebPrinting  
SolutionCenter  
SPSS 13.0 for Windows  
SRS Premium Sound Control Panel  
Status  
Steam  
Synaptics Pointing Device Driver  
The Lord of the Rings OnlineT  
Toolbox  
Torch  
TrayApp  
UnloadSupport  
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition  
Update for Microsoft Excel 2010 (KB2889836) 64-Bit Edition  
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition  
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition  
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition  
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition  
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition  
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition  
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition  
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition  
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition  
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition  
UserGuide  
VC80CRTRedist - 8.0.50727.6195  
Vegas Pro 12.0 (64-bit)  
VeriFace  
WebReg  
Winamp  
Winamp Detector Plug-in  
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)  
Windows Live ???  
Windows Live ????  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Family Safety  
Windows Live ID Sign-in Assistant  
Windows Live Installer  
Windows Live Language Selector  
Windows Live Mail  
Windows Live Mesh  
Windows Live Mesh ActiveX Control for Remote Connections  
Windows Live Messenger  
Windows Live Messenger Companion Core  
Windows Live MIME IFilter  
Windows Live Movie Maker  
Windows Live Photo Common  
Windows Live Photo Gallery  
Windows Live PIMT Platform  
Windows Live Remote Client  
Windows Live Remote Client Resources  
Windows Live Remote Service  
Windows Live Remote Service Resources  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Windows Live Writer  
Windows Live Writer Resources  
WinRAR 4.20 (64-bit)  
Xilisoft Video Converter Ultimate 6  

==== Running Processes ======================

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe
C:\windows\SysWOW64\svchost.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Users\Jean\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Jean\Desktop\zoek.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [AntiVirFirewallService] - Avira FireWall - "C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe"
R2 - [AntiVirMailService] - Avira Mail Protection - "C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe"
R2 - [AntiVirSchedulerService] - Avira Scheduler - "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
R2 - [AntiVirService] - Avira Real-Time Protection - "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
R2 - [AntiVirWebService] - Avira Web Protection - "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE"
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [btwdins] - Bluetooth Service - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
R2 - [LMS] - Intel® Management and Security Application Local Management Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
R2 - [nvsvc] - NVIDIA Display Driver Service - C:\windows\system32\nvvsvc.exe
R2 - [nvUpdatusService] - NVIDIA Update Service Daemon - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
R2 - [RealNetworks Downloader Resolver Service] - RealNetworks Downloader Resolver Service - "C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe"
R2 - [ScsiAccess] - ScsiAccess - C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
R2 - [sppsvc] - Software Protection - C:\windows\system32\sppsvc.exe
R2 - [UNS] - Intel® Management and Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\windows\system32\SearchIndexer.exe /Embedding
R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
R3 - [VSS] - Volume Shadow Copy - C:\windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\windows\System32\alg.exe
S3 - [COMSysApp] - COM+ System Application - C:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [cphs] - Intel® Content Protection HECI Service - C:\windows\SysWow64\IntelCpHeciSvc.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\windows\system32\fxssvc.exe
S3 - [FLEXnet Licensing Service] - FLEXnet Licensing Service - "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [fsssvc] - Windows Live Family Safety Service - "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe"
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [gusvc] - Google Software Updater - "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\windows\system32\IEEtwCollector.exe /V
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\windows\system32\msiexec.exe /V
S3 - [ose64] - Office 64 Source Engine - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
S3 - [Partner Service] - Partner Service - "C:\ProgramData\Partner\Partner.exe"
S3 - [PerfHost] - Performance Counter DLL Host - C:\windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\windows\System32\snmptrap.exe
S3 - [Steam Client Service] - Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
S3 - [SwitchBoard] - SwitchBoard - "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
S3 - [TrustedInstaller] - Windows Modules Installer - C:\windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\windows\System32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\windows\system32\wbem\WmiApSrv.exe
S4 - [aspnet_state] - ASP.NET State Service - C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
S4 - [wlcrasvc] - Windows Live Mesh remote connections service - "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8097 MB
CPU Info: Intel® Core™ i5-2450M CPU @ 2.50GHz
CPU Speed: 2496.8 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel® HD Graphics 3000 | Intel® HD Graphics 3000 | NVIDIA GeForce GT 630M   | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe FE Family Controller | Broadcom 802.11n Network Adapter
CD / DVD Drives: 1x (E: | ) E: MATSHITADVD-RAM UJ8B1AS
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  420.3GB | D:  30.5GB | G:  465.8GB
Hard Disks - Free: C:  197.2GB | D:  5.0GB | G:  323.7GB
Manufacturer *: LENOVO    
BIOS Info: AT/AT COMPATIBLE | 11/07/11 | LENOVO - 6040000
Time Zone: Malay Peninsula Standard Time
Motherboard *: LENOVO                           KL6
Country: Singapore
Language: ENE

==== System Specs (Software) ======================

Anti-Virus: Avira Desktop On-access scanning disabled (Outdated)
Anti-Spyware: Avira Desktop disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: FireWall disabled
Default Browser: Firefox    32.0.2
Internet Explorer Version: 11.0.9600.17280
Mozilla Firefox version: 32.0.2 (x86 en-US)
Google Chrome version: 37.0.2062.120
Adobe Reader version: 11.0.8.4
Sun Java version: 1.7.0_67 (32-bit)
Flash Player version: 15.0.0.152

==== Files Recently Created / Modified ======================

====== C:\windows ====
====== C:\Users\Jean\AppData\Local\Temp ====
2014-09-23 14:35:00    4E566FEA83FCEEAF2873702806B55006    43008    ----a-w-    C:\Users\Jean\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfs74ll.dll
2014-09-23 14:26:33    2E0323A94915FAAB10A25F3BABF82584    157696    ----a-w-    C:\Users\Jean\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-09-23 12:33:32    B6F30625972B2B23418D478E6E2B7688    10432512    ----a-w-    C:\Users\Jean\AppData\Local\Temp\SkypeToolbars.msi
2014-09-23 12:31:35    E8B0B9E66DA893E477C468F8D1247A12    26923008    ----a-w-    C:\Users\Jean\AppData\Local\Temp\Skype.msi
====== Java Cache =====
====== C:\windows\SysWOW64 =====
2014-09-23 14:20:14    0DC5AF80D059DEC792B665ED598C6567    536576    ----a-w-    C:\windows\SysWOW64\sqlite3.dll
2014-09-22 13:42:47    07EF2978A5BC36720378F95566697FD8    272808    ----a-w-    C:\windows\SysWOW64\javaws.exe
2014-09-22 13:42:34    3BDEB17FE6390BFF1BF3A2D964DE8E48    175528    ----a-w-    C:\windows\SysWOW64\javaw.exe
2014-09-22 13:42:34    11FD45A41DF45298686ED39062AABE2A    175528    ----a-w-    C:\windows\SysWOW64\java.exe
2014-09-22 13:42:34    0F70F4DAF2BC5613EE75C9B2585CE67E    98216    ----a-w-    C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-17 18:05:53    297EF1AB73B8FCE76BCA1365C2E49AFC    440320    ----a-w-    C:\windows\SysWOW64\ieui.dll
2014-09-17 18:05:52    E3D7B3F64C30994409BDF8E48048A854    2724864    ----a-w-    C:\windows\SysWOW64\mshtml.tlb
2014-09-17 18:05:51    84E96F4AF8A7748A3DE7C3EBBC6768E5    365056    ----a-w-    C:\windows\SysWOW64\dxtmsft.dll
2014-09-17 18:05:51    6DD476318F524D2DCB73AFEB2EE27B4A    61952    ----a-w-    C:\windows\SysWOW64\MshtmlDac.dll
2014-09-17 18:05:51    4F2EDC301EC63F803C0FDB6CC87EDA24    454656    ----a-w-    C:\windows\SysWOW64\vbscript.dll
2014-09-17 18:05:51    42F6F28D4885505F687CAF0459FF9F90    112128    ----a-w-    C:\windows\SysWOW64\ieUnatt.exe
2014-09-17 18:05:51    010DFAF3EF93994B805BAA1493D47973    243200    ----a-w-    C:\windows\SysWOW64\dxtrans.dll
2014-09-17 18:05:50    D603AC77E17E5B9583E382F2EE0381A7    43008    ----a-w-    C:\windows\SysWOW64\jsproxy.dll
2014-09-17 18:05:50    CC8F34B345DA638D77BB48C035DA628D    164864    ----a-w-    C:\windows\SysWOW64\msrating.dll
2014-09-17 18:05:50    AA595171932ACC79DA9851067DCBDABF    32768    ----a-w-    C:\windows\SysWOW64\iernonce.dll
2014-09-17 18:05:50    8D4FCAB2643DFEF68040B70F1EDCCBC5    327872    ----a-w-    C:\windows\SysWOW64\iedkcs32.dll
2014-09-17 18:05:50    7C3D593AB1E2F5E5687D97772EF99AC7    61952    ----a-w-    C:\windows\SysWOW64\iesetup.dll
2014-09-17 18:05:50    77F79126444896B5867E6761490735B8    60416    ----a-w-    C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-17 18:05:50    2E2E40E5D92EEA979548E307C5781038    597504    ----a-w-    C:\windows\SysWOW64\jscript9diag.dll
2014-09-17 18:05:50    13C2C87C35E52AAB1B439FB2E26DF2DE    69632    ----a-w-    C:\windows\SysWOW64\mshtmled.dll
2014-09-17 18:05:50    074646C5A979DE79133DE4A8530A9C5D    603136    ----a-w-    C:\windows\SysWOW64\msfeeds.dll
2014-09-17 18:05:49    5074835337862817DB3726558D0908DE    51200    ----a-w-    C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-17 18:05:49    1D8C086A39B9794D7131384586811B25    678400    ----a-w-    C:\windows\SysWOW64\ieapfltr.dll
2014-09-17 18:05:48    88EBB8526981D03C5777AB0A4AEBA8B4    1068032    ----a-w-    C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-17 18:05:47    FD96C05DE700F5FD26273D6DDB6495A7    2185728    ----a-w-    C:\windows\SysWOW64\iertutil.dll
2014-09-17 18:05:47    D58988722C72D265B51A54103DFC2C6F    1812992    ----a-w-    C:\windows\SysWOW64\wininet.dll
2014-09-17 18:05:46    77B7DDF91F3ED2CDB6CF60224EE13433    4232704    ----a-w-    C:\windows\SysWOW64\jscript9.dll
2014-09-17 18:05:46    6A3A809CA7A8F40C89E6F1D301898A66    2014208    ----a-w-    C:\windows\SysWOW64\inetcpl.cpl
2014-09-17 18:05:46    41010A88B70A2168F801DC19EBD4CB4F    1190400    ----a-w-    C:\windows\SysWOW64\urlmon.dll
2014-09-17 18:05:45    A3560FAFC1686D5EE9830B33B5C74B66    11769856    ----a-w-    C:\windows\SysWOW64\ieframe.dll
2014-09-17 18:05:45    7BF1CE9240CB9DD27C3E30733176EB8E    17455104    ----a-w-    C:\windows\SysWOW64\mshtml.dll
2014-09-17 17:56:55    2413D2216D08FAF7D7178D9E0B481AEB    2285056    ----a-w-    C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-17 17:55:05    A6293CD660C1CA2A42EF001B0A0D2B11    10036224    ----a-w-    C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-17 16:15:59    A8DDB7ACB122FC36FF0D7C9B3099A380    793600    ----a-w-    C:\windows\SysWOW64\TSWorkspace.dll
2014-09-17 16:15:15    1B85FA0D0A93C011B76678733F39DB6C    550912    ----a-w-    C:\windows\SysWOW64\kerberos.dll
2014-09-17 16:15:14    B094390B6B2D0456821384771020870B    22016    ----a-w-    C:\windows\SysWOW64\secur32.dll
2014-09-17 16:15:14    10826DA2FC073702AEAB93AF3D73B066    96768    ----a-w-    C:\windows\SysWOW64\sspicli.dll
2014-09-17 16:14:38    79896A78039C9A63C56197843CFBAD0B    1987584    ----a-w-    C:\windows\SysWOW64\d3d10warp.dll
====== C:\windows\SysWOW64\drivers =====
====== C:\windows\Sysnative =====
2014-09-22 14:50:43    568F64A9712BEFA64BA027CF276104B5    1876    ----a-w-    C:\windows\Sysnative\.crusader
2014-09-17 18:05:53    9EFF09364ABDC86770FA0B1BCC9CA3C3    596480    ----a-w-    C:\windows\Sysnative\ieui.dll
2014-09-17 18:05:52    1BE1D1942825BE2146941DA274D2B92F    2724864    ----a-w-    C:\windows\Sysnative\mshtml.tlb
2014-09-17 18:05:51    EF79F0B9E0F277F5797C475DF4248B97    83968    ----a-w-    C:\windows\Sysnative\MshtmlDac.dll
2014-09-17 18:05:51    EE6B22396FA99639A163B1B7E9736669    4096    ----a-w-    C:\windows\Sysnative\ieetwcollectorres.dll
2014-09-17 18:05:51    A0600300428AB73664050659E738F11F    33792    ----a-w-    C:\windows\Sysnative\iernonce.dll
2014-09-17 18:05:51    786ECD92C9D77F571134283E0FABAF1A    289280    ----a-w-    C:\windows\Sysnative\dxtrans.dll
2014-09-17 18:05:51    641068C626DE3AD348871D0D7931A3FA    547328    ----a-w-    C:\windows\Sysnative\vbscript.dll
2014-09-17 18:05:51    4CF33E458BAEDA917CAE9F2E8338479C    446464    ----a-w-    C:\windows\Sysnative\dxtmsft.dll
2014-09-17 18:05:51    305D5395A65D00C74A94AEA40E9909E9    758272    ----a-w-    C:\windows\Sysnative\jscript9diag.dll
2014-09-17 18:05:51    2D95BDB699FA1D531B642EA18464FE05    139264    ----a-w-    C:\windows\Sysnative\ieUnatt.exe
2014-09-17 18:05:51    0113777A28BEC88A50C2566F346E4B58    72704    ----a-w-    C:\windows\Sysnative\JavaScriptCollectionAgent.dll
2014-09-17 18:05:50    E76C23C71345ACBC65ED8F6E87AD01D1    195584    ----a-w-    C:\windows\Sysnative\msrating.dll
2014-09-17 18:05:50    C07D636B0237172345E68AE8B70A2984    51200    ----a-w-    C:\windows\Sysnative\jsproxy.dll
2014-09-17 18:05:50    C067D863FCD53B91A5BF78AE1CE88E54    85504    ----a-w-    C:\windows\Sysnative\mshtmled.dll
2014-09-17 18:05:50    A1BB4CFB25F7CE1D4F67DD71111823AA    374968    ----a-w-    C:\windows\Sysnative\iedkcs32.dll
2014-09-17 18:05:50    68B0077C0D09D1B669A260F2921FD6B9    66048    ----a-w-    C:\windows\Sysnative\iesetup.dll
2014-09-17 18:05:50    33BAC6F66DB5FE5F7E20D41B025F490E    707072    ----a-w-    C:\windows\Sysnative\ie4uinit.exe
2014-09-17 18:05:50    2AEFBA4339A34C8EF021B49D23D1F1DF    727040    ----a-w-    C:\windows\Sysnative\msfeeds.dll
2014-09-17 18:05:49    920BD93A0B64657A20CA66C2EBB167EA    23591424    ----a-w-    C:\windows\Sysnative\mshtml.dll
2014-09-17 18:05:49    4C8838D7C13E9080AF4B548CA791896B    1249280    ----a-w-    C:\windows\Sysnative\mshtmlmedia.dll
2014-09-17 18:05:49    227303FC6E95547EA274F4337BBC7278    48640    ----a-w-    C:\windows\Sysnative\ieetwproxystub.dll
2014-09-17 18:05:49    1439630B47D717960D59423958754394    775168    ----a-w-    C:\windows\Sysnative\ieapfltr.dll
2014-09-17 18:05:48    698C19E198F832E071778A1427E942C8    111616    ----a-w-    C:\windows\Sysnative\ieetwcollector.exe
2014-09-17 18:05:48    5A0C72B9D3CCA42D8AB74890C19443B2    940032    ----a-w-    C:\windows\Sysnative\MsSpellCheckingFacility.exe
2014-09-17 18:05:47    F6304AACC5744016770C8C797CAA2AF7    5833728    ----a-w-    C:\windows\Sysnative\jscript9.dll
2014-09-17 18:05:47    75498A52C2AE248DEE5BDF5209768963    2793984    ----a-w-    C:\windows\Sysnative\iertutil.dll
2014-09-17 18:05:47    39EBB9708453036A74C30C9A294023FF    2310656    ----a-w-    C:\windows\Sysnative\wininet.dll
2014-09-17 18:05:46    FECA80905D551074E1A9298BD98103B7    1447424    ----a-w-    C:\windows\Sysnative\urlmon.dll
2014-09-17 18:05:46    97752927B6E2401011A96E0D6082E403    2104832    ----a-w-    C:\windows\Sysnative\inetcpl.cpl
2014-09-17 18:05:45    BA56C68CCB912C4C08C97DD32C47AD31    13588480    ----a-w-    C:\windows\Sysnative\ieframe.dll
2014-09-17 17:56:55    3469B9FAE899139FEE7356E91693376A    2777088    ----a-w-    C:\windows\Sysnative\msmpeg2vdec.dll
2014-09-17 16:15:59    EFF3FF9D9E5BFD2A05390D959A1C3AD0    1031168    ----a-w-    C:\windows\Sysnative\TSWorkspace.dll
2014-09-17 16:15:16    33EF550DCCC58C93F5B65FD75BAD9832    728064    ----a-w-    C:\windows\Sysnative\kerberos.dll
2014-09-17 16:15:15    EE4B105F1DBE1E864AFC72E7F0315432    1460736    ----a-w-    C:\windows\Sysnative\lsasrv.dll
2014-09-17 16:14:38    224C2EEBAAF39CD93DE5332DBE5E5A95    2565120    ----a-w-    C:\windows\Sysnative\d3d10warp.dll
2014-09-17 16:14:36    E2BCB58869598B392D6A78953F61A2D9    578048    ----a-w-    C:\windows\Sysnative\aepdu.dll
2014-09-17 16:14:36    88BC88D0BDFB6BBE5765D5ABB233C110    424448    ----a-w-    C:\windows\Sysnative\aeinv.dll
====== C:\windows\Sysnative\drivers =====
2014-09-22 14:50:36    FCE2251FE4464DCAA2F4684F19A8EE9B    32512    ----a-w-    C:\windows\Sysnative\drivers\hitmanpro37.sys
====== C:\windows\Tasks ======
2014-09-23 11:12:36    918F1A23FAF10A66B5F4AB25C545050D    3336    ----a-w-    C:\windows\Sysnative\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3258969739-3741549816-3797926332-1001
====== C:\windows\Temp ======
======= C:\Program Files =====
2014-09-17 16:14:24    --------    d-----w-    C:\Program Files\iTunes
======= C:\PROGRA~2 =====
2014-09-23 12:33:28    --------    d-----w-    C:\PROGRA~2\COMMON~1\Skype
2014-09-22 13:42:59    --------    d-----w-    C:\PROGRA~2\COMMON~1\Java
2014-09-21 16:41:59    --------    d-----w-    C:\PROGRA~2\COMMON~1\Baidu
======= C: =====
2014-09-22 15:27:36    74A35F2163F3824AC0A88979DC7F1544    1731    ----a-w-    C:\DelFix.txt
====== C:\Users\Jean\AppData\Roaming ======
2014-09-23 12:33:35    --------    d-----w-    C:\Users\Jean\AppData\Local\Skype
2014-09-23 11:51:02    --------    d-----w-    C:\Users\Jean\AppData\Local\Apple Inc
2014-09-22 15:08:32    --------    d-sh--w-    C:\Users\Jean\AppData\Locallow\EmieUserList
2014-09-22 13:55:45    --------    d-sh--w-    C:\Users\Jean\AppData\Local\EmieUserList
2014-09-22 13:55:45    --------    d-sh--w-    C:\Users\Jean\AppData\Local\EmieSiteList
2014-09-21 16:42:04    --------    d-----w-    C:\windows\sysWoW64\config\systemprofile\AppData\Local\Temp
2014-09-21 16:42:02    --------    d-----w-    C:\windows\sysWoW64\config\systemprofile\AppData\Roaming\Baidu
2014-08-31 12:59:17    --------    d-sh--w-    C:\Users\Jean\AppData\Locallow\EmieSiteList
====== C:\Users\Jean ======
2014-09-23 14:22:34    483962C296153EB42BC2F9AF222945CC    1024790    ----a-w-    C:\Users\Jean\Desktop\JRT.exe
2014-09-23 14:17:26    1B151CCE618BE06C22B55FD4B502B75E    1373475    ----a-w-    C:\Users\Jean\Desktop\AdwCleaner.exe
2014-09-23 12:47:04    4ADCFEE16EE9978F06157634669D36FB    602112    ----a-w-    C:\Users\Jean\Downloads\OTL(1).exe
2014-09-23 12:33:28    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-23 12:30:49    F0201746A6262629A401D7B19A7F6BD1    1678440    ----a-w-    C:\Users\Jean\Downloads\SkypeSetup.exe
2014-09-23 11:51:02    --------    d-----r-    C:\Users\Jean\iCloudDrive
2014-09-23 10:39:50    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-22 14:23:38    --------    d-----w-    C:\ProgramData\HitmanPro
2014-09-22 13:42:34    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-17 16:15:39    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-17 16:14:24    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

====== C: exe-files ==
2014-09-23 14:26:33    2E0323A94915FAAB10A25F3BABF82584    157696    ----a-w-    C:\Users\Jean\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-09-23 10:38:33    82CDE74A95830C52D1482913F1B101B8    77104    ----a-w-    C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 4.0.3.56\SetupAdmin.exe
2014-09-23 10:38:32    82CDE74A95830C52D1482913F1B101B8    77104    ----a-w-    C:\Users\Jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G50W4PBC\SetupAdmin[1].exe
2014-09-22 13:42:30    F67D9621616CB31217A497FEDE4913F5    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\pack200.exe
2014-09-22 13:42:30    EC4C47AADE6606AFCDEAB28E29654ECE    75688    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
2014-09-22 13:42:30    CEEFA72555A8FAD52C29BA17AE3E6DEF    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\servertool.exe
2014-09-22 13:42:30    C3F55C9B02A22EC0B345E20AE9AE9B71    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\klist.exe
2014-09-22 13:42:30    BF918C9473D64BBD53C22C47045883F5    182696    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\jqs.exe
2014-09-22 13:42:30    A788E5ED0454307CBCFB95CC33E5F717    16808    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\orbd.exe
2014-09-22 13:42:30    A6B7A388547C4CDF4D8F2AF55D79AC85    145832    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
2014-09-22 13:42:30    8B986C008892DB58928BC72483ADF7B9    16808    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe
2014-09-22 13:42:30    7ED5C21F9F29B5278FFF39718C667235    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\ktab.exe
2014-09-22 13:42:30    7DC9A0127F850997B4CFD9923C680D7D    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\keytool.exe
2014-09-22 13:42:30    7BDCC29DDFBB355761A018A74D4A1E8C    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe
2014-09-22 13:42:30    7A17013ABD895DFBD61A5AF9996D0E5E    50088    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe
2014-09-22 13:42:30    48442596BFEB26E56898A0E4D2596A95    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\policytool.exe
2014-09-22 13:42:30    34CEC403ED594B55D55DED61A3A53DAF    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\rmid.exe
2014-09-22 13:42:30    0371CFD6228F89B5B9E20F67807987FE    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\kinit.exe
2014-09-22 13:42:29    F69D8BDC202973592D710BC913D01919    48040    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe
2014-09-22 13:42:29    C8883F91C31CAC40890AC8B668E05F61    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe
2014-09-22 13:42:29    8B657BA869AE7D3C6A29792C986E0DD5    68008    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
2014-09-22 13:42:29    3BDEB17FE6390BFF1BF3A2D964DE8E48    175528    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\javaw.exe
2014-09-22 13:42:29    11FD45A41DF45298686ED39062AABE2A    175528    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\java.exe
2014-09-22 13:42:29    07EF2978A5BC36720378F95566697FD8    272808    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\javaws.exe
2014-09-22 13:41:26    3842C46F2FBC7522EF625F1833530804    145408    ----a-w-    C:\Users\Jean\AppData\LocalLow\Sun\Java\jre1.7.0_67\lzma.exe
2014-09-21 15:44:28    6734F08196F8356C98284F86E8BD897F    415248    ----a-w-    C:\ProgramData\NVIDIA\Updatus\Download\62CD\updatus.18892431_RUNASUSER.exe
2014-09-17 18:05:53    ED689CF5DA7A0374D2A8E3A8550522F7    483328    ----a-w-    C:\Program Files\Internet Explorer\ieinstal.exe
2014-09-17 18:05:53    665256B575BF83E4B188BE73450C5C29    470016    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-09-17 18:05:53    4DABFE3A9D3C67E9D9AD83C7F8FAD855    222720    ----a-w-    C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-09-17 18:05:53    0D75A74E925F00D9F256F6A53733DAF8    222720    ----a-w-    C:\Program Files\Internet Explorer\ielowutil.exe
2014-09-17 18:05:46    EEA63B8CF19E59C4A51AD2D9A59DDA25    812216    ----a-w-    C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-09-17 18:05:46    9540F3F5489747E71101E8AC9850CC79    810168    ----a-w-    C:\Program Files\Internet Explorer\iexplore.exe
2014-09-17 16:29:10    198DC8EE284854EBDCB0977FCEA50B18    2391632    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\37.0.2062.120\37.0.2062.120_37.0.2062.103_chrome_updater.exe
2014-09-17 16:07:10    7F0EA97D34043B6BC47FAB8BF472B3E5    77136    ----a-w-    C:\ProgramData\Apple Computer\Installer Cache\iTunes 11.4.0.18\SetupAdmin.exe
=== C: other files ==
2014-09-23 14:26:33    F24622BE24B6D6835B3BAD1C74CFF842    156556    ----a-w-    C:\Users\Jean\AppData\Local\Temp\jrt\misc.bat
2014-09-23 14:26:33    DD1E4D974B1672ABD09EFFB225791C4A    1230    ----a-w-    C:\Users\Jean\AppData\Local\Temp\jrt\TDL4.bat
2014-09-23 14:26:33    AD2F52DC72B10AF331692E4A4DD80DFC    18670    ----a-w-    C:\Users\Jean\AppData\Local\Temp\jrt\medfos.bat
2014-09-23 14:26:33    8E6020C14F982CF11B3FE7DBB0CB8EDE    24738    ----a-w-    C:\Users\Jean\AppData\Local\Temp\jrt\searchlnk.bat
2014-09-23 14:26:33    86707BCE5CBB65D9B1C41E249B4423BA    152733    ----a-w-    C:\Users\Jean\AppData\Local\Temp\jrt\firefox.bat
2014-09-23 14:26:33    83F691D8398F0E37E71E9355BF730DB9    719    ----a-w-    C:\Users\Jean\AppData\Local\Temp\jrt\ev_clear.bat
2014-09-23 14:26:33    78F1ABAE78A74DFF04CC3566641AE0C1    15198    ----a-w-    C:\Users\Jean\AppData\Local\Temp\jrt\get.bat
2014-09-23 14:26:33    654E9FE74B930A454EE5BDE165794B65    85    ----a-w-    C:\Users\Jean\AppData\Local\Temp\jrt\delorphans.bat
2014-09-23 14:26:33    5B71358F97544D9DE58A9A0893079506    39458    ----a-w-    C:\Users\Jean\AppData\Local\Temp\jrt\prelim.bat
2014-09-23 14:26:33    53B191266B30D57F2F835ABBF54C68C5    13963    ----a-w-    C:\Users\Jean\AppData\Local\Temp\jrt\chrome.bat
2014-09-23 14:26:33    38A0BDF322ACCC968B0A824C38D50157    29635    ----a-w-    C:\Users\Jean\AppData\Local\Temp\jrt\ask.bat
2014-09-23 14:26:33    335DFF8F23E5EC02B5426362F0F8509B    31401    ----a-w-    C:\Users\Jean\AppData\Local\Temp\jrt\iexplore.bat
2014-09-23 14:26:33    314BE336F37DA9033D0CF91E6F9F6559    10229    ----a-w-    C:\Users\Jean\AppData\Local\Temp\jrt\runvalues.bat
2014-09-23 14:26:33    0C4649A62845AB5D5DBCC4998477FF6D    1813    ----a-w-    C:\Users\Jean\AppData\Local\Temp\jrt\delfolders.bat
2014-09-22 14:50:36    FCE2251FE4464DCAA2F4684F19A8EE9B    32512    ----a-w-    C:\Windows\System32\drivers\hitmanpro37.sys
2014-09-22 14:11:37    9F62EAD1B6040522B1547CB13803E79A    608    ----a-w-    C:\Users\Jean\AppData\Local\Temp\2014092200006108.zip
2014-09-22 13:42:30    F3EABF8A2AF5C0D8BAE022EE6C17FD91    18650    ----a-w-    C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3258969739-3741549816-3797926332-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
"FactoryTest"="C:\Windows\Test.bat "

[HKEY_USERS\S-1-5-21-3258969739-3741549816-3797926332-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"iCloudDrive"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-3258969739-3741549816-3797926332-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MuteSync"="C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe"
"331BigDog"="C:\Program Files (x86)\USB Camera\VM331_STI.EXE"
"YouCam Mirage"="C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
"YouCam Tray"="C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe /s"
"VeriFaceManager"="C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe"
"UpdateP2GShortCut"="C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\5.0"
"UpdatePRCShortCut"="C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe C:\Program Files\Lenovo\OneKey App\OneKey Recovery UpdateWithCreateOnce Software\Lenovo\OneKey App\OneKey Recovery"
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe  -osboot"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"iCloudDrive"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\windows\\SysWOW64\\nvinit.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"Lenovo EE Boot Optimizer"="C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe"
"OnekeyStudio"="C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe"
"Energy Management"="C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"EnergyUtility"="C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"IgfxTray"="C:\windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\windows\system32\hkcmd.exe"
"Persistence"="C:\windows\system32\igfxpers.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\windows\\system32\\nvinitx.dll"

==== Startup Folders ======================

2013-09-09 15:25:26    1047    ----a-w-    C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-03-19 14:41:19    876    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
2012-11-13 06:28:49    2099    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

==== Task Scheduler Jobs ======================

C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [18/09/2014 01:55 AM]
C:\windows\tasks\AutoKMS.job --a------ C:\windows\AutoKMS.exe []
C:\windows\tasks\AutoKMSDaily.job --a------ C:\windows\AutoKMS.exe []
C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [19/03/2012 11:05 PM]
C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [19/03/2012 11:05 PM]

==== Other Scheduled Tasks ======================

"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\SysNative\tasks\AdobeAAMUpdater-1.0-Jean-PC-Jean" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\windows\SysNative\tasks\AutoKMS" [C:\windows\AutoKMS.exe]
"C:\windows\SysNative\tasks\AutoKMSDaily" [C:\windows\AutoKMS.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe]
"C:\windows\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3258969739-3741549816-3797926332-1001" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe]
"C:\windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3258969739-3741549816-3797926332-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3258969739-3741549816-3797926332-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-3258969739-3741549816-3797926332-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-3258969739-3741549816-3797926332-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\windows\SysNative\tasks\{54FA4CB8-A0BA-47E1-8CE1-2D17568A3DCE}" [C:\Program Files (x86)\Skype\Phone\Skype.exe]
"C:\windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [21/09/2013 10:27 AM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [13/11/2012 02:30 PM]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype extension for Firefox - %AppDir%\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\har2h3uw.default-1411397776565
DFC9460CC37E5C414DC4680B10C19E7A    - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll -    Shockwave Flash
B5371D2C9017EEE216B5361D600B3543    - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll -    iTunes Application Detector
BE126CB7049E89ED6F3038016668B502    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll -    RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll -    RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll -    RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll -    RealDownloader Plugin
6A03609A79D8C5ACECB66EED53F3A0AB    - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll -    RealNetworks™ Chrome Background Extension Plug-In (32-bit)
70677064555D2EB816249ABB0150951F    - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll -    RealPlayer™ HTML5VideoShim Plug-In (32-bit)


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 03:24 PM]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12/12/2011 09:13 PM]

Google Voice Search Hotword (Beta) - Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
RealDownloader - Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
DivX Plus Web Player HTML5 \u003Cvideo\u003E - Jean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm

==== Chromium Startpages ======================

C:\Users\Jean\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.co...ENN&bmod=LENN",
"startup_urls": [ "http://www.google.co...=LENN&bmod=LENN" ],


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft....?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IESR02"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown  Url="Not_Found"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Tue 23/09/2014 at 22:47:12.49 ======================

 


  • 0

#12
capercat

capercat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

after I've followed the above steps, the hao123 webpage still shows everytime i opened firefox and IE..it's still there. :(


  • 0

#13
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Unfortunately, the fix had an error in it. Let's try it again.

 

Please re-run OTL with this removal script included.

 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:

:Commands
[SetRestorePoint]

:otl
PRC - [2014/06/24 15:38:12 | 000,014,256 | ---- | M] () -- C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe
MOD - [2014/06/24 15:38:12 | 000,014,256 | ---- | M] () -- C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe
IE - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll File not found
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll File not found
FF - HKCU\Software\MozillaPlugins\wondershare.com/FantashowPlugin: C:\Program Files (x86)\Wondershare\Fantashow Plus\npFantashowPlugin.dll File not found
[2012/07/16 00:08:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Extensions
[2014/09/22 23:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\har2h3uw.default-1411397776565\extensions
[2014/09/22 01:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/09/22 01:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
O2 - BHO: (A1FD2BF5-1B68-0042-9CF6-7127D5E41514 Class) - {A1FD2BF5-1B68-0042-9CF6-7127D5E41514} - C:\Program Files (x86)\QvodPlayer\AddIn\{A1FD2BF5-1B68-0042-9CF6-7127D5E41514}\QvodAddr.dll File not found
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2:64bit: - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found
O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3258969739-3741549816-3797926332-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

:Files
C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe

:Commands
[ResetHosts]
[EmptyTemp]
[Reboot]
 
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.


  • 0

#14
capercat

capercat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

All processes killed
========== COMMANDS ==========
Error: Unable to interpret <[SetRestorePoint]> in the current context!
========== OTL ==========
No active process named QvodWebService.exe was found!
HKEY_USERS\S-1-5-21-3258969739-3741549816-3797926332-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3258969739-3741549816-3797926332-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qvod.com/QvodShare\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@qvod.com/QvodInsert\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\KuaiWanInsert\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\wondershare.com/FantashowPlugin\ deleted successfully.
C:\Users\Jean\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\har2h3uw.default-1411397776565\extensions folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\chrome\icons\default folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\chrome\icons folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1FD2BF5-1B68-0042-9CF6-7127D5E41514}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1FD2BF5-1B68-0042-9CF6-7127D5E41514}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D297}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8502600-B272-4F68-A67B-A0305D46D297}\ deleted successfully.
C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D298}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8502600-B272-4F68-A67B-A0305D46D298}\ deleted successfully.
C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3258969739-3741549816-3797926332-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FactoryTest deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3258969739-3741549816-3797926332-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3258969739-3741549816-3797926332-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
File C:\Program Files (x86)\Windows Sidebar\Sidebar.exe not found.
Registry value HKEY_USERS\S-1-5-21-3258969739-3741549816-3797926332-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3258969739-3741549816-3797926332-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe moved successfully.
========== COMMANDS ==========
File move failed. C:\windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 68121 bytes
->Temporary Internet Files folder emptied: 64932 bytes
->Flash cache emptied: 41620 bytes
 
User: Jean
->Temp folder emptied: 7962337550 bytes
->Temporary Internet Files folder emptied: 39340688 bytes
->Java cache emptied: 319748 bytes
->FireFox cache emptied: 141312172 bytes
->Google Chrome cache emptied: 179894826 bytes
->Flash cache emptied: 1853 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 151593077 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42306659 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 8,123.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09232014_231338

Files\Folders moved on Reboot...
File move failed. C:\windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\Jean\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


  • 0

#15
capercat

capercat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

thankssssssss!it works! hao123 no longer show~does this means the problem is solved?do I need to remove the adwclearner,jrt,zoek etc?


Edited by capercat, 23 September 2014 - 09:24 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP