Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hao123 Firefox Homepage Hijack

Started by mijellin , Nov 14 2014 02:35 PM

  • This topic is locked This topic is locked

#1
mijellin
Posted 14 November 2014 - 02:35 PM

mijellin

    Member

  • Member
  • PipPip
  • 43 posts

Problem: firefox opens hao123.com on start.

How infected: every time I restart the PC, QQ (Chinese chat client: http://im.qq.com/) asks to make changes to my computer. I choose no everytime, but recently I accidentally clicked yes, and the problem began.

Solutions attempted: ADWCleaner, windows defender, resetting firefox to default settings. All to no avail.

 

OTL logfile created on: 11/14/2014 3:28:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\GYe\Downloads
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17416)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.90 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 52.60% Memory free
5.28 Gb Paging File | 3.63 Gb Available in Paging File | 68.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.24 Gb Total Space | 40.89 Gb Free Space | 36.76% Space Free | Partition Type: NTFS
 
Computer Name: YEG15-S | User Name: GYe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/14 15:28:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GYe\Downloads\OTL.exe
PRC - [2014/11/11 17:24:22 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
PRC - [2014/11/11 00:14:54 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/10/14 08:41:52 | 000,368,760 | ---- | M] (Sogou.com Inc.) -- C:\Program Files (x86)\SogouInput\Components\SGImeGuard\1.0.0.27\SGImeGuard.exe
PRC - [2014/09/24 06:13:36 | 000,127,080 | ---- | M] (Sogou.com Inc.) -- C:\Windows\SysWOW64\IME\SogouPY\SogouImeBroker.exe
PRC - [2014/09/24 06:13:36 | 000,107,112 | ---- | M] (Sogou.com Inc.) -- C:\Windows\SysWOW64\IME\SogouPY\SogouImeLoader.exe
PRC - [2014/09/24 03:34:20 | 000,714,344 | ---- | M] (Sogou.com Inc.) -- C:\Program Files (x86)\SogouInput\7.2.1.3694\SogouSmartInfo.exe
PRC - [2014/09/24 03:34:18 | 000,535,656 | ---- | M] (Sogou.com Inc.) -- C:\Program Files (x86)\SogouInput\7.2.1.3694\SogouCloud.exe
PRC - [2014/06/24 02:38:12 | 000,014,256 | ---- | M] () -- C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.53\QvodWebService.exe
PRC - [2013/10/13 22:42:06 | 001,012,616 | ---- | M] (Flux Software LLC) -- C:\Users\GYe\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2013/08/21 23:17:05 | 000,374,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2012/10/09 11:00:04 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/11 17:24:19 | 016,840,880 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
MOD - [2014/11/11 00:14:52 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/10/12 22:09:41 | 000,129,640 | ---- | M] () -- C:\Program Files (x86)\SogouInput\Components\SgAppender\1.0.0.207\SgAppender_Dll.dll
MOD - [2014/09/24 06:13:36 | 000,051,816 | ---- | M] () -- C:\Windows\SysWOW64\IME\SogouPY\SogouImeBrokerPS.dll
MOD - [2014/06/24 02:38:12 | 000,014,256 | ---- | M] () -- C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.53\QvodWebService.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/05 17:37:38 | 000,028,696 | ---- | M] (Box, Inc.) [On_Demand | Stopped] -- C:\Program Files\Box\Box Sync\SyncUpdaterService.exe -- (BoxSyncUpdateService)
SRV:64bit: - [2014/10/30 23:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/06 20:54:27 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/09/24 03:19:36 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/09/24 02:52:52 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/09/24 02:52:49 | 000,834,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/09/24 02:35:26 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/09/24 02:25:48 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/09/24 02:25:47 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/09/24 02:25:41 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/09/24 02:25:39 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/09/24 02:25:38 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/09/24 02:25:34 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/09/24 01:53:31 | 000,183,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2014/09/24 01:53:30 | 000,090,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2014/09/21 22:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/21 22:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/08/15 22:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/15 19:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/15 19:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/08/22 06:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 06:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 06:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 06:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 06:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 05:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 05:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 04:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 04:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 04:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 04:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 04:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 04:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 04:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 04:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2014/11/11 17:24:22 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/11 00:14:53 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/24 03:19:34 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/08/15 22:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/04/13 17:52:49 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2014/01/29 22:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/21 22:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 21:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/10/09 12:02:20 | 000,219,776 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/10/09 11:00:04 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2012/09/23 19:43:36 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/09 20:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/09/24 03:51:20 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/09/24 02:53:02 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/09/24 02:52:53 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/09/24 02:52:51 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/09/24 02:35:14 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/09/24 02:35:09 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/09/24 02:35:09 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/09/24 02:25:40 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/09/24 02:25:35 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/09/24 02:25:19 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/09/24 02:25:18 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/09/24 02:25:18 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/09/24 02:25:18 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2014/09/24 02:25:18 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/09/24 02:25:18 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/09/24 02:25:18 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/09/24 02:25:18 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/09/24 02:25:18 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/09/24 02:25:18 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/09/24 01:53:33 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2014/09/24 01:53:21 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2014/09/24 01:53:21 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2014/09/24 01:53:21 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2014/09/24 01:53:21 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2014/09/24 01:53:21 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014/09/21 22:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/21 22:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/21 21:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/08/14 19:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/04/28 05:33:30 | 000,599,240 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2014/01/29 22:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 06:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:30 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthA2DP.sys -- (BthA2DP)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 06:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 06:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 06:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/12 03:12:08 | 000,329,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2013/08/11 19:52:08 | 000,363,920 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 09:45:02 | 003,680,256 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/10/09 11:41:40 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/10/09 11:41:40 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.8,zh-Hans-CN;q=0.5,zh-Hans;q=0.3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 67 EB F0 D7 F9 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com...99_oem_dg&ch=33
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npOpenPlatform: C:\Program Files (x86)\Common Files\Tencent\OpenPlatform\3.0.0.3200\npQPMWebGamePlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QQMiniDLPlugin: C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tencent.com/npQQMailWebKit,version=1.0.0.1: C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@tencent.com/nptxftnWebKit,version=1.0.0.1: C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll ()
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\GYe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\GYe\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\GYe\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\GYe\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013/08/12 08:40:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/12 09:14:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/11 00:14:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/11 00:14:37 | 000,000,000 | ---D | M]
 
[2013/08/13 21:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GYe\AppData\Roaming\mozilla\Extensions
[2014/11/14 15:26:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GYe\AppData\Roaming\mozilla\Firefox\Profiles\hlln9ncr.default-1415995211653\extensions
[2014/11/11 00:14:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/11 00:14:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/15 03:30:36 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\SysWOW64\npDeployJava1.dll
CHR - default_search_provider: C71447D0FA275BE41D729147511B8F8ED93C7220A165D32AEF87CB59CD5982A0 (Enabled)
CHR - default_search_provider: search_url = 0A31F13E5FD11D399C446EBDD1B4E81622484B859405F8BC13548002297059F4
CHR - default_search_provider: suggest_url =
CHR - homepage: EA578D3C85F594264383D857537057DA84E4E74CCD2ECB10C6AB4C9227B859B9
CHR - Extension: Google Docs = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Ratings Preview for YouTubeâ„¢ = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\4.0_0\
CHR - Extension: Google Search = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Tampermonkey = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.9_0\
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.7.52_0\
CHR - Extension: EditThisCookie = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\1.4.1_0\
CHR - Extension: AdBlock = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.13.2_0\
CHR - Extension: AdBlock = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.13_0\
CHR - Extension: RealDownloader = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.5.2_0\
CHR - Extension: Cargo Bridge = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: StayFocusd = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.5.5_0\
CHR - Extension: Google Wallet = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Unblock Youku = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.7.5.8_0\
CHR - Extension: Gmail = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/01/07 13:06:47 | 000,000,915 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 http://www.weibo.com/glen2flora
O1 - Hosts: 127.0.0.1 http://weibo.com/glen2flora
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (7425EAC0-E90E-0D4C-D827-45EDD30A4367 Class) - {7425EAC0-E90E-0D4C-D827-45EDD30A4367} - C:\Program Files (x86)\QvodPlayer\AddIn\{7425EAC0-E90E-0D4C-D827-45EDD30A4367}\QvodAddr.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (QQMiniDL Helper Class) - {C9C7334B-5657-41e1-8F79-F6AACECA05F4} - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AccountProtectBHO Class) - {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} - C:\Users\GYe\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll File not found
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BoxSync] c:\Program Files\Box\Box Sync\BoxSync.exe (Box, Inc.)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros Commnucations)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [f.lux] C:\Users\GYe\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [ImeGuardCom] C:\Program Files (x86)\SogouInput\Components\SGImeGuard\1.0.0.27\SGImeGuard.exe (Sogou.com Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: ʹÓÃQQÏÂÔØÖúÊÖÏÂÔØ - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\xfgeturl.htm File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: ʹÓÃQQÏÂÔØÖúÊÖÏÂÔØ - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\xfgeturl.htm File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = darden.virginia.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFDF6C1E-8929-45E1-9A02-CFD0F3DAF20B}: DhcpNameServer = 8.8.8.8 8.8.4.4 208.67.220.220
O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\KuGoo {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\KGMusic\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
O18 - Protocol\Handler\KuGoo3 {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\KGMusic\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/14 15:08:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/14 15:00:16 | 000,000,000 | ---D | C] -- C:\Users\GYe\Desktop\Old Firefox Data
[2014/11/14 14:55:37 | 000,000,000 | -HSD | C] -- C:\Users\GYe\AppData\Local\EmieBrowserModeList
[2014/11/13 10:00:41 | 000,000,000 | --SD | C] -- C:\Users\GYe\Box Sync
[2014/11/11 00:14:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/11/05 11:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SogouPY.users
[2014/11/04 17:01:29 | 000,000,000 | ---D | C] -- C:\Users\GYe\OneDrive
[2014/11/04 11:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\Box
[2014/11/02 12:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft Games
[2014/11/02 12:37:59 | 000,000,000 | ---D | C] -- C:\Users\GYe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubi Soft Games
[2014/11/02 12:36:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\UbiSoft
[2014/10/28 17:47:02 | 000,000,000 | ---D | C] -- C:\Users\GYe\AppData\Roaming\SolidDocuments
[2014/10/21 15:25:03 | 000,000,000 | -HSD | C] -- C:\Users\GYe\AppData\Local\EmieUserList
[2014/10/21 15:25:03 | 000,000,000 | -HSD | C] -- C:\Users\GYe\AppData\Local\EmieSiteList
[2014/10/15 15:41:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[3 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[3 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[2 C:\Users\GYe\Desktop\*.tmp files -> C:\Users\GYe\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/14 15:24:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/11/14 15:16:56 | 000,864,878 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/11/14 15:16:56 | 000,732,214 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/11/14 15:16:56 | 000,136,162 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/11/14 15:15:00 | 000,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4089884131-1929928377-388966078-1001UA.job
[2014/11/14 15:15:00 | 000,000,864 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4089884131-1929928377-388966078-1001Core.job
[2014/11/14 15:14:31 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/11/14 15:12:48 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/14 15:12:30 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/11/14 15:12:28 | 3354,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/14 15:05:00 | 000,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/13 21:41:38 | 000,000,548 | ---- | M] () -- C:\WINDOWS\SysNative\ricdb.ini
[2014/11/13 21:07:40 | 002,518,286 | ---- | M] () -- C:\Users\GYe\Desktop\image2014-11-13-135236.pdf
[2014/11/13 21:06:30 | 000,003,949 | ---- | M] () -- C:\Users\GYe\Desktop\Capture5.PNG
[2014/11/13 21:01:09 | 000,001,192 | ---- | M] () -- C:\Users\GYe\Desktop\Capture4.PNG
[2014/11/13 20:59:44 | 000,000,609 | ---- | M] () -- C:\Users\GYe\Desktop\Capture3.PNG
[2014/11/13 20:47:20 | 000,001,192 | ---- | M] () -- C:\Users\GYe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
[2014/11/13 14:02:05 | 000,000,368 | ---- | M] () -- C:\Users\GYe\Desktop\Capture2.PNG
[2014/11/13 13:59:18 | 000,001,018 | ---- | M] () -- C:\Users\GYe\Desktop\Capture.PNG
[2014/11/13 12:57:21 | 000,185,543 | ---- | M] () -- C:\Users\GYe\Desktop\ye health insurance for gfe.pdf
[2014/11/13 10:01:56 | 000,001,149 | ---- | M] () -- C:\Users\GYe\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/11/13 10:00:41 | 000,001,574 | ---- | M] () -- C:\Users\GYe\Desktop\Box Sync.lnk
[2014/11/13 09:57:44 | 000,483,936 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/11/12 16:52:36 | 1486,671,868 | ---- | M] () -- C:\Users\GYe\Desktop\OOOOOGGG_84579347589.rar
[2014/11/05 10:07:57 | 000,103,768 | ---- | M] () -- C:\Users\GYe\Desktop\HIA Case Study Overview MBA_09.15.14.pdf
[2014/11/03 10:33:11 | 000,367,436 | ---- | M] () -- C:\Users\GYe\Desktop\ledina lushko.pdf
[2014/10/21 11:53:09 | 000,009,202 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/10/20 15:58:13 | 000,002,301 | ---- | M] () -- C:\Users\GYe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/16 19:16:22 | 000,000,000 | ---- | M] () -- C:\Users\GYe\AppData\Local\{B9306911-D47D-48FF-916A-250D6217CC48}
[2014/10/16 12:24:47 | 000,907,469 | ---- | M] () -- C:\Users\GYe\Desktop\Hearthstone_Screenshot_10.16.2014.13.24.47.png
[3 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[3 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[2 C:\Users\GYe\Desktop\*.tmp files -> C:\Users\GYe\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/13 21:04:26 | 000,003,949 | ---- | C] () -- C:\Users\GYe\Desktop\Capture5.PNG
[2014/11/13 21:01:09 | 000,001,192 | ---- | C] () -- C:\Users\GYe\Desktop\Capture4.PNG
[2014/11/13 20:59:44 | 000,000,609 | ---- | C] () -- C:\Users\GYe\Desktop\Capture3.PNG
[2014/11/13 14:42:19 | 002,518,286 | ---- | C] () -- C:\Users\GYe\Desktop\image2014-11-13-135236.pdf
[2014/11/13 14:02:04 | 000,000,368 | ---- | C] () -- C:\Users\GYe\Desktop\Capture2.PNG
[2014/11/13 13:59:18 | 000,001,018 | ---- | C] () -- C:\Users\GYe\Desktop\Capture.PNG
[2014/11/13 12:57:21 | 000,185,543 | ---- | C] () -- C:\Users\GYe\Desktop\ye health insurance for gfe.pdf
[2014/11/13 10:00:41 | 000,001,574 | ---- | C] () -- C:\Users\GYe\Desktop\Box Sync.lnk
[2014/11/12 16:27:06 | 1486,671,868 | ---- | C] () -- C:\Users\GYe\Desktop\OOOOOGGG_84579347589.rar
[2014/11/12 09:55:49 | 000,389,176 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/11/05 10:07:57 | 000,103,768 | ---- | C] () -- C:\Users\GYe\Desktop\HIA Case Study Overview MBA_09.15.14.pdf
[2014/11/02 23:08:18 | 000,367,436 | ---- | C] () -- C:\Users\GYe\Desktop\ledina lushko.pdf
[2014/10/21 11:53:09 | 000,009,202 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/10/16 19:16:22 | 000,000,000 | ---- | C] () -- C:\Users\GYe\AppData\Local\{B9306911-D47D-48FF-916A-250D6217CC48}
[2014/10/16 12:24:47 | 000,907,469 | ---- | C] () -- C:\Users\GYe\Desktop\Hearthstone_Screenshot_10.16.2014.13.24.47.png
[2014/09/24 02:25:52 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/09/24 02:25:21 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/03/16 17:39:54 | 000,000,954 | ---- | C] () -- C:\Users\GYe\AppData\Roaming\coreavc.ini
[2014/01/29 22:02:42 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2014/01/29 22:02:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014/01/29 22:02:20 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/08/18 21:10:01 | 000,007,605 | ---- | C] () -- C:\Users\GYe\AppData\Local\Resmon.ResmonCfg
[2013/08/14 21:33:36 | 000,018,760 | ---- | C] () -- C:\WINDOWS\SysWow64\QQVistaHelper.dll
[2013/08/12 09:03:33 | 000,821,592 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/05/22 15:32:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SysWow64\BRTCPCON.DLL
[2013/05/22 15:32:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SysWow64\BRLMW03A.INI
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/30 19:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 17:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/09/30 21:22:26 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\Battle.net
[2014/09/05 21:25:16 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\BitComet
[2014/11/03 22:23:57 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\Foxit Software
[2014/05/25 23:56:55 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\GouWo
[2014/03/22 07:32:53 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\KGDataBak
[2014/11/13 09:39:15 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\KuGou8
[2013/09/30 08:01:31 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\Oracle
[2014/10/28 17:47:02 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\SolidDocuments
[2014/10/12 16:06:02 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\Spotify
[2014/10/30 18:37:37 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\uTorrent
[2014/01/22 16:52:48 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\webex
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2014/11/07 23:14:00 | 000,009,445 | ---- | M] ()(C:\Users\GYe\Desktop\??v2.xlsx) -- C:\Users\GYe\Desktop\筛子v2.xlsx
[2014/11/06 23:17:20 | 000,002,063 | ---- | M] ()(C:\Users\GYe\Application Data\Microsoft\Internet Explorer\Quick Launch\???????.lnk) -- C:\Users\GYe\Application Data\Microsoft\Internet Explorer\Quick Launch\搜狗高速浏览器.lnk
[2014/10/21 16:51:38 | 000,000,165 | -H-- | M] ()(C:\Users\GYe\Desktop\~$??v2.xlsx) -- C:\Users\GYe\Desktop\~$筛子v2.xlsx
[2014/10/21 16:51:38 | 000,000,165 | -H-- | C] ()(C:\Users\GYe\Desktop\~$??v2.xlsx) -- C:\Users\GYe\Desktop\~$筛子v2.xlsx
[2014/10/12 20:39:46 | 000,002,063 | ---- | C] ()(C:\Users\GYe\Application Data\Microsoft\Internet Explorer\Quick Launch\???????.lnk) -- C:\Users\GYe\Application Data\Microsoft\Internet Explorer\Quick Launch\搜狗高速浏览器.lnk
[2014/02/26 12:34:02 | 000,009,445 | ---- | C] ()(C:\Users\GYe\Desktop\??v2.xlsx) -- C:\Users\GYe\Desktop\筛子v2.xlsx
(C:\Users\GYe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???????) -- C:\Users\GYe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\搜狗高速浏览器
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\GYe\OneDrive:ms-properties

< End of report >


 


  • 0

Advertisements

#2
zep516
Posted 14 November 2014 - 05:07 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


Please post the Extra's .txt log report it gets minimized to the task bar when you run OTL.

Can't find the log. Then open otl and in the registry group place a check mark in the "All" box. Scan with OTL. It will create the extra's log. Post it.

Thanks
Joe :)
  • 0

#3
mijellin
Posted 14 November 2014 - 05:50 PM

mijellin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

OTL Extras logfile created on: 11/14/2014 6:36:07 PM - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\GYe\Downloads

64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17416)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.90 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 24.50% Memory free

5.28 Gb Paging File | 2.48 Gb Available in Paging File | 46.88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 111.24 Gb Total Space | 40.57 Gb Free Space | 36.47% Space Free | Partition Type: NTFS

 

Computer Name: YEG15-S | User Name: GYe | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (All) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm[@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)

.cpl[@ = cplfile] -- C:\WINDOWS\SysNative\control.exe (Microsoft Corporation)

.hlp[@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)

.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.inf[@ = inffile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.ini[@ = inifile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

.js[@ = JSFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)

.jse[@ = JSEFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)

.reg[@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)

.txt[@ = txtfile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.vbe[@ = VBEFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)

.vbs[@ = VBSFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)

.wsf[@ = WSFFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)

.wsh[@ = WSHFile] -- C:\WINDOWS\SysNative\WScript.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- "%1" %*

.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)

.cmd [@ = cmdfile] -- "%1" %*

.com [@ = comfile] -- "%1" %*

.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)

.exe [@ = exefile] -- "%1" %*

.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)

.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.inf [@ = inffile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.ini [@ = inifile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\WINDOWS\SysWow64\rundll32.exe (Microsoft Corporation)

.js [@ = JSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)

.jse [@ = JSEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)

.pif [@ = piffile] -- "%1" %*

.reg [@ = regfile] -- C:\WINDOWS\SysWow64\regedit.exe (Microsoft Corporation)

.scr [@ = scrfile] -- "%1" /S

.txt [@ = txtfile] -- C:\WINDOWS\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.vbe [@ = VBEFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)

.vbs [@ = VBSFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)

.wsf [@ = WSFFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)

.wsh [@ = WSHFile] -- C:\WINDOWS\SysWow64\WScript.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office15\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)

regfile [open] -- regedit.exe "%1" (Microsoft Corporation)

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office15\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)

regfile [open] -- regedit.exe "%1" (Microsoft Corporation)

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]

"UpgradeTime" =  [binary data]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]

"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

 

========== Firewall Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"EnableFirewall" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]

"AllowUserPrefMerge" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]

"AllowUserPrefMerge" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]

"Enabled" = 1

"RemoteAddresses" = *

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]

"AllowUserPrefMerge" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]

"AllowUserPrefMerge" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]

"Enabled" = 1

"RemoteAddresses" = *

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0BB54C8D-F29A-42FE-BAC3-08C53B7CBB5E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe |

"{13A63D87-386B-43E8-9CB6-EBD37193701A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

"{5D76F665-E1BC-4DE9-A19A-A5F4C40B0B82}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E8A95C29-D2A5-4582-9802-DC95484B46F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00AF6FE2-17A3-48C4-88A5-5D3C3E158F4A}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\qqprotect\bin\qqprotect.exe |

"{01E544CE-2734-42D3-ACA6-37651C554CF3}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sgtool.exe |

"{02456DC6-A67C-4D11-AF99-9E4901B13F95}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe |

"{024DEC76-AA4F-42C9-8A23-2EF74C977E48}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\components\sogoucommgr.exe |

"{04B2EA0E-9312-497E-9115-CBA377663A7B}" = dir=out | name=@{microsoft.bingtravel_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |

"{056EC65D-BA0A-4D99-9CFE-54ADC260B077}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2638\agent.exe |

"{07A87ABA-3472-4CA6-8D67-3D1F8FF5F3BB}" = dir=out | name=onenote |

"{07B8621D-001D-44C1-9950-DACB7E4A1DA4}" = dir=in | app=c:\program files (x86)\tencent\qq\bin\setupex\setupex.exe |

"{089F8250-C08C-4C0E-8FD2-6DC3CED47AC6}" = dir=in | name=check point vpn |

"{08BFA525-9B8E-4300-8005-8A18EED78294}" = dir=out | name=sonicwall mobile connect |

"{09BB7B25-B34D-4254-8684-4F889DECD93C}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\auclt.exe |

"{0A7E7952-2A33-4DB8-939A-032E1C814AA9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2638\agent.exe |

"{0C1D6952-C96E-4FEB-9FA8-AF4DE7E23860}" = dir=in | app=c:\users\public\documents\tencent\qqgamemicro\qqgamemicro.exe |

"{0C473913-68C8-47ED-9123-B25C768CFA53}" = dir=out | name=f5 vpn |

"{105AD0CB-4B79-4ADD-B7F4-102018D9543D}" = protocol=6 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kgservice.exe |

"{10A4AE9F-070B-4402-92D5-B629E891C310}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\imeutil.exe |

"{10BBF8CF-613C-44E6-B1A9-E826F3B88177}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |

"{12D3C305-0DEC-4DDD-B9E6-BC5553E338EF}" = dir=in | app=c:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe |

"{12EA64CD-7445-4C0B-BFB6-4A33B717927C}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sogoucloud.exe |

"{13110F75-EC15-47D5-A70D-2B5554830F3E}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sgmedalloader.exe |

"{157886EC-F01C-481C-AFCA-483F1BC69EE9}" = protocol=17 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kugou.exe |

"{1874D88F-D0BC-4005-A695-DFCAAB8131B3}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{1966AFF8-CF35-4EBB-A5DF-CC977504EA4B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |

"{199B7B14-F1E4-437D-B688-57FAD2F21B9C}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |

"{1A94CB41-0C3A-4D0E-A184-0ED2A42BA69A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |

"{1AD7C603-F7F6-48A4-8B86-3AC29C0A1A23}" = dir=out | name=@{microsoft.bingmaps_2.1.2922.2139_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{1B4497D4-85D1-4858-8A12-BF0B307F226A}" = dir=out | name=@{microsoft.bingweather_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |

"{1C3A66E7-3753-4027-B7E9-EADF0C351B56}" = dir=out | name=sonicwall mobile connect |

"{1E137592-9B96-49C3-A69B-D8B8FA602F13}" = dir=out | name=@{microsoft.bingsports_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |

"{1F809953-21DF-4205-84A1-B27330036955}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{1FEB9FE4-0283-4BB8-803E-828AD64360F2}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |

"{20B15818-E41C-4CCB-9593-28B176D14DDA}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\imeutil.exe |

"{221EF4A1-7B3D-4CCF-B31B-4D125CC633E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |

"{230E6FA7-45B8-451E-82BC-1C85111018DA}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{23505FE2-DF44-4E39-BD15-70510B9EB306}" = dir=in | name=skype |

"{256A0AC4-67AF-4E13-9E3B-DF56275F1F93}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qzonemusic\qzonemusic.exe |

"{27375AE1-7AE4-42FB-BB58-2921480765F6}" = dir=out | name=onenote |

"{278C7ED6-5FF0-4FFF-A5C0-233FCC231235}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\imeutil.exe |

"{2ADF776A-2872-42C8-8E38-1C79FEEE9C58}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |

"{2BA55C96-CDDD-42D2-B9FE-CF97B570A364}" = dir=out | name=@{microsoft.bingfinance_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |

"{2D12F310-145E-4F80-96BF-89D8C3CCA658}" = dir=out | name=@{microsoft.zunevideo_2.2.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |

"{322485BB-D8CC-4160-8F3C-A214A57198A3}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |

"{34AF8197-140A-4C64-BE97-A09C692A2CE9}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{362AA85F-0353-4DCA-A960-7FFA0A75C9B4}" = dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |

"{364BCF23-B483-4455-9685-D00C8616E822}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sgmedalloader.exe |

"{36EEB583-3EA5-406C-9008-009CF8DDA70E}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |

"{378D4A12-2450-47F6-B046-E830025DBF28}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sgmedalloader.exe |

"{39A76C93-B378-4F1B-BBC3-EC6411F374DD}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sogoucloud.exe |

"{3A7959FD-2414-4BB4-B383-B228669AF964}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{3BD9CC19-12E5-4D0B-AAC9-F606D67F6C78}" = protocol=6 | dir=in | app=c:\users\public\sogouinput\usbdt\octopusdownloader.exe |

"{3D5BD0D0-8C83-459B-977C-F214C4561252}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3454\agent.exe |

"{3DB82561-4ECC-4429-96C6-A05A2DDA3606}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sgmedalloader.exe |

"{3DD7A5C5-9686-44B0-9D43-81EDB023D6B6}" = dir=in | app=c:\program files (x86)\common files\tencent\qqminidl\60\qqminidlui.exe |

"{3E2A8DFB-2B28-431E-A975-B2B318B72BDA}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\qqprotect\bin\qqprotect.exe |

"{3E5344C5-3B65-46E8-ACF5-7D27EBD163A3}" = dir=out | name=@{microsoft.bingnews_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |

"{3F6EA4D8-3789-4D77-9D32-89F178AD6B7B}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{3F99C437-B901-46CC-BBFD-48086B2CF7BB}" = dir=in | name=juniper networks junos pulse |

"{3FFA76FB-E1E4-45E2-93DB-28AC424D6E89}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3FFD9F56-81E5-461B-8BF9-428055F52F2F}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |

"{4020FD45-4AF6-4359-A1EB-EF3871240DAB}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sgmedalloader.exe |

"{406634B5-4ED2-4B24-ACEA-9A7293AE1A4F}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sgdownload.exe |

"{4081E871-13CD-45EF-BE0B-097D8AAF0200}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sgmedalloader.exe |

"{415352B2-F67B-492F-8EE8-9A3AE6C86117}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |

"{41DE0CCC-12EF-42FC-B7C5-10F863F9A975}" = dir=in | name=juniper networks junos pulse |

"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |

"{429A0353-52DC-41A7-81FA-04ECCED06E47}" = protocol=17 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kugou.exe |

"{434CFDB3-DC73-4A29-B0EF-603204EA1374}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{44AE4B15-30E9-4268-BCAE-A738A84734C0}" = dir=in | name=f5 vpn |

"{44DED6C5-593C-49A3-A73C-8E13ECA96023}" = dir=out | name=windows_ie_ac_001 |

"{45E3EFFF-B34F-4968-8E21-5B44AD02129C}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |

"{4B605476-0ECC-4AC9-85A8-D8C98005F47C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3427\agent.exe |

"{4B9E01DF-9491-4C06-8290-A287D20FE064}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |

"{4DFFF567-EF70-42EA-B62C-425116B4942F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |

"{51E8829F-BE14-434D-A8A9-4B141F67FCA4}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |

"{5241CCB3-F774-4DD0-879F-4B721463A373}" = dir=out | name=check point vpn |

"{5298E274-CB83-4064-9B69-B8EA258EDC66}" = dir=in | name=f5 vpn |

"{53D7EF67-1AA2-4B4F-8C4D-5808612916A2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3507\agent.exe |

"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |

"{5630417D-DD59-4C2E-A262-B030AEC8EF32}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |

"{581664AA-2DE1-4CE0-8392-A99541122A88}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |

"{591D3D6E-557A-406C-A792-6D3162AC6A19}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\components\sogoucommgr.exe |

"{5B4C29E6-9DA6-41B2-BB35-DC520F99A6EC}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |

"{5D67E0F7-B574-4DC6-9E5A-9AD83878FF6D}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sgdownload.exe |

"{5DAC9D91-D2DB-4E1A-9E89-5DED6AD3467C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3478\agent.exe |

"{5E45BA47-3731-4EE8-B34D-4B5E82585581}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |

"{5E60455B-DF1C-401B-9EE3-C865B086049D}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |

"{5F5C05FF-8D65-45F7-A46A-5D61E3A99E39}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\pinyinup.exe |

"{602C1A21-F9C1-408C-9287-01E3A2F840E4}" = dir=out | name=skype |

"{60B8AB50-E8AC-4E7D-85E4-58104C627743}" = dir=out | name=@{microsoft.bingsports_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |

"{65C16D8E-4F3E-44B5-9B9D-0C7400894B6D}" = dir=in | name=onenote |

"{6624F931-2ACE-4ADD-A290-7AE45BEBBB68}" = protocol=17 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kgservice.exe |

"{664005F8-D1CB-4605-88FB-08BC48C76773}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3526\agent.exe |

"{69F68A97-A447-462D-A3DD-76A33330C40B}" = dir=in | app=c:\program files (x86)\tencent\qq\bin\malauncher.exe |

"{6B75924B-5330-4BE9-8F94-3E17CF57EE5B}" = dir=out | name=@{microsoft.zunemusic_2.2.903.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |

"{6C5F42DA-8BD9-493C-ABC2-719559A0D9D3}" = dir=out | name=@{microsoft.bingnews_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |

"{6DDCF050-5EDC-4CE0-A58D-8AE792B61715}" = dir=out | name=skype |

"{6E40950D-298B-4FAC-AD4E-9E86B3764543}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{6E5A1DA1-C09F-46AF-B3EA-2B5402D92A96}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\pinyinup.exe |

"{6E749050-E206-4305-9AD5-D5D077B38B2C}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{6FC979F5-CE1D-4C21-9B4D-B876FFC71817}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe |

"{719AFDAC-C7E1-474E-9D9C-07689DC22546}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |

"{72E715DA-1E5A-4D44-85A0-D352888A46CF}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |

"{758FD6D3-F3A3-4335-9246-F4A275E1177C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3454\agent.exe |

"{7672064D-FA53-446B-9322-AEF0B0BF5C1D}" = dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\128\tencentdl.exe |

"{76E0BA0B-F82A-4564-8BE6-EB2E4983FC1F}" = dir=out | name=@{microsoft.zunemusic_2.2.903.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |

"{774C6BA5-28A1-42D6-A089-B5E5AD5E4B4B}" = dir=in | app=c:\program files (x86)\common files\tencent\qqminidl\60\qqgameupui.exe |

"{7801E300-033C-40F4-AD18-45372D6F14BD}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

"{796A3B80-EE4A-41B2-AB29-29853ACFE141}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{79A0D9C1-725F-4CEB-9190-63832A153177}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qzonemusic\qzonemusic.exe |

"{79CF3A72-40C5-4111-BDA5-AEE0522DBB75}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{8345B831-0C49-472C-AD7D-07D735478916}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3478\agent.exe |

"{834C7BB1-0E54-4937-AF3D-B180DC769ECF}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\imeutil.exe |

"{83B1C4D4-4555-4449-893D-ABD9BA83B720}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\components\sogoucommgr.exe |

"{85A0590A-E817-43AF-9050-94DA10B840B1}" = protocol=6 | dir=in | app=c:\users\public\sogouinput\usbdt\octopusdownloader.exe |

"{878CD41F-B67C-4F32-B4B0-1FE7491E05B2}" = dir=out | name=@{microsoft.bingtravel_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |

"{8AC417D9-5ACA-4481-9379-D564F4FD8CCC}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |

"{8AE3C612-592C-4E38-86E5-BBBE5FB46E7C}" = dir=in | name=sonicwall mobile connect |

"{8CDDED6B-0578-48F7-BA59-DB4B2342C680}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

"{8E005E78-8741-4537-A3C2-F58909C53DBD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3427\agent.exe |

"{8E7877E7-2524-4980-A15B-17B951819BAC}" = dir=in | app=c:\users\public\documents\tencent\qqgamemicro\qqgamemicro.exe |

"{8FC3DE7A-86D5-4490-8610-BFCBA44840BC}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |

"{9058E8B1-4F60-42BF-8DFC-2F4B23BF22E7}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |

"{9399757F-085E-43F7-AD55-6135CD1A7984}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |

"{95C91D81-4138-4526-B7FF-7F03311525EC}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\pinyinup.exe |

"{9B77E68E-8B68-48BF-AB41-B13299885D97}" = dir=out | name=@{microsoft.bingmaps_2.1.2922.2139_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{9C1B1828-66F0-4523-9553-5B1476E19C51}" = dir=in | app=c:\program files (x86)\tencent\qq\bin\maupdat.exe |

"{9CB378C6-BFB1-4778-B0E7-9985EE46A42E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |

"{9CCBD097-9A94-4F23-A680-B768830D2904}" = dir=in | name=skype |

"{9D98AECB-2552-4FFF-B464-D7FC50D28F75}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |

"{9DCCD757-5EC3-48BB-AA1A-83BEBD64256A}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sgtool.exe |

"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{A1FC39AF-9784-4B35-AE5D-3B5C4D013AA4}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |

"{A4A60D48-9838-42D9-833B-A36F0DE9E184}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qzonemusic\qzonemusic.exe |

"{A57AAF54-5411-46B1-9426-06C08EEEAF65}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{A644C50A-0B2B-4C86-919E-78753AF93BE4}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\components\sogoucommgr.exe |

"{A69BD06C-2FDE-4A35-9462-B42A5576A7D8}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{A7CCF989-F761-4EBA-AA87-E836ED24743C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3507\agent.exe |

"{A8EFD34C-37CB-47E4-93BD-78261FBA7324}" = dir=out | name=check point vpn |

"{AC09AE38-1695-4B32-A77A-38F13E36390E}" = dir=out | name=juniper networks junos pulse |

"{AE07FB8E-4075-4ED8-93F6-955BDF46281E}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |

"{B06CB47C-1306-49E6-BE8E-1115762D93BF}" = protocol=6 | dir=in | app=c:\users\gye\appdata\roaming\tencent\qq\stemp\backupdltmp\download\miniqtupdate.exe |

"{B2065185-DF69-4AB1-8242-08C977447E93}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sogoucloud.exe |

"{B29240D1-109F-4E5C-BD32-64F6D893D95A}" = protocol=6 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kugou.exe |

"{B3D00519-D9D7-4762-9012-4935DD448B5E}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\components\sogoucommgr.exe |

"{B4180370-8B5A-4227-AF36-EC6A2D6A03A6}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\auclt.exe |

"{B589B475-DB0D-4DBC-813D-6E9639D34B5D}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{B60E902E-77EF-4E0E-A6AA-17AEE07B98C2}" = dir=in | name=microsoft minesweeper |

"{B70D624A-0591-43C8-9EE7-49DF631AAD28}" = dir=in | app=c:\program files (x86)\tencent\qq\bin\txupd.exe |

"{B7366DC0-9AD4-414B-9A0D-8810653803A4}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |

"{B7480B90-113E-483C-BC0B-DC1F90697AED}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |

"{BA3A4D64-C952-4F4D-AB53-35910A14691C}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\pinyinup.exe |

"{BA959D41-139C-4935-8B19-570BDD4894D6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |

"{BAFE2DAD-315C-48F7-8B33-7E7CE3F06565}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |

"{BD2A487C-7043-4E14-AF26-4F6E52011752}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |

"{BE3F8418-6684-4269-BB6C-17F5497D3DA3}" = protocol=17 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kgservice.exe |

"{BED390A7-EEA2-4860-AA7A-0084C9EDDBE4}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sgdownload.exe |

"{BEE1AF34-10F9-4C6D-A5AA-18A6A552CB9F}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sgtool.exe |

"{BF85B253-81E3-44CF-BB2B-11A44BF46645}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe |

"{BFAFAD03-7826-412C-84CA-6084C8CDF094}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{C098F20A-8E03-40DD-BBB6-39505A0290DE}" = dir=in | app=c:\users\public\documents\tencent\qqgamemicro\ieproc.exe |

"{C1BE9017-E4E4-4944-A560-52EC2597D958}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{C66BBC63-91C9-44AA-9CCA-1F6A00387E5F}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |

"{C8C0A215-DA79-4446-B67F-5C36559ADA99}" = dir=out | name=microsoft minesweeper |

"{C91AA6E9-2D9D-4096-B3FF-35D9F041B545}" = protocol=17 | dir=in | app=c:\users\gye\appdata\roaming\tencent\qq\stemp\backupdltmp\download\miniqtupdate.exe |

"{CCB16155-D291-4A2D-8772-7F9A3F6DB041}" = protocol=6 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kgservice.exe |

"{CCD0C25B-8A27-47B9-9C00-1C942EEDFE96}" = dir=out | name=f5 vpn |

"{CDCFD920-7351-4A2B-BC83-ACA55B73167D}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sgtool.exe |

"{CEE128FA-362D-4111-9E32-9CB2CE026893}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{CFB88849-4B9B-4167-A6B6-089204218D21}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\pinyinup.exe |

"{D287F2BC-D6EB-4156-8606-CFF7EB2E0BF8}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |

"{D5524083-ABAC-4653-8210-D61B39568E7C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |

"{D58C5C70-FDD5-4156-893D-6FB59F39C1D2}" = dir=out | name=@{microsoft.bingfinance_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |

"{D5E751DB-B0B6-4EAE-9BE1-97E0C241D0C0}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |

"{D672FEC6-4E91-455E-BC48-DA553998B7D8}" = dir=in | name=check point vpn |

"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |

"{D7BDEA3F-A31C-4EBF-AA70-22FDEAB8412B}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\components\sogoucommgr.exe |

"{D7DE6FC2-660F-4050-856D-24C62C30E4A5}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{D7E56E83-16F9-413C-A740-631451C056D1}" = dir=in | name=onenote |

"{DAA91C4A-97B4-44CB-9FEC-A5DDB49FF517}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sgdownload.exe |

"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |

"{DCF0C03A-5839-4450-B8C8-D7197DDC31B6}" = dir=out | name=windows_ie_ac_001 |

"{DFF0EAD2-118A-4873-8F78-58C85E55D344}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\pinyinup.exe |

"{E0D183BE-D51C-45A0-9776-73DCFBE735E1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |

"{E1F9783F-0033-4D13-9683-65481B367DFC}" = protocol=6 | dir=in | app=c:\users\public\sogouinput\usbdt\octopusdownloader.exe |

"{E3A008E1-C75A-42D5-A436-49D5338E74E6}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |

"{E3B6BBAD-14F8-478E-B655-04DE883CE099}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe |

"{E5A9E40E-04A9-4B2A-B5D5-D768AAE39789}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |

"{E5C85E2F-DEFD-44FC-B054-753B65D217AA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe |

"{E5F341CF-6F53-4643-9D1D-54431EB6AE1E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3526\agent.exe |

"{E641D010-CB58-4F04-8D9E-E43C9DBE487A}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sgdownload.exe |

"{E6E1903B-021F-43E2-8B92-08A306414E6D}" = dir=in | name=sonicwall mobile connect |

"{E6F59A7A-FDB5-4F82-B9A1-E823E2808895}" = dir=in | app=c:\users\public\documents\tencent\qqgamemicro\ieproc.exe |

"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{E8F425D6-6A84-4F5E-BF7F-FC65B8DD5086}" = dir=out | name=@{microsoft.bingweather_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |

"{EA7E7225-D417-4A17-BA74-0A19E9BBB288}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe |

"{EAD8A616-15DD-43DC-8864-DCF1CB8C0208}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |

"{EB3F9D40-BB6F-45E0-9B8F-B6F7A0411B4A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe |

"{EBDD3261-A596-4851-9F67-6F861028EA37}" = protocol=17 | dir=in | app=c:\users\public\sogouinput\usbdt\octopusdownloader.exe |

"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |

"{EE512E26-149D-45F5-AE62-8E81521EFF54}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sogoucloud.exe |

"{EEFE06C2-F2DF-4B27-A48E-B398A5162D0C}" = dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\128\bugreport_xf.exe |

"{F078D47B-D873-4407-89DF-99CEF6816FB5}" = dir=out | name=@{microsoft.zunevideo_2.2.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |

"{F07A7465-CD55-4344-92F5-9C4CBEFCAC9D}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |

"{F4047161-9600-42C6-9499-C39F50840002}" = dir=out | name=juniper networks junos pulse |

"{F5755B8D-3CA0-410A-B3A3-5852FB9A2966}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\imeutil.exe |

"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |

"{F6475EFD-596E-4CCB-9191-D04DC21B8024}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sgtool.exe |

"{F659C855-F4DE-4B5C-BEE0-3B361A40A9F5}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sgtool.exe |

"{F6945D0A-DE17-4EEE-9735-41FB6A7F6446}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |

"{F74BB4ED-B47E-45DA-BA06-7F936B19CBBB}" = protocol=17 | dir=in | app=c:\users\public\sogouinput\usbdt\octopusdownloader.exe |

"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |

"{F7C2B174-8A39-438F-99AF-D68ECBB61C2E}" = protocol=6 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kugou.exe |

"{F8253FA9-9DAD-4FED-A5B4-48532B985B9A}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{F85DCF82-D1F8-43E7-8997-4BE01833FB51}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{F896DC01-2BA9-4918-B770-D58B939B7AA6}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qzonemusic\qzonemusic.exe |

"{F952A826-8D83-4C98-BCFC-9CFD33ECBBC0}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sogoucloud.exe |

"{F962C7A1-2F40-41F0-B962-8A5A51C28F01}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{FAAEABAD-2680-4383-B7FD-9F217330DE9F}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sgdownload.exe |

"{FAFFCD3D-0478-4604-87E0-F964060D7379}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe |

"{FBC9FDC0-4CA4-455F-807A-2FD3E25D2F0E}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\sogoucloud.exe |

"{FCD988C7-4419-4854-8E11-0B7C48799DCD}" = dir=in | app=c:\users\gye\appdata\roaming\tencent\qq\stemp\setupex0\qqsetupex.exe |

"{FDF36A0A-B60E-4559-A045-5F214E6D4A9B}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\7.2.1.3694\imeutil.exe |

"{FE1BED92-75B3-41ED-8E5D-28ECDCC82163}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |

"{FE274B01-E494-478C-9212-24BFA2113C49}" = protocol=17 | dir=in | app=c:\users\public\sogouinput\usbdt\octopusdownloader.exe |

"{FFD26601-7D91-4685-9512-25A9CB851C77}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |

"TCP Query User{119C7E76-5D91-48C3-8A82-938809976F2E}C:\users\gye\appdata\local\sogouexplorer\sogouexplorer.exe" = protocol=6 | dir=in | app=c:\users\gye\appdata\local\sogouexplorer\sogouexplorer.exe |

"TCP Query User{141E6858-18F8-4119-BD1C-A4EFC55EE3EF}C:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe |

"TCP Query User{210E773A-D456-4FFC-9D03-8DA0E075B334}C:\program files (x86)\sogouinput\6.7.0.0413\sogoucloud.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\6.7.0.0413\sogoucloud.exe |

"TCP Query User{2B5B2B20-254E-4209-8C0E-2275B48C07A8}C:\users\gye\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\gye\appdata\roaming\spotify\spotify.exe |

"TCP Query User{2F1CB302-AC59-4A88-A451-2604444340FE}C:\users\gye\appdata\local\temp\kgupdater.exe" = protocol=6 | dir=in | app=c:\users\gye\appdata\local\temp\kgupdater.exe |

"TCP Query User{3F2D6F8E-B895-4EEB-9946-FB21CAC049EB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{56CA38D8-A3C2-4D3F-AC52-0DCFBEAD4974}C:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe |

"TCP Query User{5AF1CD27-917A-46FA-991E-894C07736833}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"TCP Query User{7230EF26-6E2D-42BE-861A-AE54619E175C}C:\users\gye\downloads\qvodsetup5.exe" = protocol=6 | dir=in | app=c:\users\gye\downloads\qvodsetup5.exe |

"TCP Query User{7725A51F-EE88-4EB1-865F-7A3502B94A61}C:\program files (x86)\sogouinput\6.7.0.0413\sogoucloud.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\6.7.0.0413\sogoucloud.exe |

"TCP Query User{7CA18402-355F-4DEB-821A-EDC9DD9EC991}C:\program files (x86)\kugou\kgmusic\kgservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kgservice.exe |

"TCP Query User{807455D2-F093-49EC-987F-30F24E328DFB}C:\program files (x86)\qvodplayer\qvodplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qvodplayer\qvodplayer.exe |

"TCP Query User{81695B43-DA37-4703-A3DD-E95A7A0E9BBF}C:\program files (x86)\tencent\qq\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |

"TCP Query User{82763132-F94C-4B65-A5BC-43A981D64A05}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

"TCP Query User{9CE80A17-B347-47D4-A8D3-CAF1C0B455C2}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

"TCP Query User{A26917F2-FDC3-498F-8398-874CEB743526}C:\program files (x86)\kugou\kgmusic\kugou.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kugou.exe |

"TCP Query User{AB33A670-8758-48DA-A474-E3D26899DE0D}C:\program files (x86)\qvodplayer\qvodterminal.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qvodplayer\qvodterminal.exe |

"TCP Query User{AE5ADDAC-4C57-4BB8-B5F8-2ED10D9C27FE}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

"TCP Query User{BB96E29A-1E42-480F-B827-435B40D974B0}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"TCP Query User{BBDE1894-087A-4D5E-B02A-03A4AF37D616}C:\program files (x86)\qvodplayer\qvodterminal.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qvodplayer\qvodterminal.exe |

"TCP Query User{C71CA03F-F3BB-474D-80E8-4451A37C79F2}C:\program files (x86)\sogouinput\6.7.0.0413\sgdownload.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\6.7.0.0413\sgdownload.exe |

"TCP Query User{CE652DBB-0670-4A8C-AE78-2E3451E4286E}C:\programdata\battle.net\agent\agent.beta.2514\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe |

"TCP Query User{DD0406CE-94D2-4208-B338-A20D1D974178}C:\program files (x86)\tencent\qq\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |

"TCP Query User{EEB2D34F-E768-4846-96AE-DB01CFFF0EE3}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"UDP Query User{07F7B7D0-44CB-4C4D-85B0-5E838C1DB974}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

"UDP Query User{0F20838D-5F56-43B7-8826-E9ABA1F37DC5}C:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe |

"UDP Query User{11DC3623-8CF5-4AEA-9F79-FE26EB9D910F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"UDP Query User{29DAE22E-C97A-4927-ABDC-8159543B5449}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"UDP Query User{2D94F122-DA81-4578-B3C8-9F61AEF37B2E}C:\programdata\battle.net\agent\agent.beta.2514\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe |

"UDP Query User{3473CB09-055D-42D6-B9AA-D4D6730EAB67}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

"UDP Query User{3500489F-D576-4F5F-B4DD-146437C4CA8F}C:\program files (x86)\qvodplayer\qvodplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qvodplayer\qvodplayer.exe |

"UDP Query User{374163D2-0E83-4DF3-820E-1162776E6641}C:\users\gye\downloads\qvodsetup5.exe" = protocol=17 | dir=in | app=c:\users\gye\downloads\qvodsetup5.exe |

"UDP Query User{47260FC4-EB06-418A-89AF-8F9EA31D0586}C:\program files (x86)\sogouinput\6.7.0.0413\sgdownload.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\6.7.0.0413\sgdownload.exe |

"UDP Query User{4EDA4D5B-9EDD-474D-A931-BC36746834C4}C:\program files (x86)\qvodplayer\qvodterminal.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qvodplayer\qvodterminal.exe |

"UDP Query User{5C24DCF0-D381-40D3-893F-57ECA6562172}C:\program files (x86)\sogouinput\6.7.0.0413\sogoucloud.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\6.7.0.0413\sogoucloud.exe |

"UDP Query User{6120E048-9638-4A4F-ACC7-18F835477477}C:\program files (x86)\tencent\qq\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |

"UDP Query User{8B856854-CFDD-4AA3-AADB-6BA43EB3F545}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"UDP Query User{9543D3F0-E966-400B-9BBE-9DC60678335B}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

"UDP Query User{977187CE-156E-43B8-A807-717C5BBF010D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{A652D61F-80AB-499D-8173-32065D07FCA5}C:\program files (x86)\qvodplayer\qvodterminal.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qvodplayer\qvodterminal.exe |

"UDP Query User{ADCEE834-A518-448A-B408-C38471CE8339}C:\users\gye\appdata\local\temp\kgupdater.exe" = protocol=17 | dir=in | app=c:\users\gye\appdata\local\temp\kgupdater.exe |

"UDP Query User{AE8D6D21-7E64-48E4-B9EB-05ACF56DD157}C:\program files (x86)\kugou\kgmusic\kugou.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kugou.exe |

"UDP Query User{D35ECCE3-D135-4CA9-BA49-0041EA78E840}C:\users\gye\appdata\local\sogouexplorer\sogouexplorer.exe" = protocol=17 | dir=in | app=c:\users\gye\appdata\local\sogouexplorer\sogouexplorer.exe |

"UDP Query User{D6328FB4-F4B1-40CC-BE9F-12C2583BDD77}C:\program files (x86)\kugou\kgmusic\kgservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kgservice.exe |

"UDP Query User{E7AC9317-EFEA-4A71-8D46-4D3FEB6D20B7}C:\users\gye\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\gye\appdata\roaming\spotify\spotify.exe |

"UDP Query User{ECBED5EF-1E8B-4D84-941A-AD052648F11E}C:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe |

"UDP Query User{F639BA00-3AE6-4F10-8AE8-41DBD31A3C11}C:\program files (x86)\sogouinput\6.7.0.0413\sogoucloud.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\6.7.0.0413\sogoucloud.exe |

"UDP Query User{FCD4535F-2CD5-44D2-9BDA-C5F2A9276412}C:\program files (x86)\tencent\qq\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)

"{340AFA68-3178-47C8-9AB2-AF8D589927BB}" = Box Sync

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013

"{90150000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2013

"{90150000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013

"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)

"{E9F0BCD8-6BD5-1ED7-EDA3-9FCF2A478AA1}" = Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)

"BEA7B05370C19B9C86893BB484FD6B9CC52B0CD8" = Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB  (04/21/2011 01.0.0.0)

"Elantech" = ETDWare PS/2-X64 11.5.9.1_WHQL

"WinRAR archiver" = WinRAR 4.20 (64-bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = 腾讯QQ

"{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}" = Google Talk Plugin

"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7

"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader

"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = CloudReading

"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows

"{6E84E73B-E4A8-4489-935D-3C94401205CE}" = DecisionTools Suite 6.1

"{70A820BD-BB55-4784-9B86-60F057A98026}" = Oracle Crystal Ball (32-bit)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18

"{90150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013

"{90150000-0016-0409-0000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013

"{90150000-0018-0409-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013

"{90150000-0019-0409-0000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013

"{90150000-001A-0409-0000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013

"{90150000-001B-0409-0000-0000000FF1CE}" = Microsoft Word MUI (English) 2013

"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English

"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français

"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español

"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013

"{90150000-0044-0409-0000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013

"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013

"{90150000-0090-0409-0000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013

"{90150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013

"{90150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013

"{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013

"{90150000-00E2-0409-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013

"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013

"{90150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013

"{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013

"{91150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder

"¿á¹·ÒôÀÖ" = ¿á¹·ÒôÀÖ

"5513-1208-7298-9440" = JDownloader 0.9

"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin

"Battle.net" = Battle.net

"DtsFilter" = DTS+AC3 Filter

"Foxit Reader_is1" = Foxit Reader

"GOM Player" = GOM Player

"Google Chrome" = Google Chrome

"Hearthstone" = Hearthstone

"madFlac Decoder" = madFlac 1.2.1.0

"Mozilla Firefox 33.1 (x86 en-US)" = Mozilla Firefox 33.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013

"RealAlt_is1" = Real Alternative 1.8.0

"RealPlayer 16.0" = RealPlayer

"Sogou Input" = 搜狗拼音输入法 7.2正式版

"TONICT" = TONICT

"uTorrent" = µTorrent

"WS_FTP LE" = Ipswitch WS_FTP LE

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ActiveTouchMeetingClient" = Cisco WebEx Meetings

"Flux" = f.lux

"Spotify" = Spotify

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 11/13/2014 10:39:55 PM | Computer Name = REDACTED | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".

Dependent

 Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"

could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 11/13/2014 10:40:00 PM | Computer Name = REDACTED  | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".

Dependent

 Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"

could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 11/14/2014 2:03:37 PM | Computer Name = REDACTED  | Source = Perflib | ID = 1023

Description =

 

Error - 11/14/2014 2:19:05 PM | Computer Name = REDACTED  | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".

Dependent

 Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"

could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 11/14/2014 2:20:13 PM | Computer Name = REDACTED  | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:\program files (x86)\microsoft

 office\Office15\lync.exe.Manifest".Error in manifest or policy file "c:\program

 files (x86)\microsoft office\Office15\UccApi.DLL" on line 1.  Component identity

found in manifest does not match the identity of the component requested.  Reference

 is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".  Definition

 is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".  Please use

 sxstrace.exe for detailed diagnosis.

 

Error - 11/14/2014 2:26:57 PM | Computer Name = REDACTED | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe".

Dependent

 Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"

could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 11/14/2014 2:27:05 PM | Computer Name = REDACTED | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:\program files (x86)\microsoft

 office\Office15\lync.exe.Manifest".Error in manifest or policy file "c:\program

 files (x86)\microsoft office\Office15\UccApi.DLL" on line 1.  Component identity

found in manifest does not match the identity of the component requested.  Reference

 is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".  Definition

 is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".  Please use

 sxstrace.exe for detailed diagnosis.

 

Error - 11/14/2014 4:12:12 PM | Computer Name = REDACTED | Source = .NET Runtime | ID = 1026

Description =

 

Error - 11/14/2014 4:20:21 PM | Computer Name = REDACTED | Source = Application Error | ID = 1000

Description = Faulting application name: plugin-container.exe, version: 33.1.0.5423,

 time stamp: 0x545c0a59  Faulting module name: mozalloc.dll, version: 33.1.0.5423,

 time stamp: 0x545be5ee  Exception code: 0x80000003  Fault offset: 0x00001425  Faulting

 process id: 0x13a8  Faulting application start time: 0x01d000484ea5d429  Faulting application

 path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe  Faulting module

 path: C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll  Report Id: a7e2647b-6c3b-11e4-bf47-e0b9a5d1edb1

Faulting

 package full name:   Faulting package-relative application ID:

 

Error - 11/14/2014 4:20:21 PM | Computer Name = REDACTED | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 33.1.0.5423 stopped interacting with

 Windows and was closed. To see if more information about the problem is available,

 check the problem history in the Action Center control panel.    Process ID: 1238    Start

 Time: 01d000484b503ecb    Termination Time: 37    Application Path: C:\Program Files (x86)\Mozilla

 Firefox\firefox.exe    Report Id: a589b20a-6c3b-11e4-bf47-e0b9a5d1edb1    Faulting package

 full name:     Faulting package-relative application ID:  

 

Error - 11/14/2014 7:35:53 PM | Computer Name = REDACTED | Source = Application Hang | ID = 1002

Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows

 and was closed. To see if more information about the problem is available, check

 the problem history in the Action Center control panel.    Process ID: 1450    Start Time:

 01d000629dfaaea3    Termination Time: 4294967295    Application Path: C:\Users\GYe\Downloads\OTL.exe

 

Report

 Id: f8497f2e-6c56-11e4-bf47-e0b9a5d1edb1    Faulting package full name:     Faulting package-relative

 application ID:  

 

[ System Events ]

Error - 11/14/2014 5:54:24 PM | Computer Name = REDACTED | Source = Microsoft-Windows-GroupPolicy | ID = 1129

Description = The processing of Group Policy failed because of lack of network connectivity

 to a domain controller. This may be a transient condition. A success message would

 be generated once the machine gets connected to the domain controller and Group

 Policy has successfully processed. If you do not see a success message for several

 hours, then contact your administrator.

 

Error - 11/14/2014 6:43:33 PM | Computer Name = REDACTED | Source = DCOM | ID = 10016

Description =

 

Error - 11/14/2014 6:43:33 PM | Computer Name = REDACTED | Source = DCOM | ID = 10016

Description =

 

Error - 11/14/2014 6:54:44 PM | Computer Name = REDACTED | Source = DCOM | ID = 10016

Description =

 

Error - 11/14/2014 6:54:44 PM | Computer Name = REDACTED | Source = DCOM | ID = 10016

Description =

 

Error - 11/14/2014 7:14:02 PM | Computer Name = REDACTED | Source = DCOM | ID = 10016

Description =

 

Error - 11/14/2014 7:14:02 PM | Computer Name = REDACTED | Source = DCOM | ID = 10016

Description =

 

Error - 11/14/2014 7:27:14 PM | Computer Name = REDACTED | Source = DCOM | ID = 10016

Description =

 

Error - 11/14/2014 7:27:14 PM | Computer Name = REDACTED | Source = DCOM | ID = 10016

Description =

 

Error - 11/14/2014 7:34:25 PM | Computer Name = REDACTED | Source = Microsoft-Windows-GroupPolicy | ID = 1129

Description = The processing of Group Policy failed because of lack of network connectivity

 to a domain controller. This may be a transient condition. A success message would

 be generated once the machine gets connected to the domain controller and Group

 Policy has successfully processed. If you do not see a success message for several

 hours, then contact your administrator.

 

 

< End of report >


  • 0

#4
zep516
Posted 14 November 2014 - 06:18 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,
In your programs an features list there are some items that I am not sure of, Start> control panel> programs an features:

1. "¿á¹·ÒôÀÖ" = ¿á¹·ÒôÀÖ

2. 腾讯QQ

I would uninstall them and anything else you don't recognize !

Next
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,DefaultScope = {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com...99_oem_dg&ch=33
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/npOpenPlatform: C:\Program Files (x86)\Common Files\Tencent\OpenPlatform\3.0.0.3200\npQPMWebGamePlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QQMiniDLPlugin: C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll File not found
FF - HKLM\Software\MozillaPlugins\@tencent.com/npQQMailWebKit,version=1.0.0.1: C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll (Tencent)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll File not found
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/12 09:14:00 | 000,000,000 | ---D | M] 
O2:64bit: - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (7425EAC0-E90E-0D4C-D827-45EDD30A4367 Class) - {7425EAC0-E90E-0D4C-D827-45EDD30A4367} - C:\Program Files (x86)\QvodPlayer\AddIn\{7425EAC0-E90E-0D4C-D827-45EDD30A4367}\QvodAddr.dll File not found
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (QQMiniDL Helper Class) - {C9C7334B-5657-41e1-8F79-F6AACECA05F4} - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll File not found
O4 - HKLM..\Run: []  File not found
O8:64bit: - Extra context menu item: ʹÓÃQQÏÂÔØÖúÊÖÏÂÔØ - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\xfgeturl.htm File not found
O8 - Extra context menu item: ʹÓÃQQÏÂÔØÖúÊÖÏÂÔØ - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\xfgeturl.htm File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
3 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[2 C:\Users\GYe\Desktop\*.tmp files -> C:\Users\GYe\Desktop\*.tmp -> ]
[2014/11/07 23:14:00 | 000,009,445 | ---- | M] ()(C:\Users\GYe\Desktop\??v2.xlsx) -- C:\Users\GYe\Desktop\筛子v2.xlsx
[2014/11/06 23:17:20 | 000,002,063 | ---- | M] ()(C:\Users\GYe\Application Data\Microsoft\Internet Explorer\Quick Launch\???????.lnk) -- C:\Users\GYe\Application Data\Microsoft\Internet Explorer\Quick Launch\搜狗高速浏览器.lnk
[2014/10/21 16:51:38 | 000,000,165 | -H-- | M] ()(C:\Users\GYe\Desktop\~$??v2.xlsx) -- C:\Users\GYe\Desktop\~$筛子v2.xlsx
[2014/10/21 16:51:38 | 000,000,165 | -H-- | C] ()(C:\Users\GYe\Desktop\~$??v2.xlsx) -- C:\Users\GYe\Desktop\~$筛子v2.xlsx
[2014/10/12 20:39:46 | 000,002,063 | ---- | C] ()(C:\Users\GYe\Application Data\Microsoft\Internet Explorer\Quick Launch\???????.lnk) -- C:\Users\GYe\Application Data\Microsoft\Internet Explorer\Quick Launch\搜狗高速浏览器.lnk
[2014/02/26 12:34:02 | 000,009,445 | ---- | C] ()(C:\Users\GYe\Desktop\??v2.xlsx) -- C:\Users\GYe\Desktop\筛子v2.xlsx
(C:\Users\GYe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???????) -- C:\Users\GYe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\搜狗高速浏览器
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
 @Alternate Data Stream - 220 bytes -> C:\Users\GYe\OneDrive:ms-properties

:reg

:Files
ipconfig /flushdns /c
C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.53\QvodWebService.exe

:Commands
[emptytemp]
[resethosts]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
Next
  • Download Shortcutcleaner to your desktop.
  • Right click on sc-cleaner.exe and choose run as administrator, Windows XP user can just doubleclick on sc-cleaner.exe to start the program.
  • Know the tool wil scan all the windows en shortcuts they belong to your installed browsers.
  • If the tool detects hijacked shortcuts, it will automatically clean them.
  • When the tool is ready, it will save a log file on your desktop, this file contains the information of the scanned and repaired shortcuts.
In your next reply post
  • The OTL Fix log. that log will pop up in front of you after the computer does the fix.
  • New OTL Log after quick scan is run.
  • Log file from shortcut cleaner.
Thanks
Joe :)












  • 0

#5
mijellin
Posted 14 November 2014 - 08:58 PM

mijellin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Homepage restored!

 

In order generated (log of fixes, log of quickscan after restart, and sc cleaner log):

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qvod.com/QvodShare\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/npOpenPlatform\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/npqscall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/QQMiniDLPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/QzoneMusic\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tencent.com/npQQMailWebKit,version=1.0.0.1\ deleted successfully.
C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@qvod.com/QvodInsert\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\KuaiWanInsert\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCE04E1F-9378-4f39-96F6-5689A9159E45}\ not found.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\Components folder moved successfully.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\Chrome\Skin folder moved successfully.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\Chrome\Content folder moved successfully.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\Chrome folder moved successfully.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D298}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8502600-B272-4F68-A67B-A0305D46D298}\ deleted successfully.
C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7425EAC0-E90E-0D4C-D827-45EDD30A4367}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7425EAC0-E90E-0D4C-D827-45EDD30A4367}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D297}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8502600-B272-4F68-A67B-A0305D46D297}\ deleted successfully.
C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C7334B-5657-41e1-8F79-F6AACECA05F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9C7334B-5657-41e1-8F79-F6AACECA05F4}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ʹÓÃQQÏÂÔØÖúÊÖÏÂÔØ\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ʹÓÃQQÏÂÔØÖúÊÖÏÂÔØ\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\KuGoo\ deleted successfully.
File Protocol\Handler\KuGoo - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\KuGoo3\ deleted successfully.
File Protocol\Handler\KuGoo3 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\osf\ deleted successfully.
File Protocol\Handler\osf - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
C:\Users\GYe\Desktop\~WRL0005.tmp deleted successfully.
C:\Users\GYe\Desktop\~WRL1818.tmp deleted successfully.
C:\Users\GYe\Desktop\筛子v2.xlsx moved successfully.
C:\Users\GYe\Application Data\Microsoft\Internet Explorer\Quick Launch\搜狗高速浏览器.lnk moved successfully.
C:\Users\GYe\Desktop\~$筛子v2.xlsx moved successfully.
File C:\Users\GYe\Desktop\~$筛子v2.xlsx not found.
File C:\Users\GYe\Application Data\Microsoft\Internet Explorer\Quick Launch\搜狗高速浏览器.lnk not found.
File C:\Users\GYe\Desktop\筛子v2.xlsx not found.
ADS C:\Users\GYe\OneDrive:ms-properties deleted successfully.
========== REGISTRY ==========
========== FILES ==========
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\GYe\Downloads\cmd.bat deleted successfully.
C:\Users\GYe\Downloads\cmd.txt deleted successfully.
C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.53\QvodWebService.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: cvacsjeremiah
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 456 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default.migrated
 
User: GYe
->Temp folder emptied: 379794786 bytes
->Temporary Internet Files folder emptied: 307349339 bytes
->Java cache emptied: 1254595 bytes
->FireFox cache emptied: 188970904 bytes
->Google Chrome cache emptied: 330588594 bytes
->Flash cache emptied: 450671 bytes
 
User: Public
 
User: YeG15
->Temp folder emptied: 11017765 bytes
->Temporary Internet Files folder emptied: 13480 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 21187389 bytes
->Google Chrome cache emptied: 10612803 bytes
->Flash cache emptied: 1637 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5892608 bytes
%systemroot%\System32 (64bit) .tmp files removed: 7300096 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13739013 bytes
RecycleBin emptied: 1524352016 bytes
 
Total Files Cleaned = 2,673.00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11142014_214343

Files\Folders moved on Reboot...
C:\Users\GYe\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


OTL logfile created on: 11/14/2014 9:50:19 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\GYe\Downloads
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17416)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.90 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 59.31% Memory free
5.28 Gb Paging File | 3.87 Gb Available in Paging File | 73.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.24 Gb Total Space | 43.27 Gb Free Space | 38.90% Space Free | Partition Type: NTFS
 
Computer Name: YEG15-S | User Name: GYe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014/11/14 15:28:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GYe\Downloads\OTL.exe
PRC - [2014/11/11 00:14:54 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/10/14 08:41:52 | 000,368,760 | ---- | M] (Sogou.com Inc.) -- C:\Program Files (x86)\SogouInput\Components\SGImeGuard\1.0.0.27\SGImeGuard.exe
PRC - [2014/09/24 06:13:36 | 000,282,216 | ---- | M] (Sogou.com Inc.) -- C:\Program Files (x86)\SogouInput\SogouExe\SogouExe.exe
PRC - [2014/09/24 03:34:14 | 007,035,496 | ---- | M] (Sogou.com Inc.) -- C:\Program Files (x86)\SogouInput\7.2.1.3694\SGTool.exe
PRC - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2013/10/13 22:42:06 | 001,012,616 | ---- | M] (Flux Software LLC) -- C:\Users\GYe\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2012/10/09 11:00:04 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014/11/11 00:14:52 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2014/11/05 17:37:38 | 000,028,696 | ---- | M] (Box, Inc.) [On_Demand | Stopped] -- C:\Program Files\Box\Box Sync\SyncUpdaterService.exe -- (BoxSyncUpdateService)
SRV:[b]64bit:[/b] - [2014/10/30 23:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/10/06 20:54:27 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2014/09/24 03:19:36 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2014/09/24 02:52:52 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2014/09/24 02:52:49 | 000,834,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2014/09/24 02:35:26 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:[b]64bit:[/b] - [2014/09/24 02:25:48 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2014/09/24 02:25:47 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2014/09/24 02:25:41 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2014/09/24 02:25:39 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2014/09/24 02:25:38 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2014/09/24 02:25:34 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2014/09/24 01:53:31 | 000,183,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2014/09/24 01:53:30 | 000,090,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:[b]64bit:[/b] - [2014/09/21 22:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:[b]64bit:[/b] - [2014/09/21 22:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2014/08/15 22:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2014/08/15 19:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2014/08/15 19:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2013/08/22 06:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2013/08/22 06:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2013/08/22 06:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2013/08/22 06:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2013/08/22 06:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2013/08/22 05:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2013/08/22 05:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2013/08/22 04:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2013/08/22 04:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2013/08/22 04:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2013/08/22 04:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2013/08/22 04:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2013/08/22 04:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2013/08/22 04:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2013/08/22 04:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2014/11/11 17:24:22 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/11 00:14:53 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/24 03:19:34 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/08/15 22:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/04/13 17:52:49 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2014/01/29 22:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/21 22:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 21:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/10/09 12:02:20 | 000,219,776 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/10/09 11:00:04 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2012/09/23 19:43:36 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2014/10/09 20:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2014/09/24 03:51:20 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2014/09/24 02:53:02 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:[b]64bit:[/b] - [2014/09/24 02:52:53 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2014/09/24 02:52:51 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2014/09/24 02:35:14 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2014/09/24 02:35:09 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2014/09/24 02:35:09 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2014/09/24 02:25:40 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:[b]64bit:[/b] - [2014/09/24 02:25:35 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2014/09/24 02:25:19 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2014/09/24 02:25:18 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2014/09/24 02:25:18 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2014/09/24 02:25:18 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:[b]64bit:[/b] - [2014/09/24 02:25:18 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2014/09/24 02:25:18 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2014/09/24 02:25:18 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2014/09/24 02:25:18 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2014/09/24 02:25:18 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2014/09/24 02:25:18 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2014/09/24 01:53:33 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:[b]64bit:[/b] - [2014/09/24 01:53:21 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:[b]64bit:[/b] - [2014/09/24 01:53:21 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:[b]64bit:[/b] - [2014/09/24 01:53:21 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:[b]64bit:[/b] - [2014/09/24 01:53:21 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:[b]64bit:[/b] - [2014/09/24 01:53:21 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2014/09/21 22:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2014/09/21 22:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2014/09/21 21:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2014/08/14 19:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2014/04/28 05:33:30 | 000,599,240 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:[b]64bit:[/b] - [2014/01/29 22:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2013/08/22 07:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2013/08/22 06:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013/08/22 06:38:30 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthA2DP.sys -- (BthA2DP)
DRV:[b]64bit:[/b] - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2013/08/22 06:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2013/08/22 06:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2013/08/22 06:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2013/08/22 06:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2013/08/22 06:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2013/08/12 03:12:08 | 000,329,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:[b]64bit:[/b] - [2013/08/11 19:52:08 | 000,363,920 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:[b]64bit:[/b] - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:[b]64bit:[/b] - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2013/06/18 09:45:02 | 003,680,256 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
DRV:[b]64bit:[/b] - [2012/10/09 11:41:40 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:[b]64bit:[/b] - [2012/10/09 11:41:40 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:[b]64bit:[/b] - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.8,zh-Hans-CN;q=0.5,zh-Hans;q=0.3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 67 EB F0 D7 F9 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tencent.com/nptxftnWebKit,version=1.0.0.1: C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll ()
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\GYe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\GYe\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\GYe\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\GYe\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013/08/12 08:40:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/11 00:14:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/11 00:14:37 | 000,000,000 | ---D | M]
 
[2013/08/13 21:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GYe\AppData\Roaming\mozilla\Extensions
[2014/11/14 15:26:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GYe\AppData\Roaming\mozilla\Firefox\Profiles\hlln9ncr.default-1415995211653\extensions
[2014/11/11 00:14:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/11 00:14:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/15 03:30:36 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\SysWOW64\npDeployJava1.dll
CHR - default_search_provider: C71447D0FA275BE41D729147511B8F8ED93C7220A165D32AEF87CB59CD5982A0 (Enabled)
CHR - default_search_provider: search_url = 0A31F13E5FD11D399C446EBDD1B4E81622484B859405F8BC13548002297059F4
CHR - default_search_provider: suggest_url = 
CHR - homepage: EA578D3C85F594264383D857537057DA84E4E74CCD2ECB10C6AB4C9227B859B9
CHR - Extension: Google Docs = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Ratings Preview for YouTubeâ„¢ = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\4.0_0\
CHR - Extension: Google Search = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Tampermonkey = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.9_0\
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.7.52_0\
CHR - Extension: EditThisCookie = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\1.4.1_0\
CHR - Extension: AdBlock = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.13.2_0\
CHR - Extension: RealDownloader = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.5.2_0\
CHR - Extension: Cargo Bridge = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: StayFocusd = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.5.7_0\
CHR - Extension: Google Wallet = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Unblock Youku = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.7.5.8_0\
CHR - Extension: Gmail = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/11/14 21:48:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AccountProtectBHO Class) - {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} - C:\Users\GYe\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll File not found
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [BoxSync] c:\Program Files\Box\Box Sync\BoxSync.exe (Box, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:[b]64bit:[/b] - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros Commnucations)
O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [f.lux] C:\Users\GYe\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [ImeGuardCom] C:\Program Files (x86)\SogouInput\Components\SGImeGuard\1.0.0.27\SGImeGuard.exe (Sogou.com Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:[b]64bit:[/b] - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O13[b]64bit:[/b] - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = darden.virginia.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFDF6C1E-8929-45E1-9A02-CFD0F3DAF20B}: DhcpNameServer = 8.8.8.8 8.8.4.4 208.67.220.220
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014/11/14 21:43:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/11/14 15:08:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/14 15:00:16 | 000,000,000 | ---D | C] -- C:\Users\GYe\Desktop\Old Firefox Data
[2014/11/14 14:55:37 | 000,000,000 | -HSD | C] -- C:\Users\GYe\AppData\Local\EmieBrowserModeList
[2014/11/13 10:00:41 | 000,000,000 | --SD | C] -- C:\Users\GYe\Box Sync
[2014/11/11 00:14:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/11/05 11:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SogouPY.users
[2014/11/04 17:01:29 | 000,000,000 | ---D | C] -- C:\Users\GYe\OneDrive
[2014/11/04 11:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\Box
[2014/11/02 12:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft Games
[2014/11/02 12:37:59 | 000,000,000 | ---D | C] -- C:\Users\GYe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubi Soft Games
[2014/11/02 12:36:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\UbiSoft
[2014/10/28 17:47:02 | 000,000,000 | ---D | C] -- C:\Users\GYe\AppData\Roaming\SolidDocuments
[2014/10/21 15:25:03 | 000,000,000 | -HSD | C] -- C:\Users\GYe\AppData\Local\EmieUserList
[2014/10/21 15:25:03 | 000,000,000 | -HSD | C] -- C:\Users\GYe\AppData\Local\EmieSiteList
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014/11/14 21:50:42 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/11/14 21:48:51 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/14 21:48:42 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/11/14 21:48:40 | 3354,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/14 21:48:15 | 000,000,098 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\Hosts
[2014/11/14 21:24:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/11/14 21:15:00 | 000,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4089884131-1929928377-388966078-1001UA.job
[2014/11/14 21:05:00 | 000,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/14 17:23:59 | 000,001,192 | ---- | M] () -- C:\Users\GYe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
[2014/11/14 15:16:56 | 000,864,878 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/11/14 15:16:56 | 000,732,214 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/11/14 15:16:56 | 000,136,162 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/11/14 15:15:00 | 000,000,864 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4089884131-1929928377-388966078-1001Core.job
[2014/11/13 21:41:38 | 000,000,548 | ---- | M] () -- C:\WINDOWS\SysNative\ricdb.ini
[2014/11/13 21:07:40 | 002,518,286 | ---- | M] () -- C:\Users\GYe\Desktop\image2014-11-13-135236.pdf
[2014/11/13 21:06:30 | 000,003,949 | ---- | M] () -- C:\Users\GYe\Desktop\Capture5.PNG
[2014/11/13 21:01:09 | 000,001,192 | ---- | M] () -- C:\Users\GYe\Desktop\Capture4.PNG
[2014/11/13 20:59:44 | 000,000,609 | ---- | M] () -- C:\Users\GYe\Desktop\Capture3.PNG
[2014/11/13 14:02:05 | 000,000,368 | ---- | M] () -- C:\Users\GYe\Desktop\Capture2.PNG
[2014/11/13 13:59:18 | 000,001,018 | ---- | M] () -- C:\Users\GYe\Desktop\Capture.PNG
[2014/11/13 12:57:21 | 000,185,543 | ---- | M] () -- C:\Users\GYe\Desktop\ye health insurance for gfe.pdf
[2014/11/13 10:01:56 | 000,001,149 | ---- | M] () -- C:\Users\GYe\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/11/13 10:00:41 | 000,001,574 | ---- | M] () -- C:\Users\GYe\Desktop\Box Sync.lnk
[2014/11/13 09:57:44 | 000,483,936 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/11/12 16:52:36 | 1486,671,868 | ---- | M] () -- C:\Users\GYe\Desktop\OOOOOGGG_84579347589.rar
[2014/11/05 10:07:57 | 000,103,768 | ---- | M] () -- C:\Users\GYe\Desktop\HIA Case Study Overview MBA_09.15.14.pdf
[2014/11/03 10:33:11 | 000,367,436 | ---- | M] () -- C:\Users\GYe\Desktop\ledina lushko.pdf
[2014/10/21 11:53:09 | 000,009,202 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/10/20 15:58:13 | 000,002,301 | ---- | M] () -- C:\Users\GYe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/16 19:16:22 | 000,000,000 | ---- | M] () -- C:\Users\GYe\AppData\Local\{B9306911-D47D-48FF-916A-250D6217CC48}
[2014/10/16 12:24:47 | 000,907,469 | ---- | M] () -- C:\Users\GYe\Desktop\Hearthstone_Screenshot_10.16.2014.13.24.47.png
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014/11/13 21:04:26 | 000,003,949 | ---- | C] () -- C:\Users\GYe\Desktop\Capture5.PNG
[2014/11/13 21:01:09 | 000,001,192 | ---- | C] () -- C:\Users\GYe\Desktop\Capture4.PNG
[2014/11/13 20:59:44 | 000,000,609 | ---- | C] () -- C:\Users\GYe\Desktop\Capture3.PNG
[2014/11/13 14:42:19 | 002,518,286 | ---- | C] () -- C:\Users\GYe\Desktop\image2014-11-13-135236.pdf
[2014/11/13 14:02:04 | 000,000,368 | ---- | C] () -- C:\Users\GYe\Desktop\Capture2.PNG
[2014/11/13 13:59:18 | 000,001,018 | ---- | C] () -- C:\Users\GYe\Desktop\Capture.PNG
[2014/11/13 12:57:21 | 000,185,543 | ---- | C] () -- C:\Users\GYe\Desktop\ye health insurance for gfe.pdf
[2014/11/13 10:00:41 | 000,001,574 | ---- | C] () -- C:\Users\GYe\Desktop\Box Sync.lnk
[2014/11/12 16:27:06 | 1486,671,868 | ---- | C] () -- C:\Users\GYe\Desktop\OOOOOGGG_84579347589.rar
[2014/11/12 09:55:49 | 000,389,176 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/11/05 10:07:57 | 000,103,768 | ---- | C] () -- C:\Users\GYe\Desktop\HIA Case Study Overview MBA_09.15.14.pdf
[2014/11/02 23:08:18 | 000,367,436 | ---- | C] () -- C:\Users\GYe\Desktop\ledina lushko.pdf
[2014/10/21 11:53:09 | 000,009,202 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/10/16 19:16:22 | 000,000,000 | ---- | C] () -- C:\Users\GYe\AppData\Local\{B9306911-D47D-48FF-916A-250D6217CC48}
[2014/10/16 12:24:47 | 000,907,469 | ---- | C] () -- C:\Users\GYe\Desktop\Hearthstone_Screenshot_10.16.2014.13.24.47.png
[2014/09/24 02:25:52 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/09/24 02:25:21 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/03/16 17:39:54 | 000,000,954 | ---- | C] () -- C:\Users\GYe\AppData\Roaming\coreavc.ini
[2014/01/29 22:02:42 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2014/01/29 22:02:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014/01/29 22:02:20 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/08/18 21:10:01 | 000,007,605 | ---- | C] () -- C:\Users\GYe\AppData\Local\Resmon.ResmonCfg
[2013/08/14 21:33:36 | 000,018,760 | ---- | C] () -- C:\WINDOWS\SysWow64\QQVistaHelper.dll
[2013/08/12 09:03:33 | 000,821,592 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/05/22 15:32:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SysWow64\BRTCPCON.DLL
[2013/05/22 15:32:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SysWow64\BRLMW03A.INI
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/30 19:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 17:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2014/09/30 21:22:26 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\Battle.net
[2014/09/05 21:25:16 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\BitComet
[2014/11/03 22:23:57 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\Foxit Software
[2014/05/25 23:56:55 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\GouWo
[2014/03/22 07:32:53 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\KGDataBak
[2014/11/13 09:39:15 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\KuGou8
[2013/09/30 08:01:31 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\Oracle
[2014/10/28 17:47:02 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\SolidDocuments
[2014/10/12 16:06:02 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\Spotify
[2014/10/30 18:37:37 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\uTorrent
[2014/01/22 16:52:48 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\webex
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
(C:\Users\GYe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???????) -- C:\Users\GYe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\搜狗高速浏览器
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 220 bytes -> C:\Users\GYe\OneDrive:ms-properties

< End of report >

 
Shortcut Cleaner 1.3.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 http://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 8.1 Pro 
Program started at: 11/14/2014 09:55:34 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\GYe\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\GYe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\GYe\Desktop


0 bad shortcuts found.

Program finished at: 11/14/2014 09:55:35 PM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)

  • 0

#6
mijellin
Posted 14 November 2014 - 08:59 PM

mijellin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Oh and I chose not to uninstall those two programs you recognize. They are a music player and a chat client that I use regularly.


  • 0

#7
zep516
Posted 14 November 2014 - 09:05 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
I can't read those logs

Don't put the logs in quotes, codes, or anything else. Just paste then in.

How is the computer ?
  • 0

#8
mijellin
Posted 14 November 2014 - 09:06 PM

mijellin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Computer seems to be running better! These pages with large amounts of text used to crash my firefox, but not anymore.

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qvod.com/QvodShare\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/npOpenPlatform\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/npqscall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/QQMiniDLPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/QzoneMusic\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tencent.com/npQQMailWebKit,version=1.0.0.1\ deleted successfully.
C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@qvod.com/QvodInsert\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\KuaiWanInsert\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCE04E1F-9378-4f39-96F6-5689A9159E45}\ not found.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\Components folder moved successfully.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\Chrome\Skin folder moved successfully.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\Chrome\Content folder moved successfully.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\Chrome folder moved successfully.
C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D298}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8502600-B272-4F68-A67B-A0305D46D298}\ deleted successfully.
C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7425EAC0-E90E-0D4C-D827-45EDD30A4367}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7425EAC0-E90E-0D4C-D827-45EDD30A4367}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D297}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8502600-B272-4F68-A67B-A0305D46D297}\ deleted successfully.
C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C7334B-5657-41e1-8F79-F6AACECA05F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9C7334B-5657-41e1-8F79-F6AACECA05F4}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ʹÓÃQQÏÂÔØÖúÊÖÏÂÔØ\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ʹÓÃQQÏÂÔØÖúÊÖÏÂÔØ\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\KuGoo\ deleted successfully.
File Protocol\Handler\KuGoo - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\KuGoo3\ deleted successfully.
File Protocol\Handler\KuGoo3 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\osf\ deleted successfully.
File Protocol\Handler\osf - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
C:\Users\GYe\Desktop\~WRL0005.tmp deleted successfully.
C:\Users\GYe\Desktop\~WRL1818.tmp deleted successfully.
C:\Users\GYe\Desktop\筛子v2.xlsx moved successfully.
C:\Users\GYe\Application Data\Microsoft\Internet Explorer\Quick Launch\搜狗高速浏览器.lnk moved successfully.
C:\Users\GYe\Desktop\~$筛子v2.xlsx moved successfully.
File C:\Users\GYe\Desktop\~$筛子v2.xlsx not found.
File C:\Users\GYe\Application Data\Microsoft\Internet Explorer\Quick Launch\搜狗高速浏览器.lnk not found.
File C:\Users\GYe\Desktop\筛子v2.xlsx not found.
ADS C:\Users\GYe\OneDrive:ms-properties deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\GYe\Downloads\cmd.bat deleted successfully.
C:\Users\GYe\Downloads\cmd.txt deleted successfully.
C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.53\QvodWebService.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: cvacsjeremiah
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 456 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default.migrated
 
User: GYe
->Temp folder emptied: 379794786 bytes
->Temporary Internet Files folder emptied: 307349339 bytes
->Java cache emptied: 1254595 bytes
->FireFox cache emptied: 188970904 bytes
->Google Chrome cache emptied: 330588594 bytes
->Flash cache emptied: 450671 bytes
 
User: Public
 
User: YeG15
->Temp folder emptied: 11017765 bytes
->Temporary Internet Files folder emptied: 13480 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 21187389 bytes
->Google Chrome cache emptied: 10612803 bytes
->Flash cache emptied: 1637 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5892608 bytes
%systemroot%\System32 (64bit) .tmp files removed: 7300096 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13739013 bytes
RecycleBin emptied: 1524352016 bytes
 
Total Files Cleaned = 2,673.00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11142014_214343

Files\Folders moved on Reboot...
C:\Users\GYe\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 

 

OTL logfile created on: 11/14/2014 9:50:19 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\GYe\Downloads
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17416)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.90 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 59.31% Memory free
5.28 Gb Paging File | 3.87 Gb Available in Paging File | 73.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.24 Gb Total Space | 43.27 Gb Free Space | 38.90% Space Free | Partition Type: NTFS
 
Computer Name: YEG15-S | User Name: GYe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/14 15:28:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GYe\Downloads\OTL.exe
PRC - [2014/11/11 00:14:54 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/10/14 08:41:52 | 000,368,760 | ---- | M] (Sogou.com Inc.) -- C:\Program Files (x86)\SogouInput\Components\SGImeGuard\1.0.0.27\SGImeGuard.exe
PRC - [2014/09/24 06:13:36 | 000,282,216 | ---- | M] (Sogou.com Inc.) -- C:\Program Files (x86)\SogouInput\SogouExe\SogouExe.exe
PRC - [2014/09/24 03:34:14 | 007,035,496 | ---- | M] (Sogou.com Inc.) -- C:\Program Files (x86)\SogouInput\7.2.1.3694\SGTool.exe
PRC - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2013/10/13 22:42:06 | 001,012,616 | ---- | M] (Flux Software LLC) -- C:\Users\GYe\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2012/10/09 11:00:04 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/11 00:14:52 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/05 17:37:38 | 000,028,696 | ---- | M] (Box, Inc.) [On_Demand | Stopped] -- C:\Program Files\Box\Box Sync\SyncUpdaterService.exe -- (BoxSyncUpdateService)
SRV:64bit: - [2014/10/30 23:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/06 20:54:27 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/09/24 03:19:36 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/09/24 02:52:52 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/09/24 02:52:49 | 000,834,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/09/24 02:35:26 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/09/24 02:25:48 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/09/24 02:25:47 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/09/24 02:25:41 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/09/24 02:25:39 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/09/24 02:25:38 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/09/24 02:25:34 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/09/24 01:53:31 | 000,183,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2014/09/24 01:53:30 | 000,090,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2014/09/21 22:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/21 22:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/08/15 22:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/15 19:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/15 19:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/08/22 06:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 06:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 06:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 06:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 06:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 05:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 05:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 04:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 04:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 04:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 04:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 04:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 04:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 04:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 04:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2014/11/11 17:24:22 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/11 00:14:53 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/24 03:19:34 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/08/15 22:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/04/13 17:52:49 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2014/01/29 22:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/21 22:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 21:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/10/09 12:02:20 | 000,219,776 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/10/09 11:00:04 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2012/09/23 19:43:36 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/09 20:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/09/24 03:51:20 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/09/24 02:53:02 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/09/24 02:52:53 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/09/24 02:52:51 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/09/24 02:35:14 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/09/24 02:35:09 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/09/24 02:35:09 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/09/24 02:25:40 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/09/24 02:25:35 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/09/24 02:25:19 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/09/24 02:25:18 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/09/24 02:25:18 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/09/24 02:25:18 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2014/09/24 02:25:18 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/09/24 02:25:18 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/09/24 02:25:18 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/09/24 02:25:18 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/09/24 02:25:18 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/09/24 02:25:18 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/09/24 01:53:33 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2014/09/24 01:53:21 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2014/09/24 01:53:21 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2014/09/24 01:53:21 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2014/09/24 01:53:21 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2014/09/24 01:53:21 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2014/09/21 22:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/21 22:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/21 21:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/08/14 19:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/04/28 05:33:30 | 000,599,240 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2014/01/29 22:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 06:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:30 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthA2DP.sys -- (BthA2DP)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 06:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 06:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 06:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/12 03:12:08 | 000,329,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2013/08/11 19:52:08 | 000,363,920 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 09:45:02 | 003,680,256 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/10/09 11:41:40 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/10/09 11:41:40 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.8,zh-Hans-CN;q=0.5,zh-Hans;q=0.3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 67 EB F0 D7 F9 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tencent.com/nptxftnWebKit,version=1.0.0.1: C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll ()
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\GYe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\GYe\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\GYe\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\GYe\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013/08/12 08:40:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/11 00:14:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/11 00:14:37 | 000,000,000 | ---D | M]
 
[2013/08/13 21:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GYe\AppData\Roaming\mozilla\Extensions
[2014/11/14 15:26:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GYe\AppData\Roaming\mozilla\Firefox\Profiles\hlln9ncr.default-1415995211653\extensions
[2014/11/11 00:14:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/11 00:14:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/15 03:30:36 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\WINDOWS\SysWOW64\npDeployJava1.dll
CHR - default_search_provider: C71447D0FA275BE41D729147511B8F8ED93C7220A165D32AEF87CB59CD5982A0 (Enabled)
CHR - default_search_provider: search_url = 0A31F13E5FD11D399C446EBDD1B4E81622484B859405F8BC13548002297059F4
CHR - default_search_provider: suggest_url =
CHR - homepage: EA578D3C85F594264383D857537057DA84E4E74CCD2ECB10C6AB4C9227B859B9
CHR - Extension: Google Docs = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Ratings Preview for YouTubeâ„¢ = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\4.0_0\
CHR - Extension: Google Search = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Tampermonkey = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.9_0\
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.7.52_0\
CHR - Extension: EditThisCookie = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\1.4.1_0\
CHR - Extension: AdBlock = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.13.2_0\
CHR - Extension: RealDownloader = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.5.2_0\
CHR - Extension: Cargo Bridge = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: StayFocusd = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.5.7_0\
CHR - Extension: Google Wallet = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Unblock Youku = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.7.5.8_0\
CHR - Extension: Gmail = C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/11/14 21:48:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AccountProtectBHO Class) - {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} - C:\Users\GYe\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll File not found
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BoxSync] c:\Program Files\Box\Box Sync\BoxSync.exe (Box, Inc.)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros Commnucations)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [f.lux] C:\Users\GYe\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [ImeGuardCom] C:\Program Files (x86)\SogouInput\Components\SGImeGuard\1.0.0.27\SGImeGuard.exe (Sogou.com Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = darden.virginia.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFDF6C1E-8929-45E1-9A02-CFD0F3DAF20B}: DhcpNameServer = 8.8.8.8 8.8.4.4 208.67.220.220
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/14 21:43:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/11/14 15:08:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/14 15:00:16 | 000,000,000 | ---D | C] -- C:\Users\GYe\Desktop\Old Firefox Data
[2014/11/14 14:55:37 | 000,000,000 | -HSD | C] -- C:\Users\GYe\AppData\Local\EmieBrowserModeList
[2014/11/13 10:00:41 | 000,000,000 | --SD | C] -- C:\Users\GYe\Box Sync
[2014/11/11 00:14:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/11/05 11:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SogouPY.users
[2014/11/04 17:01:29 | 000,000,000 | ---D | C] -- C:\Users\GYe\OneDrive
[2014/11/04 11:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\Box
[2014/11/02 12:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubi Soft Games
[2014/11/02 12:37:59 | 000,000,000 | ---D | C] -- C:\Users\GYe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubi Soft Games
[2014/11/02 12:36:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\UbiSoft
[2014/10/28 17:47:02 | 000,000,000 | ---D | C] -- C:\Users\GYe\AppData\Roaming\SolidDocuments
[2014/10/21 15:25:03 | 000,000,000 | -HSD | C] -- C:\Users\GYe\AppData\Local\EmieUserList
[2014/10/21 15:25:03 | 000,000,000 | -HSD | C] -- C:\Users\GYe\AppData\Local\EmieSiteList
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/14 21:50:42 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/11/14 21:48:51 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/14 21:48:42 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/11/14 21:48:40 | 3354,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/14 21:48:15 | 000,000,098 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\Hosts
[2014/11/14 21:24:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/11/14 21:15:00 | 000,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4089884131-1929928377-388966078-1001UA.job
[2014/11/14 21:05:00 | 000,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/14 17:23:59 | 000,001,192 | ---- | M] () -- C:\Users\GYe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
[2014/11/14 15:16:56 | 000,864,878 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/11/14 15:16:56 | 000,732,214 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/11/14 15:16:56 | 000,136,162 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/11/14 15:15:00 | 000,000,864 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4089884131-1929928377-388966078-1001Core.job
[2014/11/13 21:41:38 | 000,000,548 | ---- | M] () -- C:\WINDOWS\SysNative\ricdb.ini
[2014/11/13 21:07:40 | 002,518,286 | ---- | M] () -- C:\Users\GYe\Desktop\image2014-11-13-135236.pdf
[2014/11/13 21:06:30 | 000,003,949 | ---- | M] () -- C:\Users\GYe\Desktop\Capture5.PNG
[2014/11/13 21:01:09 | 000,001,192 | ---- | M] () -- C:\Users\GYe\Desktop\Capture4.PNG
[2014/11/13 20:59:44 | 000,000,609 | ---- | M] () -- C:\Users\GYe\Desktop\Capture3.PNG
[2014/11/13 14:02:05 | 000,000,368 | ---- | M] () -- C:\Users\GYe\Desktop\Capture2.PNG
[2014/11/13 13:59:18 | 000,001,018 | ---- | M] () -- C:\Users\GYe\Desktop\Capture.PNG
[2014/11/13 12:57:21 | 000,185,543 | ---- | M] () -- C:\Users\GYe\Desktop\ye health insurance for gfe.pdf
[2014/11/13 10:01:56 | 000,001,149 | ---- | M] () -- C:\Users\GYe\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2014/11/13 10:00:41 | 000,001,574 | ---- | M] () -- C:\Users\GYe\Desktop\Box Sync.lnk
[2014/11/13 09:57:44 | 000,483,936 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/11/12 16:52:36 | 1486,671,868 | ---- | M] () -- C:\Users\GYe\Desktop\OOOOOGGG_84579347589.rar
[2014/11/05 10:07:57 | 000,103,768 | ---- | M] () -- C:\Users\GYe\Desktop\HIA Case Study Overview MBA_09.15.14.pdf
[2014/11/03 10:33:11 | 000,367,436 | ---- | M] () -- C:\Users\GYe\Desktop\ledina lushko.pdf
[2014/10/21 11:53:09 | 000,009,202 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/10/20 15:58:13 | 000,002,301 | ---- | M] () -- C:\Users\GYe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/10/16 19:16:22 | 000,000,000 | ---- | M] () -- C:\Users\GYe\AppData\Local\{B9306911-D47D-48FF-916A-250D6217CC48}
[2014/10/16 12:24:47 | 000,907,469 | ---- | M] () -- C:\Users\GYe\Desktop\Hearthstone_Screenshot_10.16.2014.13.24.47.png
 
========== Files Created - No Company Name ==========
 
[2014/11/13 21:04:26 | 000,003,949 | ---- | C] () -- C:\Users\GYe\Desktop\Capture5.PNG
[2014/11/13 21:01:09 | 000,001,192 | ---- | C] () -- C:\Users\GYe\Desktop\Capture4.PNG
[2014/11/13 20:59:44 | 000,000,609 | ---- | C] () -- C:\Users\GYe\Desktop\Capture3.PNG
[2014/11/13 14:42:19 | 002,518,286 | ---- | C] () -- C:\Users\GYe\Desktop\image2014-11-13-135236.pdf
[2014/11/13 14:02:04 | 000,000,368 | ---- | C] () -- C:\Users\GYe\Desktop\Capture2.PNG
[2014/11/13 13:59:18 | 000,001,018 | ---- | C] () -- C:\Users\GYe\Desktop\Capture.PNG
[2014/11/13 12:57:21 | 000,185,543 | ---- | C] () -- C:\Users\GYe\Desktop\ye health insurance for gfe.pdf
[2014/11/13 10:00:41 | 000,001,574 | ---- | C] () -- C:\Users\GYe\Desktop\Box Sync.lnk
[2014/11/12 16:27:06 | 1486,671,868 | ---- | C] () -- C:\Users\GYe\Desktop\OOOOOGGG_84579347589.rar
[2014/11/12 09:55:49 | 000,389,176 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/11/05 10:07:57 | 000,103,768 | ---- | C] () -- C:\Users\GYe\Desktop\HIA Case Study Overview MBA_09.15.14.pdf
[2014/11/02 23:08:18 | 000,367,436 | ---- | C] () -- C:\Users\GYe\Desktop\ledina lushko.pdf
[2014/10/21 11:53:09 | 000,009,202 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/10/16 19:16:22 | 000,000,000 | ---- | C] () -- C:\Users\GYe\AppData\Local\{B9306911-D47D-48FF-916A-250D6217CC48}
[2014/10/16 12:24:47 | 000,907,469 | ---- | C] () -- C:\Users\GYe\Desktop\Hearthstone_Screenshot_10.16.2014.13.24.47.png
[2014/09/24 02:25:52 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/09/24 02:25:21 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/03/16 17:39:54 | 000,000,954 | ---- | C] () -- C:\Users\GYe\AppData\Roaming\coreavc.ini
[2014/01/29 22:02:42 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2014/01/29 22:02:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014/01/29 22:02:20 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/08/18 21:10:01 | 000,007,605 | ---- | C] () -- C:\Users\GYe\AppData\Local\Resmon.ResmonCfg
[2013/08/14 21:33:36 | 000,018,760 | ---- | C] () -- C:\WINDOWS\SysWow64\QQVistaHelper.dll
[2013/08/12 09:03:33 | 000,821,592 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/05/22 15:32:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SysWow64\BRTCPCON.DLL
[2013/05/22 15:32:42 | 000,000,114 | ---- | C] () -- C:\WINDOWS\SysWow64\BRLMW03A.INI
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/30 19:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 17:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/09/30 21:22:26 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\Battle.net
[2014/09/05 21:25:16 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\BitComet
[2014/11/03 22:23:57 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\Foxit Software
[2014/05/25 23:56:55 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\GouWo
[2014/03/22 07:32:53 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\KGDataBak
[2014/11/13 09:39:15 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\KuGou8
[2013/09/30 08:01:31 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\Oracle
[2014/10/28 17:47:02 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\SolidDocuments
[2014/10/12 16:06:02 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\Spotify
[2014/10/30 18:37:37 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\uTorrent
[2014/01/22 16:52:48 | 000,000,000 | ---D | M] -- C:\Users\GYe\AppData\Roaming\webex
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
(C:\Users\GYe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???????) -- C:\Users\GYe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\搜狗高速浏览器
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 220 bytes -> C:\Users\GYe\OneDrive:ms-properties

< End of report >
 

 

 

Shortcut Cleaner 1.3.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 http://www.bleepingc...ortcut-cleaner/

Windows Version: Windows 8.1 Pro
Program started at: 11/14/2014 09:55:34 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\GYe\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\GYe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\GYe\Desktop


0 bad shortcuts found.

Program finished at: 11/14/2014 09:55:35 PM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)
 


  • 0

#9
mijellin
Posted 14 November 2014 - 09:08 PM

mijellin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Oh and the homepage has been restored


  • 0

#10
zep516
Posted 14 November 2014 - 09:42 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hello,

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner


    Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    In your next reply post:
    • The adwCleaner log after you run the clean option.
    • The JRT.txt log
    Thanks
    Joe :)

  • 0

Advertisements

#11
mijellin
Posted 14 November 2014 - 09:56 PM

mijellin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

# AdwCleaner v4.101 - Report created 14/11/2014 at 22:45:24
# Updated 09/11/2014 by Xplode
# Database : 2014-11-13.1 [Live]
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : GYe - YEG15-S
# Running from : C:\Users\GYe\Downloads\adwcleaner_4.101(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v33.1 (x86 en-US)


-\\ Google Chrome v38.0.2125.111

[C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3472 octets] - [14/11/2014 15:08:55]
AdwCleaner[R1].txt - [981 octets] - [14/11/2014 22:45:24]
AdwCleaner[S0].txt - [3432 octets] - [14/11/2014 15:10:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1100 octets] ##########
 

 

 

# AdwCleaner v4.101 - Report created 14/11/2014 at 22:47:43
# Updated 09/11/2014 by Xplode
# Database : 2014-11-13.1 [Live]
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : GYe - YEG15-S
# Running from : C:\Users\GYe\Downloads\adwcleaner_4.101(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v33.1 (x86 en-US)


-\\ Google Chrome v38.0.2125.111

[C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\GYe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [3472 octets] - [14/11/2014 15:08:55]
AdwCleaner[R1].txt - [1180 octets] - [14/11/2014 22:45:24]
AdwCleaner[S0].txt - [3432 octets] - [14/11/2014 15:10:59]
AdwCleaner[S1].txt - [1106 octets] - [14/11/2014 22:47:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1166 octets] ##########
 

 

Error when running JRT:

 

LZSlXDO.png


  • 0

#12
zep516
Posted 14 November 2014 - 10:02 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Things are looking ok.

How is everything now ?

Joe
  • 0

#13
mijellin
Posted 14 November 2014 - 10:05 PM

mijellin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Much better! No issues with start page, webpages are loading a bit faster, firefox no longer freezes.


  • 0

#14
zep516
Posted 14 November 2014 - 10:07 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
OK.

Lets remove our tools now.

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#15
mijellin
Posted 14 November 2014 - 10:11 PM

mijellin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

# DelFix v10.8 - Logfile created 14/11/2014 at 23:08:42
# Updated 29/07/2014 by Xplode
# Username : GYe - YEG15-S
# Operating System : Windows 8.1 Pro  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\sc-cleaner.txt
Deleted : C:\Users\GYe\Desktop\logistics 1.txt
Deleted : C:\Users\GYe\Desktop\logistics 2.txt
Deleted : C:\Users\GYe\Downloads\adwcleaner_4.101(1).exe
Deleted : C:\Users\GYe\Downloads\adwcleaner_4.101.exe
Deleted : C:\Users\GYe\Downloads\Extras.Txt
Deleted : C:\Users\GYe\Downloads\JRT.exe
Deleted : C:\Users\GYe\Downloads\OTL.Txt
Deleted : C:\Users\GYe\Downloads\OTL.exe
Deleted : C:\Users\GYe\Downloads\sc-cleaner.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #4 [Scheduled Checkpoint | 10/29/2014 00:47:53]
Deleted : RP #5 [Installed Box Sync | 11/04/2014 16:53:18]
Deleted : RP #6 [Scheduled Checkpoint | 11/12/2014 00:22:32]
Deleted : RP #7 [OTL Restore Point - 11/14/2014 9:43:53 PM | 11/15/2014 02:43:54]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

 

 

 

Deleted : C:\Users\GYe\Desktop\logistics 1.txt
Deleted : C:\Users\GYe\Desktop\logistics 2.txt

 

Is it possible to restore these two files? I need these for work.
 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP