Jump to content

summerINlyon

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

 Content Type 

Everything posted by summerINlyon

  1. summerINlyon
    I guess it's clean. No more new window jump up. Thank you so much for your patient and kindness. I send you a little money, not so much, because I am just a poor student. But still, thank you so much. Merry Christmas and Happy New Year
  2. summerINlyon
    All processes killed ========== FILES ========== C:\ProgramData\GorillaPrice\WatGorp.exe moved successfully. File move failed. C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe scheduled to be moved on reboot. C:\ProgramData\GorillaPrice folder moved successfully. Folder move failed. C:\Program Files (x86)\GorillaPrice scheduled to be moved on reboot. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: LYON ->Java cache emptied: 2499530 bytes User: Public Total Java Files Cleaned = 2.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 57472 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LYON ->Temp folder emptied: 143344310 bytes ->Temporary Internet Files folder emptied: 34397826 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 594288 bytes ->Flash cache emptied: 58319 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 22540 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes RecycleBin emptied: 3856560 bytes Total Files Cleaned = 174.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: LYON ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12222013_204209 Files\Folders moved on Reboot... C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe moved successfully. C:\Program Files (x86)\GorillaPrice folder moved successfully. C:\Users\LYON\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-3224.log moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... --------------------- I can see a lot of "moved successfully". Are they mean my computer is clean?
  3. summerINlyon
    Extra.txt OTL Extras logfile created on: 12/22/13 19:55:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LYON\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy 3.60 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 43.15% Memory free 7.21 Gb Paging File | 4.52 Gb Available in Paging File | 62.69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 464.29 Gb Total Space | 12.80 Gb Free Space | 2.76% Space Free | Partition Type: NTFS Computer Name: NOBEL | User Name: LYON | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-1142630531-3674883881-839332835-1000\SOFTWARE\Classes\<extension>] .html [@ = Max3.Association.HTML] -- C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Playback] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" "%1" (Alen Soft) Directory [PlayList] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" /a "%1" (Alen Soft) Directory [PotPlayer.Enqueue] -- "C:\PROGRAM FILES (X86)\WMZHE\PURE CODEC\POTPLAYERMINI.EXE" "%1" /Add () Directory [PotPlayer.Play] -- "C:\PROGRAM FILES (X86)\WMZHE\PURE CODEC\POTPLAYERMINI.EXE" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Playback] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" "%1" (Alen Soft) Directory [PlayList] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" /a "%1" (Alen Soft) Directory [PotPlayer.Enqueue] -- "C:\PROGRAM FILES (X86)\WMZHE\PURE CODEC\POTPLAYERMINI.EXE" "%1" /Add () Directory [PotPlayer.Play] -- "C:\PROGRAM FILES (X86)\WMZHE\PURE CODEC\POTPLAYERMINI.EXE" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\software\jinshan ciba\Powerword 2007\xdict.exe" = C:\software\jinshan ciba\Powerword 2007\xdict.exe:*:Enabled:Kingsoft PowerWord "C:\software\jinshan ciba\Powerword 2007\update.exe" = C:\software\jinshan ciba\Powerword 2007\update.exe:*:Enabled:Kingsoft PowerWord Online Update "C:\PROGRAM FILES (X86)\WMZHE\PURE CODEC\POTPLAYERMINI.EXE" = C:\PROGRAM FILES (X86)\WMZHE\PURE CODEC\POTPLAYERMINI.EXE:*:Enabled:PotPlayer -- () "C:\software\jinshan ciba\Powerword 2007\xdict.exe" = C:\software\jinshan ciba\Powerword 2007\xdict.exe:*:Enabled:Kingsoft PowerWord "C:\software\jinshan ciba\Powerword 2007\update.exe" = C:\software\jinshan ciba\Powerword 2007\update.exe:*:Enabled:Kingsoft PowerWord Online Update "C:\PROGRAM FILES (X86)\WMZHE\PURE CODEC\POTPLAYERMINI.EXE" = C:\PROGRAM FILES (X86)\WMZHE\PURE CODEC\POTPLAYERMINI.EXE:*:Enabled:PotPlayer -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0EC3039D-22E3-4E50-A7B2-BE7EEB5D2199}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{104DFE0B-7440-4F45-87A5-1F7BC101973A}" = lport=2869 | protocol=6 | dir=in | app=system | "{19793493-3456-46FD-8DC4-E8F739D66272}" = lport=139 | protocol=6 | dir=in | app=system | "{2961B694-B81E-4750-BB25-BEF21DC177FC}" = rport=137 | protocol=17 | dir=out | app=system | "{4FE20D1B-70CF-46D3-A3D8-6CA9F2C8D6E6}" = lport=138 | protocol=17 | dir=in | app=system | "{55E40586-281B-499D-8CF3-A259BA5898C3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{61B46D9E-E8DA-45B4-BC14-95FEB7442F77}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{69A5AA02-C3C4-48B5-A58F-ACAAA258A04C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7356F68C-872A-470E-8FDA-6A9B51CD7683}" = lport=10243 | protocol=6 | dir=in | app=system | "{79BE2C9E-2F5B-483D-8DEC-C0C221C1F093}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe | "{7D25ADD2-83F9-4449-BF52-7D7A4E77A019}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{82C44682-364F-4A5C-9872-697D8CA19F44}" = rport=138 | protocol=17 | dir=out | app=system | "{8CDF0113-761E-4F80-A311-1D50E829E832}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{921C987C-BAEE-4428-94C3-6B0B84BC8ABF}" = lport=445 | protocol=6 | dir=in | app=system | "{A94539D5-2CCE-4E0E-9C10-3D5900AE6AEC}" = rport=10243 | protocol=6 | dir=out | app=system | "{B1FE831E-BE05-49D6-B906-19476A89BC02}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B61FF255-9C67-44DF-8FDD-D4D6973B9BF3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C0314902-14CA-4F5C-B361-208D8BCB38EC}" = rport=139 | protocol=6 | dir=out | app=system | "{D6053A39-1FE0-40F8-B1C8-97BB70EFC8DC}" = lport=137 | protocol=17 | dir=in | app=system | "{E7BC0EC1-2853-488A-B139-F6E2EDA229C0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F90EDDF0-08AF-4291-A35F-161B709998F5}" = rport=445 | protocol=6 | dir=out | app=system | "{FEF3B342-FE43-454C-813D-CA0525EACF4D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00F1BCAE-D04A-4551-8EBD-E52A2A91F4AD}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | "{060EC23F-9B81-4615-8C00-8ED4439508CA}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe | "{0673B12A-4413-492F-B049-E76758DF71B7}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyconfig.exe | "{069BE544-3DA6-4298-8183-4F261F76EC46}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpylevel.exe | "{086032DC-6B07-447F-99CF-FB2E9B60105D}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpymblog.exe | "{08993227-B146-4679-A583-517FD906F9D9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{0DDEF93D-C46E-4D16-AC9B-4518802DA9E3}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\maupdat.exe | "{1009DA10-EE93-432A-8BB9-E3B8E2AB5AB4}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | "{10CD4995-F82B-44D7-9AAA-7E54D42866F7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe | "{120C75CF-EE58-42F6-B525-377AF1B28B8A}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpylevel.exe | "{1417F798-8FBA-4035-84F8-DFD551668966}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\statreport.exe | "{143022F3-3D68-4C6E-B387-CA9EA8458791}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimedownload.exe | "{150E873E-A765-453C-BAD8-B2D95B6EDD8A}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpcdetector.exe | "{1533ECB7-6B10-468A-B268-B7AAF3EBAC77}" = protocol=17 | dir=in | app=c:\users\lyon\appdata\roaming\tencent\qq\stemp\backupdltmp\download\miniqtupdate.exe | "{1568AA90-AE92-4DCA-B250-60C0D1761AAF}" = dir=in | app=c:\users\public\documents\tencent\qqgamemicro\qqgamemicro.exe | "{16055792-B85E-4F05-B9CF-F9AFB5B4FECB}" = protocol=6 | dir=in | app=c:\program files (x86)\wandoulabs\wandoujia2.exe | "{1848DF01-98EB-47DB-83AA-2FD5803608AB}" = protocol=6 | dir=in | app=c:\users\lyon\appdata\roaming\tencent\qq\stemp\backupdltmp\download\miniqtupdate.exe | "{18AB64CC-2088-4565-BE5F-A93665A97A2B}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpymblog.exe | "{19B0649D-222A-4501-AF67-F8200E44F0A5}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimedownload.exe | "{1AC53BDC-31EC-457A-A945-3FCAEECB58A0}" = protocol=6 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baidusetupax_0.exe | "{1C1D932C-9B1B-451C-8325-692739E31A57}" = dir=in | app=c:\users\public\documents\tencent\qqgamemicro\ieproc.exe | "{1C36F44A-6213-41E9-8C31-D0534CFAC9BF}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpycloud.exe | "{1CB055B4-58CE-4778-9587-24C2D5BF5128}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\auclt.exe | "{1D27B36E-9F03-49CB-B763-3B5CC18CDAF7}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyliveup.exe | "{1EEC6279-8B40-4390-8BC8-CE4EEE3B9A68}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpylevel.exe | "{1F27A7FF-407F-4B58-8074-6C6E1AE8D8B3}" = dir=in | app=c:\programdata\baidu\baiduplayer\bdupdate3.2.1.107.exe | "{1F97124D-B831-47E8-B40A-B3E3C048A717}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon4\bin\mxup.exe | "{21DEC6CD-2386-4329-91F4-04AA670D0EB4}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe | "{23494F52-B648-4A6B-BE2C-810C51A8746F}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe | "{23D4EE6A-F19D-4D5A-B807-B214D98D5098}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | "{23E37202-7150-42D0-9005-F5B4F5D9072C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{24077C52-6D17-4C8C-B750-2CEFA9E92E39}" = dir=in | app=c:\users\public\documents\tencent\qqgamemicro\ieproc.exe | "{242CA5AC-313C-4D36-8ABF-AB7F143B8525}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpycloud.exe | "{249872A5-4A37-4FED-8F86-A6A9B3B2B151}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpymblog.exe | "{262E1D4D-7B2A-460B-8415-6010B1F6F2B7}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\qqprotect\bin\qqprotect.exe | "{266354A5-C880-4975-8CD3-AFFDFB53B75B}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon4\bin\maxthon.exe | "{27645871-E1E7-4A0E-8AA1-81E1A6F8C6B4}" = protocol=6 | dir=out | app=system | "{27662D0E-6E98-4A11-8BD3-3BD3C56010ED}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpydict.exe | "{286D701D-FBDB-4957-881C-422D888C65C3}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyhandinput.exe | "{2B8E85CF-53B0-4A99-ACF5-0E7FBC5BE5B2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2FDBB6C2-A77D-4680-AD6D-7ACFF7B478CA}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | "{30D9DE2C-BB07-4144-9F0F-8355A73B301C}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimeregdict.exe | "{315222BA-D90B-42C4-B9D7-1C2489ABE184}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\malauncher.exe | "{31E0619D-F247-47DE-81AF-4A8F5BB3481C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{31F2547C-8B97-462E-A538-C33EBB92086F}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\statreport.exe | "{3513D270-513D-40AA-99F6-ACF249605999}" = protocol=6 | dir=in | app=c:\users\lyon\appdata\roaming\dropbox\bin\dropbox.exe | "{3713D3C9-AE88-4447-933C-615934D59FAD}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\statreport.exe | "{38DCBBF5-4D1D-4D7E-8FD6-82FC5995B012}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{38F31F69-BA8B-4BAE-A25D-2E91C2BFF088}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyhandinput.exe | "{39E03701-BF69-49D3-AF06-FA68E043754C}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\auclt.exe | "{3B408579-632E-4E98-9320-88DB5064A13E}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | "{3C62BF4C-2ADD-48F3-9F93-4DC36C987F1D}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe | "{3EE643EA-E0FA-4490-B947-9DE956318758}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyliveup.exe | "{414B5E29-8589-408A-B5E7-B05FC57A517F}" = protocol=17 | dir=in | app=c:\program files (x86)\wandoulabs\wandoujia2.exe | "{43C63748-532C-481C-9EE6-C5FD410F7794}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpymblog.exe | "{44DCCFFB-3C96-47A1-931D-866C42D5F613}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyconfig.exe | "{456D187B-4062-4DB3-9DFF-392836257CC7}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimedownload.exe | "{46C08A47-2760-4E16-9B1D-5EC5B1C10D09}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpymblog.exe | "{46E99874-4125-46ED-8C87-23D8C7A6B17C}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyconfig.exe | "{46F09F08-AEC6-4342-B56A-22E7A4EB9A82}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpydict.exe | "{47B57521-9C11-4E17-A6F0-B94556133A42}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyhandinput.exe | "{47D93FE8-79EC-4BD1-96D4-65FA3B794C69}" = protocol=6 | dir=in | app=c:\users\lyon\desktop\360安全卫士inst.exe | "{485BD379-AEA1-42B9-922E-12E051944994}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{48F233D2-FB88-4E72-A543-316116AE6A1C}" = protocol=17 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baidusetupax_0.exe | "{4A1FA2C2-448A-46CD-8256-FE899EE2B8DF}" = dir=in | app=c:\program files (x86)\common files\tencent\qqminidl\41\qqminidlui.exe | "{4A3F1ED8-5074-43D0-BCF3-DB5D47C38EAC}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baidup2pservice.exe | "{4B4DF298-3B24-4FBB-9815-E417FC123140}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe | "{4B632C10-3EB4-4B35-A584-040A1F324A86}" = protocol=6 | dir=in | app=c:\users\lyon\appdata\local\temp\nsr2883.tmp\qqpcdetector.exe | "{4C0D9ED1-8D17-4ED7-A940-338DE05FC4EB}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpydict.exe | "{4D581A0C-EB91-4584-B02F-AF1206EB1B32}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4E1AEE92-0FC0-44A7-8A95-08DB45DA675C}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpymblog.exe | "{4E6B4C9C-E3FE-4A48-BF02-1A951C4CCF89}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpylevel.exe | "{51D7A38C-68F6-4AF7-AAA9-534D06B5755F}" = dir=in | app=c:\users\lyon\appdata\local\microsoft\skydrive\skydrive.exe | "{53632296-3E9F-4109-ACF7-E10D8EE6EFA7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe | "{579AF96A-C379-4CD8-A333-4EEA549C08CA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{57DF70D4-865B-4A89-8310-947B7444F649}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyconfig.exe | "{582A4DEE-EAF8-49AE-B180-B5069F2E491A}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe | "{589C8066-8AC0-4978-8116-19EA805F627F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5B64ABF3-A951-4EFF-9984-956B0B616CD4}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimeregskin.exe | "{5D905630-F282-43D4-AD37-452836C4BCF3}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpydict.exe | "{5DCA0485-4837-41A7-AD0F-C8E22C8C3FEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5EACAE8A-97E9-4FFF-8FC3-66102E3D35E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5F0ADEAC-DD50-4994-9DCD-339D2893AB49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5FA5E12E-332F-4CB0-9090-F2CAAF25516E}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimeregskin.exe | "{62B6D4B2-BA93-45FD-9C8D-DE395881193F}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimedownload.exe | "{64F7811D-F6DE-4BF7-97F9-9F51153DBA3C}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe | "{65D4AF15-BFEB-4E19-B9A7-FB861C232180}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon4\bin\mxup.exe | "{67790C4A-6D6A-4750-914E-7E8A8453FA8A}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpydict.exe | "{6AB7ED7D-DE6B-4854-92D1-10222DD71CD6}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baidup2pservice.exe | "{6D0A443C-599F-4D79-8FB1-86FB1EEA7016}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyhandinput.exe | "{6D611D05-C35D-4940-8A89-3BE25DBD0662}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{6E2CC295-85DB-4D45-B5D3-2B20B9DA8FA4}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyhandinput.exe | "{6E5DA448-017A-4552-B177-C97F3636E479}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpylevel.exe | "{6F374B15-2B4E-423B-A3CE-929E061FB266}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{70666ADE-31D4-4A70-9CD9-8298134828A0}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\statreport.exe | "{716AC591-2A57-4940-A676-AD0AB58CF4C9}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\malauncher.exe | "{71BEB63B-2B81-4881-AB66-33B32BCDDE2E}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpycloud.exe | "{727CE28C-388A-4A73-9D1F-E254877E1A69}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyliveup.exe | "{7698D85F-9516-42B4-A20C-9280C6F8003F}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyconfig.exe | "{778C88AC-4C92-46BD-BBE1-27ED8C1D1566}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7990C131-92E9-4232-9E6A-C7A187F8CF73}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpcdetector.exe | "{7ACC0BDC-46C0-46F4-A536-66F6C9CFE465}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | "{7E1B986E-CE80-453F-884A-4E1294875EA7}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyliveup.exe | "{7F467C91-CA37-4F39-8D71-53B36B80200D}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimedownload.exe | "{7F59644E-68D0-431A-A8ED-AA6BC7230DE0}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | "{804BA6D0-9F34-45FD-A43E-E514D87D309A}" = dir=in | app=c:\programdata\baidu\baiduplayer\bdupdate3.2.1.107.exe | "{819780FE-9D46-42AE-BD95-E91ADE91D79E}" = dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpcdetector.exe | "{824FB3F7-682B-4FB8-A050-BAF55D735F39}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpydict.exe | "{840C75A6-EFC5-48C6-BF2D-AF26E0433055}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpycloud.exe | "{866A25A1-7F06-4701-B3AA-60356008AC2D}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpymblog.exe | "{87C92C18-FBDC-4689-8A13-83E88D75C58B}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe | "{87E821A7-372C-4D53-AE66-8E1E533E7E53}" = protocol=6 | dir=in | app=c:\software\360\inst.exe | "{89E67487-E63A-487B-B83B-6F73A8D42880}" = dir=in | app=c:\program files (x86)\common files\tencent\qqminidl\41\qqminidl.exe | "{8A3FAC64-41AF-40B9-8928-68791D82FC00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8B1EF5C6-1522-4631-BBC0-D1532CF54A06}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon4\bin\maxthon.exe | "{8CFBE6A0-8E27-4AB1-97E8-A58B6060E67A}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimeregdict.exe | "{9093FEA8-F171-4719-A874-D3B4596E073B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{90D63392-DE16-4854-942E-FBAD5A0537F8}" = dir=in | app=c:\program files (x86)\ppstream\ppskernel.exe | "{91F51E77-890E-4260-8F5B-B5EABA8CE2A7}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimedownload.exe | "{924D0559-7940-4F9E-947E-B68465C377C3}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpylevel.exe | "{9679541A-4DA7-4CE0-A621-A9F3F6CBCFE8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{992BC950-CE79-4612-9E92-0E74B6E82FAF}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpycloud.exe | "{99565845-19C3-4BF4-9012-CC9F63563CFB}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | "{9996802E-FA6B-4DC2-9390-96CB5DC4AB10}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpymblog.exe | "{9B37BF7A-24E5-48D3-A5CF-BE08F54E465B}" = protocol=6 | dir=in | app=c:\program files (x86)\kingsoft\powerworddict\xdict.exe | "{9BBD62CB-D14A-4571-AD03-52A2EA3D10E7}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyliveup.exe | "{9C92CBC0-1F14-4B34-AFD7-4E3E7088AC44}" = dir=in | app=c:\program files (x86)\common files\tencent\qqminidl\41\qqminidl.exe | "{A166E404-0E8F-46B3-A040-63A61B175F87}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpcdetector.exe | "{A2592585-2C48-4341-92C9-E0C4BA46F452}" = dir=in | app=c:\users\public\documents\tencent\qqgamemicro\qqgamemicro.exe | "{A36FBA99-46EF-4C74-86ED-47084C80D909}" = dir=in | app=c:\program files (x86)\common files\tencent\qqminidl\41\qqminidlui.exe | "{A4C977BD-DDFE-4486-B299-985689DE7991}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyhandinput.exe | "{A5471144-CF7E-475B-A0FF-78C1365FA59A}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe | "{A5FBCEBD-FAC5-4098-8724-2F87E45848BA}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpylevel.exe | "{A8156902-1325-47E4-AFD8-134DD7A14062}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe | "{A8775FA2-3853-4F88-8E92-4EF22CE3063F}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe | "{A8D178E9-6A24-4FBA-8B88-2BB625242B3B}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyhandinput.exe | "{A9482A29-9A75-4BA5-B2AA-0FC7DF8326C4}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimeregskin.exe | "{A9A059F8-E4C0-4A0E-A320-16E08494068A}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyconfig.exe | "{A9D13D90-687A-42C2-A62C-E5B5B870083F}" = dir=in | app=c:\users\lyon\appdata\local\tnt2\2.0.0.1702\tnt2user.exe | "{AA34DC2C-260B-4753-AE75-4903BC540210}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AB072621-907D-47CA-8076-7CB62EDD0CF7}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyhandinput.exe | "{ABCDD000-AD3B-49BD-A949-E1AF8FF2E018}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AC0861E6-9D47-4C1C-BAE2-7EE45C9539E8}" = protocol=17 | dir=in | app=c:\users\lyon\appdata\roaming\dropbox\bin\dropbox.exe | "{AC69A9AC-0525-4372-A04F-6F0210F6951E}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimeregskin.exe | "{ACA2A132-0133-4F4D-B7A6-4FD23CE94B37}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpydict.exe | "{AD781F18-FD4C-4759-8197-1CFD376ACA50}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B0F7CE92-771D-4B1D-ACF6-C0D596FBCD05}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{B1BF5F12-C0B1-4377-8E55-299B01BA784B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe | "{B2AF23C0-E522-4D2C-8E1D-F939DAEE8077}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimeregdict.exe | "{B2C21179-D397-44D4-803E-0B0D72194E8E}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimeregdict.exe | "{B41CF6DE-20C2-44B6-805B-B2D0358181BD}" = protocol=17 | dir=in | app=c:\users\lyon\desktop\360安全卫士inst.exe | "{B5288E9D-2F33-4FBF-A840-C08BFEE4266B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B59A43B0-ACCB-45EB-8727-0188BC4EBD61}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe | "{B62CA78F-6E55-4CFC-9266-479E92ACE4E0}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | "{B6BEB80E-6D34-4963-AB12-B9AE1925E5FB}" = protocol=17 | dir=in | app=c:\software\360\inst.exe | "{B8B3538B-166C-4769-9517-BB1A2E5ECE12}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | "{BB01E442-5204-41DA-A70F-6155F4FB375B}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyconfig.exe | "{BB94AC2F-AC33-4BE6-BE49-AB8F88027A31}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpydict.exe | "{BE0C2716-3916-45F6-8363-3FD4FB460DB1}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe | "{C0D5BE96-A163-4FED-BADD-218CBEC9147C}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyliveup.exe | "{C27523C9-3E6D-4138-A516-01D09817242C}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe | "{C2D9C1F3-9460-40B4-9357-58CBB53BDA83}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe | "{C3F0325F-23A4-44CF-870B-625F423DE500}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baiduplayer.exe | "{C46ABB27-1DED-4D6D-BC26-74F695407E92}" = dir=in | app=c:\programdata\baidu\baiduplayer\bdupdate3.2.1.107.exe | "{C52193AB-36A7-42DC-9592-83B2AACADCE3}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimeregdict.exe | "{C5A87C98-7C44-4E3E-BDB4-19D957D37335}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | "{C5C90730-4404-4501-BFB6-4B27074F8454}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpycloud.exe | "{C718BD7F-2BAD-4859-BCC3-7DBE430EE5D3}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimeregdict.exe | "{C88B3600-B042-42B9-8D9B-D594A5401EAB}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\qqprotect\bin\qqprotect.exe | "{C896D93C-726B-4A78-850E-0DA94B2CFCDC}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe | "{C93DEC86-D857-4494-B128-9A1925739B71}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CBA794FF-A9B4-40F8-9C6C-2DC5320E4688}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimeregskin.exe | "{CCABE81A-D43D-49B2-AC1D-6C6D29F1248F}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qzonemusic\qzonemusic.exe | "{CE1869B4-4FED-40AE-B032-0CF14FFAC774}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpylevel.exe | "{CFA6F4E7-7AAA-4AE2-B21A-E9196F63A690}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimeregskin.exe | "{CFE47171-21AD-4C7A-BF18-5ADB52F0EFF8}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimeregdict.exe | "{D06D01D4-7BCA-4740-82D1-544CA2310E5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D07B259F-0DBB-4A53-9D9D-141AA53AA5E3}" = protocol=6 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe | "{D0C627BA-86EF-4083-8A7D-580009D19810}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baiduplayer.exe | "{D37F5411-3F3E-44D7-B834-588E026DC629}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baidup2pservice.exe | "{D510D04F-C665-4DE5-9AB5-1AA4BA46A24E}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{D5310302-AAC3-4013-B089-B4BC418C24B0}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | "{DD81CC86-A58E-4120-A40E-0EA968DC9050}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\maupdat.exe | "{DE23E37E-13C5-497B-9B9F-BBDB406D24C2}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | "{DE617C94-C4AF-4DC0-A09C-C324CBE43B35}" = protocol=17 | dir=in | app=c:\users\lyon\appdata\local\temp\nsr2883.tmp\qqpcdetector.exe | "{DE7CF211-D279-4E5D-BA09-707C886307B3}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe | "{DEF583A8-1C6F-43EE-84C2-3652BEB398D4}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baiduplayer.exe | "{E4A949F7-057F-465F-A343-727B8A3A4E8C}" = dir=in | app=c:\programdata\baidu\baiduplayer\bdupdate3.2.1.107.exe | "{E58FDFCF-4C65-4353-AC1C-87FBD5CC5DE1}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyliveup.exe | "{E6FFFDA5-D554-41CA-BCC2-9075F3D9499F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe | "{E7D362C7-E4D3-4247-9776-4E64781FA6CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E89276EB-7029-477A-96C1-355D6790415B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E8D06675-7809-4D55-A894-F15F61F3B311}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimeregdict.exe | "{E950B0C3-3729-4064-A856-802016F84901}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe | "{E9E86C9D-3759-47D7-968C-1748CD643D38}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{EA1FE512-6DFA-4EE8-BC91-A2CD80AB5AE9}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qzonemusic\qzonemusic.exe | "{F0506441-D07F-4CE4-BA6E-0AC26F692855}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpycloud.exe | "{F0F09A94-57AF-4BA0-AF08-F406567E53B3}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimedownload.exe | "{F1C7FE6B-02F5-4CF3-B186-F354D9D0833B}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyconfig.exe | "{F33A0F44-0E16-4E81-8FAB-6B02CAD369CC}" = protocol=17 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe | "{F38B160E-D888-4638-800A-6BD481BB8D4A}" = dir=in | app=c:\users\public\documents\tencent\qqgamemicro\ieproc.exe | "{F3E1290A-6BEB-48A4-8CC1-A6D2FFD5D3A6}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpycloud.exe | "{F6599C1C-A2F6-449C-9BAC-7B0F7E888A0A}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyliveup.exe | "{F806BD43-6BFC-453B-9BAD-B49CB9B87336}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baidup2pservice.exe | "{F9CC36FA-4993-48A1-A3C3-5E0F17C42C46}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimeregskin.exe | "{FAD4C492-D1BB-4F3F-A702-8BED8A1DD252}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe | "{FC0E0DA5-B1FF-4175-A13E-8939428F023E}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpcdetector.exe | "{FC2EADAA-2D16-4CF1-AACE-FB5FC84AEF56}" = protocol=6 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe | "{FC7E0CCE-F059-424C-BFBB-CD32CAC51488}" = protocol=17 | dir=in | app=c:\program files (x86)\kingsoft\powerworddict\xdict.exe | "{FCD71189-4979-429B-8083-6841EBC194A7}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimedownload.exe | "{FD50065C-EAFC-40C5-B9B1-7D90DE11C1DF}" = dir=in | app=c:\users\public\documents\tencent\qqgamemicro\qqgamemicro.exe | "{FD8D4ACB-7164-4924-937B-95D61C4291C7}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimeregskin.exe | "{FE5E79D1-4076-48CD-9DE8-FD517097336A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe | "{FFDDF70D-F62B-4CB1-8BA2-824D54816DE4}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baiduplayer.exe | "TCP Query User{1F40B189-698B-4C0E-B3F2-AFAA20034059}C:\program files (x86)\tencent\qqdownload\qqdownload.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqdownload\qqdownload.exe | "TCP Query User{2F5FE249-9F4B-4CD0-B98A-D1223D41968B}C:\program files (x86)\360\360safe\360leakfixer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\360leakfixer.exe | "TCP Query User{34EBABEB-2360-4426-AF04-5C1894B009AD}C:\program files (x86)\360\360sd\360sdupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\360\360sd\360sdupd.exe | "TCP Query User{3744417C-117C-408A-BD4B-5624FF4EA377}C:\program files (x86)\tencent\qq\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe | "TCP Query User{435A629A-B5AE-4F3C-A1B9-B3491308203F}C:\program files (x86)\360\360safe\360leakfixer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\360leakfixer.exe | "TCP Query User{5F7B2979-EF51-46CC-801A-2EB319E92F1D}C:\program files (x86)\wandoulabs\wandoujia2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wandoulabs\wandoujia2.exe | "TCP Query User{6654B86D-08EE-48D7-8B86-742217A038DA}C:\program files (x86)\tencent\qqdownload\qdautoupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqdownload\qdautoupdate.exe | "TCP Query User{B67E6D08-18D7-4B75-996B-961A22A2189E}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "TCP Query User{C7431D80-E6C6-42B8-A42A-E7E1EDCEDA74}C:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe | "TCP Query User{D380A7C3-0325-4790-B4C5-ABA06F3C73C9}C:\program files (x86)\meitu\xiuxiu\liveupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\meitu\xiuxiu\liveupdate.exe | "TCP Query User{D88361A2-30C6-4184-BFAE-CBB2A6E555C8}C:\program files (x86)\surfmusik 3.1\surfmusik.exe" = protocol=6 | dir=in | app=c:\program files (x86)\surfmusik 3.1\surfmusik.exe | "TCP Query User{DDC4DD00-8546-40A6-9EC5-DFB953FB2833}C:\program files (x86)\meitu\xiuxiu\liveupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\meitu\xiuxiu\liveupdate.exe | "TCP Query User{E03876CD-BF39-4F68-BAC8-E98DFE0BC648}C:\program files (x86)\360\360sd\360sdupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\360\360sd\360sdupd.exe | "UDP Query User{21B28901-F222-4960-B7A0-3A129DE0BD61}C:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe | "UDP Query User{28F24A7A-B817-4232-B72D-2E105C8F2CC2}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | "UDP Query User{3DB4E27A-D641-4A98-A5E4-BE8D42E7048A}C:\program files (x86)\tencent\qqdownload\qqdownload.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqdownload\qqdownload.exe | "UDP Query User{4FEF5575-6AB7-40D7-85B3-2DB75079C89B}C:\program files (x86)\360\360sd\360sdupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\360\360sd\360sdupd.exe | "UDP Query User{52044163-84EA-4CC2-B640-1E5808BB5F17}C:\program files (x86)\360\360safe\360leakfixer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\360leakfixer.exe | "UDP Query User{62B9A6DF-FBC9-477A-813C-1609475E6DE2}C:\program files (x86)\360\360sd\360sdupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\360\360sd\360sdupd.exe | "UDP Query User{77241DD6-7F2D-41AB-A268-81531B601272}C:\program files (x86)\surfmusik 3.1\surfmusik.exe" = protocol=17 | dir=in | app=c:\program files (x86)\surfmusik 3.1\surfmusik.exe | "UDP Query User{783E1A4D-D1BC-40F2-A717-46B6E07E716B}C:\program files (x86)\360\360safe\360leakfixer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\360leakfixer.exe | "UDP Query User{A52F2E01-F2AB-400A-B8A1-44D93CB8BD7C}C:\program files (x86)\tencent\qq\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe | "UDP Query User{AED99201-030E-4073-BE03-299EFA3C2B57}C:\program files (x86)\meitu\xiuxiu\liveupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\meitu\xiuxiu\liveupdate.exe | "UDP Query User{C5DD7772-BD13-4343-9E17-57C626DF1D95}C:\program files (x86)\wandoulabs\wandoujia2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wandoulabs\wandoujia2.exe | "UDP Query User{DF666D3B-0F7E-4DE0-A07E-8E74A63D5D2A}C:\program files (x86)\tencent\qqdownload\qdautoupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqdownload\qdautoupdate.exe | "UDP Query User{E9C506C4-2B01-4151-8F6D-0FCF59CC72C2}C:\program files (x86)\meitu\xiuxiu\liveupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\meitu\xiuxiu\liveupdate.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{23170F69-40C1-2702-0930-000001000000}" = 7-Zip 9.30 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit) "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display "{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}" = Lenovo Fingerprint Software "{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support "{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel® PROSet/Wireless Software for Bluetooth® Technology "{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel® PROSet/Wireless for Bluetooth® + High Speed "{38294D95-DB90-4D8C-824C-26856E5001A6}" = ThinkVantage Fingerprint Software "{3849486C-FF09-4F5D-B491-3E179D58EE15}" = Message Center Plus "{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit "{4041B18B-DE30-4D78-9D60-6ADC586C5E00}" = Lenovo Solution Center "{40F962CF-3C1E-44EB-A319-5590BEEB90CF}" = COMODO Internet Security Premium "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot Shield "{6248C52A-5236-4C07-9BD5-393C40A42316}" = VMware View Client "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E0790DA-185E-4DC1-8A88-750B2A6218FD}" = Nitro Pro 7 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013 "{90150000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2013 "{90150000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{BF601122-9F0A-41A9-BA06-3158D9FB4B80}" = Lenovo SimpleTap "{C5BB9380-D729-410A-A440-061EBCADCCB9}" = Fingerprint Reader "{E97F409F-9E1C-42A0-B72D-765A78DF3696}" = Intel® PROSet/Wireless WiFi Software "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes "05FBE63CF9C9B3424152207E7278CD6DA193C56C" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2010 8.6.0.29) "64A62163FE43328D13305746CB8BCC93F2DF6545" = Windows Driver Package - Intel (iaStor) hdc (11/29/2011 11.0.0.1032) "CNXT_AUDIO_HDA" = Conexant HD Audio "FD2ED46D31CE7DF190049D079E92DE03D347A634" = Windows Driver Package - Lenovo 1.65.05.21 (01/11/2012 1.65.05.21) "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "OnScreenDisplay" = On Screen Display "SynTPDeinstKey" = ThinkPad UltraNav Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide "{1D78E62C-B585-446A-8FC7-2754332C0521}" = EViews 8 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver "{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility "{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome "{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7 "{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration "{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{90150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013 "{90150000-0016-0409-0000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013 "{90150000-0018-0409-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013 "{90150000-0019-0409-0000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013 "{90150000-001A-0409-0000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013 "{90150000-001B-0409-0000-0000000FF1CE}" = Microsoft Word MUI (English) 2013 "{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English "{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français "{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español "{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013 "{90150000-0044-0409-0000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013 "{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013 "{90150000-0090-0409-0000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013 "{90150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013 "{90150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013 "{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013 "{90150000-00E2-0409-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013 "{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013 "{90150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013 "{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013 "{91150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013 "{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel® WiDi "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5 "{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent "{A78800AF-1779-4AE8-8EBE-16E1BE727C71}" = Integrated Camera Driver Installer Package Ver.1.2.1.18 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{D96DB0AB-87D0-11D6-AF24-F7A021CEBF7F}" = SimpChinese Speech Package "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Power Manager "{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime "{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information "360安全卫士" = 360安全卫士 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Fastboot" = RapidBoot HDD Accelerator "Foxit Phantom" = Foxit Phantom "Google Chrome" = Google Chrome "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "Intel AppUp(SM) center 33057" = Intel AppUp(SM) center "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1142630531-3674883881-839332835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "InstallShield_{1D78E62C-B585-446A-8FC7-2754332C0521}" = EViews 8 "SkyDriveSetup.exe" = Microsoft SkyDrive "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/22/13 19:46:15 | Computer Name = NOBEL | Source = Application Error | ID = 1000 Description = Faulting application name: Maxthon.exe, version: 4.2.0.4000, time stamp: 0x529be175 Faulting module name: ntdll.dll, version: 6.1.7601.18229, time stamp: 0x51fb1072 Exception code: 0xc0000374 Fault offset: 0x000ce753 Faulting process id: 0x1424 Faulting application start time: 0x01ceff6e915cfa18 Faulting application path: C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 3e7e996f-6b63-11e3-87e0-84a6c87d9708 [ System Events ] Error - 12/22/13 19:04:33 | Computer Name = NOBEL | Source = Service Control Manager | ID = 7034 Description = The Wireless PAN DHCP Server service terminated unexpectedly. It has done this 1 time(s). Error - 12/22/13 19:27:50 | Computer Name = NOBEL | Source = Service Control Manager | ID = 7016 Description = The Data Transfer Service service has reported an invalid current state 0. Error - 12/22/13 19:28:25 | Computer Name = NOBEL | Source = Application Popup | ID = 1060 Description = \??\C:\Windows\SysWow64\drivers\WMDrive.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 12/22/13 19:28:35 | Computer Name = NOBEL | Source = Service Control Manager | ID = 7000 Description = The SMI Helper Driver (smihlp2) service failed to start due to the following error: %%2 Error - 12/22/13 19:28:40 | Computer Name = NOBEL | Source = Service Control Manager | ID = 7000 Description = The Kingsoft Core Service service failed to start due to the following error: %%2 Error - 12/22/13 19:28:43 | Computer Name = NOBEL | Source = Service Control Manager | ID = 7000 Description = The Conexant Audio Message Service service failed to start due to the following error: %%3 Error - 12/22/13 19:28:52 | Computer Name = NOBEL | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: EncryptedDisk KDHacker WMDrive Error - 12/22/13 19:28:52 | Computer Name = NOBEL | Source = Service Control Manager | ID = 7034 Description = The Wireless PAN DHCP Server service terminated unexpectedly. It has done this 1 time(s). < End of report >
  4. summerINlyon
    OTL.txt OTL logfile created on: 12/22/13 19:55:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LYON\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy 3.60 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 43.15% Memory free 7.21 Gb Paging File | 4.52 Gb Available in Paging File | 62.69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 464.29 Gb Total Space | 12.80 Gb Free Space | 2.76% Space Free | Partition Type: NTFS Computer Name: NOBEL | User Name: LYON | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/12/22 19:54:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LYON\Desktop\OTL.exe PRC - [2013/12/22 18:32:29 | 000,167,480 | ---- | M] (Tencent) -- C:\Program Files (x86)\Tencent\QQ\Bin\TXPlatform.exe PRC - [2013/12/22 18:32:29 | 000,143,032 | ---- | M] (Tencent) -- C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe PRC - [2013/12/01 20:26:04 | 000,243,512 | ---- | M] (Maxthon International ltd.) -- C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe PRC - [2013/11/30 12:15:14 | 000,070,144 | ---- | M] () -- C:\ProgramData\GorillaPrice\WatGorp.exe PRC - [2013/11/30 12:07:14 | 000,625,152 | ---- | M] () -- C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe PRC - [2013/11/20 08:07:42 | 000,167,608 | ---- | M] (Tencent) -- C:\Program Files (x86)\Tencent\QQ\QQProtect\Bin\QQProtect.exe PRC - [2013/09/23 10:31:26 | 000,224,192 | ---- | M] (360.cn) -- C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/12/08 14:50:00 | 000,472,216 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe PRC - [2012/12/03 10:18:48 | 002,436,096 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe PRC - [2012/06/01 22:48:58 | 000,061,296 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2012/06/01 22:48:38 | 000,058,224 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe PRC - [2012/05/24 01:05:34 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE PRC - [2012/05/15 16:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe PRC - [2012/05/15 16:32:00 | 001,662,560 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe PRC - [2012/05/15 16:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE PRC - [2012/04/19 02:15:40 | 002,542,184 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe PRC - [2012/04/19 02:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe PRC - [2012/04/13 11:06:42 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012/03/06 17:49:18 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2012/03/06 17:49:16 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2012/03/06 17:49:08 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012/03/06 17:49:04 | 000,163,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe PRC - [2012/01/17 01:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe PRC - [2011/11/04 14:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011/07/12 15:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe PRC - [2011/07/12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2011/04/26 00:08:28 | 000,984,440 | ---- | M] (Tencent) -- C:\Program Files (x86)\Tencent\QQPinyin\4.2.1073.400\QQPYTrayBar.exe PRC - [2011/01/06 23:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe PRC - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe ========== Modules (No Company Name) ========== MOD - [2013/12/22 18:32:32 | 000,093,752 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQ\Bin\zlib.dll MOD - [2013/12/22 18:32:31 | 000,310,840 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQ\Bin\libjpegturbo.dll MOD - [2013/12/22 18:32:31 | 000,167,480 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQ\Bin\libpng.dll MOD - [2013/12/22 18:32:31 | 000,155,192 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQ\Bin\lua.dll MOD - [2013/12/22 18:32:31 | 000,138,808 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQ\Bin\libexpatw.dll MOD - [2013/11/25 20:25:42 | 015,990,664 | ---- | M] () -- C:\Program Files (x86)\Maxthon\Core\Webkit\Npplugins\NPSWF32.dll MOD - [2013/11/21 01:37:14 | 000,109,336 | ---- | M] () -- C:\Program Files (x86)\Maxthon\Core\Webkit\libEGL.dll MOD - [2013/11/21 01:37:06 | 000,887,064 | ---- | M] () -- C:\Program Files (x86)\Maxthon\Core\Webkit\libGLESv2.dll MOD - [2013/11/17 20:18:38 | 000,258,944 | ---- | M] () -- C:\Program Files (x86)\Maxthon\Bin\Maxzlib.dll MOD - [2013/11/17 20:18:36 | 000,232,760 | ---- | M] () -- C:\Program Files (x86)\Maxthon\Addons\Mobile\MxMobile.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/10/20 02:23:22 | 006,254,152 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV:64bit: - [2013/09/24 11:53:32 | 000,164,056 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth) SRV:64bit: - [2012/12/08 14:50:00 | 000,472,216 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm) SRV:64bit: - [2012/12/03 10:18:48 | 002,436,096 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe -- (vmware-view-usbd) SRV:64bit: - [2012/06/07 02:04:04 | 000,328,552 | ---- | M] (AuthenTec, Inc) [On_Demand | Stopped] -- C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe -- (FPLService) SRV:64bit: - [2012/06/01 22:49:06 | 000,179,568 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM) SRV:64bit: - [2012/06/01 22:48:58 | 000,061,296 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV:64bit: - [2012/06/01 22:48:38 | 000,058,224 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV:64bit: - [2012/05/29 17:27:14 | 000,144,992 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc) SRV:64bit: - [2012/05/24 01:05:28 | 000,216,072 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2) SRV:64bit: - [2012/04/11 02:27:06 | 000,047,440 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2012/02/26 07:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:64bit: - [2012/02/26 07:07:42 | 000,273,168 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2012/02/26 07:07:32 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2012/02/26 07:07:26 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2012/02/03 00:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel® SRV:64bit: - [2012/01/17 18:12:28 | 000,135,952 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2012/01/09 14:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011/12/29 00:48:24 | 000,049,480 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV:64bit: - [2011/07/12 15:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV:64bit: - [2011/07/12 15:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV:64bit: - [2011/07/12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV:64bit: - [2011/07/12 02:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV:64bit: - [2011/05/31 06:29:08 | 000,117,760 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DTS.exe -- (dtsvc) SRV:64bit: - [2011/05/31 06:29:04 | 000,130,048 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ADMonitor.exe -- (ADMonitor) SRV:64bit: - [2011/05/31 06:22:56 | 002,715,976 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\SysNative\ATService.exe -- (ATService) SRV - [2013/12/22 14:34:26 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/11/30 12:15:14 | 000,070,144 | ---- | M] () [Auto | Running] -- C:\ProgramData\GorillaPrice\WatGorp.exe -- (WatGorp) SRV - [2013/11/30 12:07:14 | 000,625,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe -- (GorillaPrice) SRV - [2013/09/23 10:31:26 | 000,224,192 | ---- | M] (360.cn) [Auto | Running] -- C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe -- (ZhuDongFangYu) SRV - [2013/06/26 14:57:38 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/11/20 13:08:32 | 000,919,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2012/06/25 01:19:50 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012/05/24 01:05:34 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc) SRV - [2012/05/15 16:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc) SRV - [2012/05/15 16:32:00 | 001,662,560 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2012/04/19 02:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService) SRV - [2012/03/27 10:02:04 | 001,104,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012/03/27 10:02:02 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2012/03/27 10:01:56 | 001,014,096 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012/03/06 17:49:18 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012/03/06 17:49:16 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012/03/06 17:49:08 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel® SRV - [2012/03/06 17:49:04 | 000,163,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2012/01/17 01:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService) SRV - [2011/01/06 23:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService) SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2) DRV:64bit: - [2013/12/21 00:41:51 | 000,223,032 | ---- | M] (Kingsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kisknl.sys -- (kisknl) DRV:64bit: - [2013/10/31 12:02:10 | 000,234,680 | ---- | M] (360.cn) [File_System | System | Running] -- C:\Windows\SysNative\drivers\360fsflt.sys -- (360FsFlt) DRV:64bit: - [2013/10/22 19:23:22 | 000,191,672 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BAPIDRV64.SYS -- (BAPIDRV) DRV:64bit: - [2013/10/14 17:25:18 | 000,305,336 | ---- | M] (360.cn) [File_System | System | Running] -- C:\Windows\SysNative\drivers\360Box64.sys -- (360Box64) DRV:64bit: - [2013/09/24 11:54:12 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd) DRV:64bit: - [2013/08/23 02:42:14 | 000,070,336 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\360AntiHacker64.sys -- (360AntiHacker) DRV:64bit: - [2013/07/11 12:43:58 | 000,040,120 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\360Camera64.sys -- (360Camera) DRV:64bit: - [2013/05/23 05:11:20 | 000,062,144 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\360netmon.sys -- (360netmon) DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/11/20 13:08:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2012/11/20 13:08:20 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2012/10/05 22:57:05 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2012/09/23 14:44:07 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/06/25 01:19:38 | 014,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012/06/20 21:46:46 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012/06/19 14:32:20 | 000,431,928 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012/06/19 14:32:20 | 000,027,448 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvIntel) DRV:64bit: - [2012/05/15 16:32:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2012/04/13 11:06:42 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012/04/13 11:06:42 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012/04/13 11:06:42 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012/04/11 02:27:04 | 000,042,280 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2012/03/28 15:16:48 | 000,216,704 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877) DRV:64bit: - [2012/03/26 18:07:06 | 000,033,344 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE) DRV:64bit: - [2012/03/08 01:59:08 | 001,602,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2012/02/20 14:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012/02/13 11:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2012/02/13 10:53:54 | 000,095,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2012/01/09 14:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012/01/09 14:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011/12/29 00:48:24 | 000,147,784 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2011/12/29 00:48:24 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2011/12/26 04:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2011/12/23 07:37:12 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/12/20 19:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011/12/20 19:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011/12/08 15:24:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/12/08 15:24:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/12/07 20:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd) DRV:64bit: - [2011/11/30 14:19:46 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio) DRV:64bit: - [2011/11/10 04:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011/10/26 21:27:52 | 000,259,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR) DRV:64bit: - [2011/08/23 07:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/05/29 05:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C) DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/09/07 13:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013/01/20 15:15:58 | 000,065,856 | ---- | M] (WinMount International Inc) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\WMDrive.sys -- (WMDrive) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://weibo.com/lordyama IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.987.com/?WY IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://weibo.com/ IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = "http://www.987.com/?WY" IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.987.com/?WY IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = "http://www.987.com/?WY" IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.987.com/?WY IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://my.snhu.edu/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=5 IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\..\SearchScopes\{41D5AD6E-9CC7-4656-8E72-2AFE0B25B4F0}: "URL" = http://search.findwide.com/serp?guid={67274129-CA04-4A98-9280-97E87D5A2107}&action=default_search&serpv=22&k={searchTerms} IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS504 IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\..\SearchScopes\{FEA1D6F5-3FC9-44B8-8020-CCCC824BBA10}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10883 IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8080 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdsetup: C:\Windows\Downloaded Program Files\5432610\npxbdsetup.dll () FF - HKLM\Software\MozillaPlugins\@iciba.com/GrabWord: C:\Program Files (x86)\Kingsoft\PowerWordDict\plugin\NPAPI\npGrabWord.dll File not found FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@kingsfot.com/npkws: c:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll (Tencent) FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll () FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll (Tencent) FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.32\Bin\npSSOAxCtrlForPTLogin.dll (Tencent) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\WMZHE\Pure Codec\Real Player\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\WMZHE\Pure Codec\Real Player\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tencent.com/npQQMailWebKit,version=1.0.0.1: C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll (Tencent) FF - HKLM\Software\MozillaPlugins\@tencent.com/nptxftnWebKit,version=1.0.0.1: C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wandoujia.com: C:\Program Files (x86)\WandouLabs\npWandoujiaHelper.dll (wandoujia.com) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@360.cn/360MMPlugin: C:\Program Files (x86)\360\360Safe\MobileMgr\np360MMPlugIn.dll (360.cn) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\LYON\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\xdict@www.iciba.com: C:\Program Files (x86)\Kingsoft\PowerWordDict\plugin\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP5X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012/09/23 15:23:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\dict@www.youdao.com: C:\Users\LYON\AppData\Local\Youdao\Dict\Application\stable\extensions\firefox [2013/12/22 14:35:16 | 000,000,000 | ---D | M] [2013/11/15 03:30:36 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ========== Chrome ========== CHR - default_search_provider: FindWide (Enabled) CHR - default_search_provider: search_url = http://search.findwide.com/serp?guid={67274129-CA04-4A98-9280-97E87D5A2107}&action=default_search&serpv=22&k={searchTerms} CHR - default_search_provider: suggest_url = , CHR - homepage: http://search.findwide.com/?guid={67274129-CA04-4A98-9280-97E87D5A2107}&serpv=22 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll CHR - plugin: TrueSuite (Enabled) = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\npwebsitelogon.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Windows Media Player\np-mswmp.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: 360MMPlugin (Enabled) = C:\Program Files (x86)\360\360safe\MobileMgr\np360MMPlugIn.dll CHR - plugin: QQ2011 (Enabled) = C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll CHR - plugin: Tencent SSO Platform (Enabled) = C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.80\Bin\npSSOAxCtrlForPTLogin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll CHR - plugin: QQMusic (Enabled) = C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll CHR - plugin: npQQPhotoDrawEx (Enabled) = C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\WMZHE\Pure Codec\Real Player\browser\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\WMZHE\Pure Codec\Real Player\browser\plugins\nprpjplug.dll CHR - plugin: Wandoujia Plugin (Enabled) = C:\Program Files (x86)\WandouLabs\npWandoujiaHelper.dll CHR - plugin: Unity Player (Enabled) = C:\Users\LYON\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Website Logon = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\ CHR - Extension: \u7F51\u9875\u622A\u56FE\uFF08\u7531Google\u63D0\u4F9B\uFF09 = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.6_0\ CHR - Extension: Ratchet & Clank Future 2 = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\ CHR - Extension: \u4F18\u9177\u6D77\u5916\u7248 = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\emmoddikhgncnaikamapbkggedoafomi\2.8_0\ CHR - Extension: \u5FEB\u6377\u5DE5\u5177\uFF08\u7531Google\u63D0\u4F9B\uFF09 = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.32_0\ CHR - Extension: Change Colors = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmkekhehjedonbhoikhhkmlapalklgn\2.144_0\ CHR - Extension: \u89C6\u9891\u4E0B\u8F7D\u5668 = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdnbhldpiapfgmcphnalacpaaociblnm\1.0_0\ CHR - Extension: Google \u7535\u5B50\u94B1\u5305 = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\ CHR - Extension: Unblock Youku = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.9.3_0\ O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (TrueSuite Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.dll (AuthenTec Inc.) O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IEHelper Class) - {000DA090-57AA-424B-A8F0-621B7C08B8F4} - C:\Program Files (x86)\WandouLabs\wandoujia_bho32.dll (Wandoulabs) O2 - BHO: (no name) - {0F4BF955-A127-41B7-A998-369904AA2578} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (TrueSuite Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.) O2 - BHO: (SafeMon Class) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files (x86)\360\360Safe\safemon\safemon.dll (360.cn) O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) O2 - BHO: (QQÏÂÔØÖúÊÖä¯ÀÀÆ÷¿Ø¼þ) - {C9C7334B-5657-41e1-8F79-F6AACECA05F4} - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\41\Browser\QQIEHelper01.dll (Tencent Technology (Shenzhen) Company Limited) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (AccountProtectBHO Class) - {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} - C:\Users\LYON\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll (Tencent) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [ATUpdatePBA.ltp] C:\Windows\SysWOW64\ATUpdatePBA.exe (AuthenTec, Inc.) O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO) O4:64bit: - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec) O4:64bit: - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.) O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (Authentec Inc.) O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo) O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [kxesc] "c:\program files (x86)\kingsoft\kingsoft antiviruskxetray.exe" -autorun File not found O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\.DEFAULT..\Run: [360sd] "C:\Program Files (x86)\360\360sd\360sdrun.exe" File not found O4 - HKU\S-1-5-18..\Run: [360sd] "C:\Program Files (x86)\360\360sd\360sdrun.exe" File not found O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1142630531-3674883881-839332835-1000..\Run: [QQ2009] C:\Program Files (x86)\Tencent\QQ\QQProtect\Bin\QQProtect.exe (Tencent) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0 O7 - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\..Trusted Domains: sharepoint.com ([snhu] https in Trusted sites) O15 - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\..Trusted Domains: sharepoint.com ([snhu-my] https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00}: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00}: NameServer = 156.154.70.25,156.154.71.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D69048E5-8712-4B0C-81A7-F0C3B66B6FD3}: NameServer = 156.154.70.25,156.154.71.25 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\osf - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:64bit: - LSA: Security Packages - (wsauth) - C:\Windows\SysNative\wsauth.dll (VMware, Inc.) O30 - LSA: Security Packages - (wsauth) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{68816246-05b7-11e2-8b8b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{68816246-05b7-11e2-8b8b-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/12/22 19:54:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\LYON\Desktop\OTL.exe [2013/12/22 19:12:45 | 000,000,000 | ---D | C] -- C:\FRST [2013/12/22 18:33:50 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Local\Tencent [2013/12/22 18:31:34 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 [2013/12/22 18:31:33 | 004,959,096 | ---- | C] (Tencent) -- C:\Windows\SysNative\qqpinyinime_backup0.ime [2013/12/22 18:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tencent [2013/12/22 18:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tencent [2013/12/22 17:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Tencent [2013/12/22 17:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013/12/22 15:10:13 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\LYON\Desktop\dds.com [2013/12/22 14:56:46 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Roaming\Malwarebytes [2013/12/22 14:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/12/22 14:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/12/22 14:56:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/12/22 14:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/12/22 14:55:11 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\LYON\Desktop\mbam-setup-1.75.0.1300.exe [2013/12/22 13:48:40 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Roaming\Maxthon3 [2013/12/22 13:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxthon [2013/12/22 13:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\傲游云浏览器 [2013/12/22 13:17:42 | 004,959,096 | ---- | C] (Tencent) -- C:\Windows\SysNative\QQPinyin_1.ime [2013/12/22 13:17:42 | 004,959,096 | ---- | C] (Tencent) -- C:\Windows\SysNative\QQPinyin.ime [2013/12/22 12:21:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013/12/22 12:04:23 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Local\VS Revo Group [2013/12/22 12:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group [2013/12/22 12:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro [2013/12/22 12:04:19 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys [2013/12/22 12:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2013/12/22 11:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/12/22 10:51:03 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Roaming\360mobilemgr [2013/12/22 10:44:37 | 000,000,000 | ---D | C] -- C:\Windows\tasks\360Disabled [2013/12/22 10:40:58 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Roaming\360safe [2013/12/22 10:40:24 | 000,039,112 | ---- | C] (360.cn) -- C:\Windows\SysNative\drivers\360LanProtect.sys [2013/12/22 10:40:16 | 000,234,680 | ---- | C] (360.cn) -- C:\Windows\SysNative\drivers\360fsflt.sys [2013/12/22 10:40:08 | 000,070,336 | ---- | C] (360.cn) -- C:\Windows\SysNative\drivers\360AntiHacker64.sys [2013/12/22 10:40:06 | 000,040,120 | ---- | C] (360.cn) -- C:\Windows\SysNative\drivers\360Camera64.sys [2013/12/22 10:40:05 | 000,305,336 | ---- | C] (360.cn) -- C:\Windows\SysNative\drivers\360Box64.sys [2013/12/22 10:40:05 | 000,000,000 | RHSD | C] -- C:\360SANDBOX [2013/12/22 10:40:00 | 000,146,872 | ---- | C] (360.cn) -- C:\Windows\SysWow64\360SoftMgr.cpl [2013/12/22 10:39:50 | 000,062,144 | ---- | C] (360.cn) -- C:\Windows\SysNative\drivers\360netmon.sys [2013/12/22 10:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全中心 [2013/12/21 14:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013/12/21 14:08:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013/12/21 14:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft [2013/12/21 14:06:54 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013/12/21 14:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server [2013/12/21 14:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013/12/21 14:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013/12/21 14:02:11 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013/12/21 12:55:24 | 000,000,000 | ---D | C] -- C:\360Downloads [2013/12/21 12:47:27 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Local\TNT2 [2013/12/21 12:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\abc [2013/12/21 01:24:32 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Roaming\Open Download Manager [2013/12/21 01:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\GorillaPrice [2013/12/21 01:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GorillaPrice [2013/12/21 00:42:10 | 000,000,000 | -HSD | C] -- C:\KRECYCLE [2013/12/21 00:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\金山毒霸 [2013/12/21 00:41:52 | 000,084,328 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksapi.sys [2013/12/21 00:41:52 | 000,019,352 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksskrpr.sys [2013/12/21 00:41:52 | 000,018,296 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kusbquery64.sys [2013/12/21 00:41:52 | 000,014,200 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kusbquery.sys [2013/12/21 00:41:51 | 000,223,032 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl64.sys [2013/12/21 00:41:51 | 000,223,032 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl.sys [2013/12/21 00:41:51 | 000,152,888 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker64.sys [2013/12/21 00:41:51 | 000,101,176 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker.sys [2013/12/21 00:41:50 | 000,031,848 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc64.sys [2013/12/21 00:41:50 | 000,027,240 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc.sys [2013/12/21 00:02:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache [2013/12/20 22:35:40 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Local\Programs [2013/12/20 22:04:48 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Local\liebao [2013/12/20 22:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Office2013激活工具 [2013/12/20 21:30:45 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Local\Microsoft Toolkit [2013/12/20 20:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2013/12/20 18:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Toolkit [2013/12/20 16:52:06 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Local\assembly [2013/12/20 16:52:03 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Local\Deployment [2013/12/20 16:52:03 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Local\Apps [2013/12/20 15:03:56 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Roaming\BaiduYunGuanjia [2013/12/20 14:47:23 | 000,000,000 | ---D | C] -- C:\Users\LYON\Documents\EViews User Objects [2013/12/20 14:47:23 | 000,000,000 | ---D | C] -- C:\Users\LYON\Documents\EViews Addins [2013/12/20 14:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EViews 8 [2013/12/20 14:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\IHS EViews [2013/12/20 14:46:37 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Roaming\InstallShield Installation Information [2013/12/20 14:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EViews 8 ========== Files - Modified Within 30 Days ========== [2013/12/22 19:58:25 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2013/12/22 19:54:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LYON\Desktop\OTL.exe [2013/12/22 18:57:27 | 001,233,962 | ---- | M] () -- C:\Users\LYON\Desktop\AdwCleaner.exe [2013/12/22 18:42:34 | 000,002,262 | ---- | M] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/12/22 18:36:02 | 000,791,022 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/12/22 18:36:02 | 000,661,088 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/12/22 18:36:02 | 000,123,840 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/12/22 18:34:25 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/12/22 18:34:25 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/12/22 18:32:34 | 000,002,261 | ---- | M] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\腾讯QQ.lnk [2013/12/22 18:29:33 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013/12/22 18:28:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/12/22 18:28:25 | 2901,901,312 | -HS- | M] () -- C:\hiberfil.sys [2013/12/22 17:47:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013/12/22 15:10:13 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\LYON\Desktop\dds.com [2013/12/22 14:56:19 | 000,001,144 | ---- | M] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2013/12/22 14:56:19 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/12/22 14:55:11 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\LYON\Desktop\mbam-setup-1.75.0.1300.exe [2013/12/22 14:20:09 | 000,001,142 | ---- | M] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk [2013/12/22 11:46:52 | 000,526,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/12/22 11:35:45 | 000,776,934 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/12/22 11:29:32 | 004,177,920 | ---- | M] () -- C:\Windows\SysNative\360rescue.img [2013/12/22 10:39:50 | 000,001,260 | ---- | M] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\360软件管家.lnk [2013/12/22 10:39:50 | 000,001,116 | ---- | M] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全卫士.lnk [2013/12/21 00:41:52 | 000,084,328 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksapi.sys [2013/12/21 00:41:52 | 000,019,352 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksskrpr.sys [2013/12/21 00:41:52 | 000,018,296 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kusbquery64.sys [2013/12/21 00:41:52 | 000,014,200 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kusbquery.sys [2013/12/21 00:41:51 | 000,223,032 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl64.sys [2013/12/21 00:41:51 | 000,223,032 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl.sys [2013/12/21 00:41:51 | 000,152,888 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker64.sys [2013/12/21 00:41:50 | 000,101,176 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker.sys [2013/12/21 00:41:50 | 000,031,848 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc64.sys [2013/12/21 00:41:50 | 000,027,240 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc.sys [2013/12/19 18:08:49 | 000,001,851 | ---- | M] () -- C:\Windows\SysWow64\cid_store.dat ========== Files Created - No Company Name ========== [2013/12/22 18:57:27 | 001,233,962 | ---- | C] () -- C:\Users\LYON\Desktop\AdwCleaner.exe [2013/12/22 14:56:19 | 000,001,144 | ---- | C] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2013/12/22 14:56:19 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/12/22 11:29:32 | 004,177,920 | ---- | C] () -- C:\Windows\SysNative\360rescue.img [2013/12/22 10:39:50 | 000,001,260 | ---- | C] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\360软件管家.lnk [2013/12/22 10:39:50 | 000,001,116 | ---- | C] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全卫士.lnk [2013/12/21 14:15:27 | 000,001,142 | ---- | C] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk [2013/06/03 14:31:00 | 000,000,182 | ---- | C] () -- C:\Windows\venple.ini [2013/04/28 12:14:11 | 000,000,000 | ---- | C] () -- C:\Windows\LiveUpdate.INI [2013/03/09 18:12:00 | 000,776,934 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/02/25 13:32:18 | 000,000,252 | ---- | C] () -- C:\Windows\KillSwitch.INI [2013/02/02 22:43:55 | 000,001,851 | ---- | C] () -- C:\Windows\SysWow64\cid_store.dat [2013/01/23 16:09:17 | 000,000,029 | ---- | C] () -- C:\Windows\AdvConfig.ini [2013/01/10 09:55:55 | 000,000,258 | RHS- | C] () -- C:\Users\LYON\ntuser.pol [2013/01/10 09:55:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/10/12 19:07:33 | 000,001,042 | ---- | C] () -- C:\Users\LYON\AppData\Roaming\coreavc.ini [2012/10/03 01:27:57 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat [2012/10/03 00:07:33 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll [2012/10/02 23:29:06 | 000,016,645 | ---- | C] () -- C:\Users\LYON\AppData\Roaming\AbsoluteReminder.xml [2012/10/02 23:28:25 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat [2012/09/23 14:55:28 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012/09/23 14:55:27 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012/09/23 14:55:25 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/09/23 14:55:23 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012/02/03 00:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/09/23 14:43:32 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/09/23 14:43:32 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/12/22 14:41:54 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\360Desktop [2013/12/17 21:13:25 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\360DiagnoseScan [2013/12/22 11:05:26 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\360Login [2013/12/22 11:17:22 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\360mobilemgr [2013/12/22 14:34:54 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\360safe [2013/03/18 09:05:04 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\360se [2013/02/11 19:06:02 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\360SuperKiller [2013/12/20 16:23:51 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\BaiduYunGuanjia [2013/01/10 20:22:48 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\CachedFiles [2013/01/09 15:46:25 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Design Science [2013/05/31 18:21:11 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Dropbox [2013/06/23 20:42:25 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\ELEX [2012/10/03 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\FileOpen [2012/10/03 02:02:15 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Foxit Software [2013/10/13 14:33:07 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Kingsoft [2012/10/02 23:32:34 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Leadertech [2012/10/02 23:34:10 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Lenovo [2013/09/21 23:24:24 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\LSC [2013/12/22 13:48:51 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Maxthon3 [2013/12/22 18:33:43 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Nitro PDF [2013/12/21 10:59:36 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Open Download Manager [2012/10/02 23:55:01 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\POTPLAYERMINI [2013/07/19 09:56:18 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\PPStream [2012/10/03 00:39:40 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\PwrMgr [2013/01/07 20:02:31 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Quantitative Micro Software [2013/12/22 18:35:30 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Tencent [2013/01/07 12:48:14 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\TuneUp Software [2013/01/20 14:23:57 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Ulead Systems [2013/06/03 19:58:25 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Vensim [2013/12/15 01:28:18 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Wandoujia2 [2012/10/16 17:27:24 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Windows Live Writer [2013/01/20 15:16:55 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\WinMount [2012/11/07 12:45:33 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Xigou [2013/01/10 21:00:43 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\YozoWeboffice [2013/01/10 21:00:52 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Yozo_Office ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013/10/18 18:53:58 | 101,890,677 | ---- | M] ()(C:\Windows\SysWow64\?熅?|) -- C:\Windows\SysWow64\쫢熅ᅌ¦ [2013/10/18 12:53:50 | 101,890,677 | ---- | C] ()(C:\Windows\SysWow64\?熅?|) -- C:\Windows\SysWow64\쫢熅ᅌ¦ [2013/10/16 09:48:19 | 101,406,750 | ---- | M] ()(C:\Windows\SysWow64\?醺??) -- C:\Windows\SysWow64\ਥ醺ᅌ [2013/10/16 09:48:19 | 101,406,750 | ---- | C] ()(C:\Windows\SysWow64\?醺??) -- C:\Windows\SysWow64\ਥ醺ᅌ [2013/10/14 15:42:49 | 100,975,419 | ---- | M] ()(C:\Windows\SysWow64\恁莝?6) -- C:\Windows\SysWow64\恁莝ᅌ6 [2013/10/14 09:43:11 | 100,975,419 | ---- | C] ()(C:\Windows\SysWow64\恁莝?6) -- C:\Windows\SysWow64\恁莝ᅌ6 [2013/10/13 20:24:58 | 100,838,141 | ---- | M] ()(C:\Windows\SysWow64\?箠?W) -- C:\Windows\SysWow64\ᖭ箠ᅌW [2013/10/13 08:25:02 | 100,838,141 | ---- | C] ()(C:\Windows\SysWow64\?箠?W) -- C:\Windows\SysWow64\ᖭ箠ᅌW < End of report >
  5. summerINlyon
    I did, i just clicked scan.
  6. summerINlyon
    Yes, i used 64, and I download a new one. But still, it keeps showing this window: ---------------------------------------- cannot find the C:\Users\LYON\Desktop\FRST.txt file. Do you want to create a new file? ----------------------------------------------- I click YES, but still, the txt is totally blank.
  7. summerINlyon
    I ran the Farbar Recovery Scan Tool , but both FRST.txt and Addition.txt are totally blank.
  8. summerINlyon
    The log from AdwCleaner # AdwCleaner v3.016 - Report created 22/12/2013 at 18:57:39 # Updated 23/12/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : LYON - NOBEL # Running from : C:\Users\LYON\Desktop\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found C:\Program Files (x86)\Common Files\Tencent Folder Found C:\Program Files (x86)\Tencent Folder Found C:\ProgramData\boost_interprocess Folder Found C:\ProgramData\Tencent Folder Found C:\Users\LYON\AppData\Local\Tencent Folder Found C:\Users\LYON\AppData\LocalLow\Tencent Folder Found C:\Users\LYON\AppData\Roaming\Tencent ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\TENCENT Key Found : [x64] HKCU\Software\TENCENT Key Found : HKLM\Software\TENCENT ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16526 -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2240 octets] - [22/12/2013 12:21:45] AdwCleaner[R1].txt - [2300 octets] - [22/12/2013 12:22:58] AdwCleaner[R2].txt - [2360 octets] - [22/12/2013 13:00:29] AdwCleaner[R3].txt - [1722 octets] - [22/12/2013 13:11:47] AdwCleaner[R4].txt - [1920 octets] - [22/12/2013 17:29:18] AdwCleaner[R5].txt - [1389 octets] - [22/12/2013 18:26:02] AdwCleaner[R6].txt - [1690 octets] - [22/12/2013 18:38:38] AdwCleaner[R7].txt - [1485 octets] - [22/12/2013 18:57:39] AdwCleaner[s0].txt - [2464 octets] - [22/12/2013 13:03:43] AdwCleaner[s1].txt - [1986 octets] - [22/12/2013 17:31:20] ########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [1665 octets] ##########
  9. summerINlyon
    Yes, i should write it clearly as: 1. I ran advcleaner, and clicked Remove Selected. 2. my computer was restarted 3. I ran malwarebyte Again, and this is the report. Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.22.05 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421LYON :: NOBEL [administrator] Protection: Disabled 12/22/13 18:18:35mbam-log-2013-12-22 (18-18-35).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 213821Time elapsed: 5 minute(s), 11 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) -------------------- I guess my computer is clean now, isn't it?
  10. summerINlyon
    1. I clicked Remove Selected, my computer was restarted. 2. I ran malwarebyte Again, and this is the report. Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.22.05 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421LYON :: NOBEL [administrator] Protection: Disabled 12/22/13 18:18:35mbam-log-2013-12-22 (18-18-35).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 213821Time elapsed: 5 minute(s), 11 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) -------------------- I guess my computer is clean now, isn't it?
  11. summerINlyon
    THE REPORT: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.22.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 LYON :: NOBEL [administrator] Protection: Enabled 12/22/13 17:53:34 MBAM-log-2013-12-22 (17-59-10).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 213946 Time elapsed: 5 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 7 HKCR\Typelib\{87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) -> No action taken. HKCR\Interface\{988934A4-064B-11D3-BB80-00104B35E7F9} (Trojan.BHO) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> No action taken. Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Data: @biocpl.dll,-1 -> No action taken. Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.FindWide) -> Bad: (http://search.findwide.com/?guid={67274129-CA04-4A98-9280-97E87D5A2107}&serpv=22) Good: (http://www.google.com) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll (Trojan.BHO) -> No action taken. (end)
  12. summerINlyon
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.22.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 LYON :: NOBEL [administrator] Protection: Enabled 12/22/13 14:57:40 MBAM-log-2013-12-22 (16-17-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 214594 Time elapsed: 9 minute(s), 25 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 9 HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> No action taken. HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> No action taken. HKCR\Typelib\{87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) -> No action taken. HKCR\Interface\{988934A4-064B-11D3-BB80-00104B35E7F9} (Trojan.BHO) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> No action taken. Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Data: @biocpl.dll,-1 -> No action taken. Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.FindWide) -> Bad: (http://search.findwide.com/?guid={67274129-CA04-4A98-9280-97E87D5A2107}&serpv=22) Good: (http://www.google.com) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll (Trojan.BHO) -> No action taken. (end)
  13. summerINlyon
    DDS: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16526 BrowserJavaVersion: 10.21.2Run by LYON at 15:10:45 on 2013-12-22Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.3690.1075 [GMT -5:00].AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\DTS.exeC:\Windows\system32\ibmpmsvc.exeC:\Windows\system32\ATService.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\WUDFHost.exeC:\Program Files (x86)\360\360Safe\deepscan\zhudongfangyu.exeC:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exeC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exeC:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files\Lenovo\Communications Utility\CAMMUTE.exeC:\Program Files\LENOVO\HOTKEY\MICMUTE.exeC:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exeC:\Program Files\LENOVO\VIRTSCRL\lvvsst.exeC:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exeC:\Windows\SysWOW64\NLSSRV32.EXEC:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXEC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Windows\SysWOW64\SAsrv.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\ProgramData\GorillaPrice\WatGorp.exeC:\Program Files\VMware\VMware View\Client\bin\wsnm.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\COMODO\COMODO Internet Security\cavwp.exeC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exeC:\Windows\system32\taskhost.exeC:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exeC:\Windows\system32\rundll32.exeC:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXEC:\Windows\system32\Dwm.exeC:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXEC:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exeC:\Windows\Explorer.EXEC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\CONEXANT\ForteConfig\fmapp.exeC:\Windows\System32\TpShocks.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Program Files (x86)\Tencent\QQPinyin\4.2.1073.400\QQPYTrayBar.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\GorillaPrice\GorillaPrice.exeC:\Program Files\COMODO\COMODO Internet Security\cistray.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exeC:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exeC:\Program Files (x86)\360\360Safe\safemon\360tray.exeC:\Windows\system32\igfxext.exeC:\Windows\system32\igfxsrvc.exeC:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exeC:\Program Files\COMODO\COMODO Internet Security\cis.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXEC:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exeC:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exeC:\Program Files (x86)\Maxthon\Bin\Maxthon.exeC:\Program Files (x86)\Maxthon\Bin\Maxthon.exeC:\Program Files (x86)\Maxthon\Bin\Maxthon.exeC:\Program Files (x86)\Maxthon\Bin\Maxthon.exeC:\Program Files (x86)\Maxthon\Bin\Maxthon.exeC:\Program Files (x86)\Tencent\QQ\QQProtect\Bin\QQProtect.exeC:\Program Files (x86)\Tencent\QQ\bin\QQ.exeC:\Program Files (x86)\Tencent\QQ\Bin\TXPlatform.exeC:\Program Files (x86)\Maxthon\Bin\Maxthon.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\notepad.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyServer = hxxp=127.0.0.1:8080mWinlogon: Userinit = userinit.exeBHO: IEHelper Class: {000DA090-57AA-424B-A8F0-621B7C08B8F4} - C:\Program Files (x86)\WandouLabs \wandoujia_bho32.dllBHO: {0F4BF955-A127-41B7-A998-369904AA2578} - <orphaned>BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java \jre7\bin\ssv.dllBHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dllBHO: SafeMon Class: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files (x86)\360\360Safe\safemon \safemon.dllBHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java \jre7\bin\jp2ssv.dllBHO: AccountProtectBHO Class: {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} - C:\Users\LYON\AppData\Roaming \Tencent\QQ\QQAntiPhishing\AccountProtect.dlluRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [YodaoDict] "C:\Users\LYON\AppData\Local\Youdao\Dict\Application\YodaoDict.exe" -hide -autostartmRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application \iusb3mon.exe"mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostartmRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitormRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exemRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437- FD0C-4A48-B101-F0314A6172E4mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentdRun: [360sd] "C:\Program Files (x86)\360\360sd\360sdrun.exe"uPolicies-Explorer: NoDriveTypeAutoRun = dword:221uPolicies-Explorer: NoSimpleStartMenu = dword:0uPolicies-Explorer: DisallowCpl = dword:0mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0mPolicies-System: DisableCAD = dword:1mPolicies-Windows\System: EnableSmartScreen = dword:0IE: Download all with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlall.htmIE: Download selected with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager \dlselected.htmIE: Download video with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htmIE: Download with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dllink.htmIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllIE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllTCP: NameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00} : NameServer = 156.154.70.25,156.154.71.25TCP: Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00} : DHCPNameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00}\35E48455D235 : NameServer = 156.154.70.25,156.154.71.25TCP: Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00}\35E48455D235 : DHCPNameServer = 172.16.132.29 172.16.225.25 172.16.123.25TCP: Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00}\37A6A7 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00}\876696E696479777966696 : NameServer = 156.154.70.25,156.154.71.25TCP: Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00}\876696E696479777966696 : DHCPNameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00}\C4947373 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{D69048E5-8712-4B0C-81A7-F0C3B66B6FD3} : NameServer = 156.154.70.25,156.154.71.25SSODL: WebCheck - <orphaned>LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dllLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u wsauthmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application \30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java \jre7\bin\ssv.dllx64-BHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.dllx64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java \jre7\bin\jp2ssv.dllx64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exex64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /tx64-Run: [TpShocks] TpShocks.exex64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startupx64-Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \sx64-Run: [FingerPrintSoftwareSplashScreen] "C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe" \sx64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exex64-Run: [ATUpdatePBA.ltp] C:\Windows\SysWOW64\ATUpdatePBA.exex64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>x64-Notify: ATFUS - <no file>x64-Notify: igfxcui - igfxdev.dllx64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-23 19224]R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-29 25416]R1 360AntiHacker;360Safe Anti Hacker Service;C:\Windows\System32\drivers\360AntiHacker64.sys [2013-12-22 70336]R1 360Box64;360Box mini-filter driver;C:\Windows\System32\drivers\360Box64.sys [2013-12-22 305336]R1 360Camera;360Safe Camera Filter Service;C:\Windows\System32\drivers\360Camera64.sys [2013-12-22 40120]R1 360FsFlt;360FsFlt mini-filter driver;C:\Windows\System32\drivers\360fsflt.sys [2013-12-22 234680]R1 360netmon;360netmon;C:\Windows\System32\drivers\360netmon.sys [2013-12-22 62144]R1 BAPIDRV;BAPIDRV;C:\Windows\System32\drivers\BAPIDRV64.SYS [2013-11-4 191672]R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-9-24 23168]R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-9-24 709144]R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-9-24 48872]R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2012-10-15 15472]R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344]R2 kisknl;kisknl;C:\Windows\System32\drivers\kisknl.sys [2013-12-21 223032]R3 5U877;5U877;C:\Windows\System32\drivers\5U877.sys [2012-9-23 216704]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-9-23 331264]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-9-23 356632]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-9-23 789272]R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-12-20 25496]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-22 25928]R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-9-23 259688]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-9-23 565352]R3 SmbDrvIntel;SmbDrvIntel;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-9-23 27448]R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-7 40248]R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\System32\drivers\tvtvcamd.sys [2012-9-23 27432]S3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2011-11-30 51712]S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-2-13 95232]S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-2-13 747008]S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2012-10-5 33736]S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-12-20 34200]S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-12-22 31800]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784].=============== File Associations ===============..=============== Created Last 30 ================.2013-12-22 19:56:46 -------- d-----w- C:\Users\LYON\AppData\Roaming\Malwarebytes2013-12-22 19:56:19 -------- d-----w- C:\ProgramData\Malwarebytes2013-12-22 19:56:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-12-22 19:56:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-12-22 18:48:40 -------- d-----w- C:\Users\LYON\AppData\Roaming\Maxthon32013-12-22 18:48:37 -------- d-----w- C:\Program Files (x86)\Maxthon2013-12-22 18:19:47 -------- d-----w- C:\Users\LYON\AppData\Local\Tencent2013-12-22 18:17:42 4959096 ----a-w- C:\Windows\System32\QQPinyin.ime2013-12-22 18:08:21 -------- d-----w- C:\ProgramData\boost_interprocess2013-12-22 18:08:00 -------- d-----w- C:\ProgramData\Tencent2013-12-22 17:21:40 -------- d-----w- C:\AdwCleaner2013-12-22 17:04:23 -------- d-----w- C:\Users\LYON\AppData\Local\VS Revo Group2013-12-22 17:04:20 -------- d-----w- C:\ProgramData\VS Revo Group2013-12-22 17:04:19 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys2013-12-22 17:04:19 -------- d-----w- C:\Program Files\VS Revo Group2013-12-22 16:32:03 3155968 ----a-w- C:\Windows\System32\win32k.sys2013-12-22 16:30:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2013-12-22 16:29:49 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-12-22 16:29:49 830464 ----a-w- C:\Windows\System32\nshwfp.dll2013-12-22 16:29:49 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll2013-12-22 16:29:49 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2013-12-22 16:29:49 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2013-12-22 15:51:03 -------- d-----w- C:\Users\LYON\AppData\Roaming\360mobilemgr2013-12-22 15:40:58 -------- d-----w- C:\Users\LYON\AppData\Roaming\360safe2013-12-22 15:40:24 39112 ----a-w- C:\Windows\System32\drivers\360LanProtect.sys2013-12-22 15:40:16 234680 ----a-w- C:\Windows\System32\drivers\360fsflt.sys2013-12-22 15:40:08 70336 ----a-w- C:\Windows\System32\drivers\360AntiHacker64.sys2013-12-22 15:40:06 40120 ----a-w- C:\Windows\System32\drivers\360Camera64.sys2013-12-22 15:40:05 305336 ----a-w- C:\Windows\System32\drivers\360Box64.sys2013-12-22 15:40:05 -------- d-sh--r- C:\360SANDBOX2013-12-22 15:40:00 146872 ----a-w- C:\Windows\SysWow64\360SoftMgr.cpl2013-12-22 15:39:50 62144 ----a-w- C:\Windows\System32\drivers\360netmon.sys2013-12-21 19:06:54 -------- d-----w- C:\Windows\PCHEALTH2013-12-21 19:06:54 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server2013-12-21 19:04:48 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services2013-12-21 17:55:24 -------- d-----w- C:\360Downloads2013-12-21 17:47:27 -------- d-----w- C:\Users\LYON\AppData\Local\TNT22013-12-21 06:24:32 -------- d-----w- C:\Users\LYON\AppData\Roaming\Open Download Manager2013-12-21 06:23:43 -------- d-----w- C:\ProgramData\GorillaPrice2013-12-21 06:23:42 -------- d-----w- C:\Program Files (x86)\GorillaPrice2013-12-21 05:42:10 -------- d-sh--w- C:\KRECYCLE2013-12-21 05:41:52 84328 ----a-w- C:\Windows\System32\drivers\ksapi.sys2013-12-21 05:41:52 19352 ----a-w- C:\Windows\System32\drivers\ksskrpr.sys2013-12-21 05:41:52 18296 ----a-w- C:\Windows\System32\drivers\kusbquery64.sys2013-12-21 05:41:52 14200 ----a-w- C:\Windows\System32\drivers\kusbquery.sys2013-12-21 05:41:51 223032 ----a-w- C:\Windows\System32\drivers\kisknl64.sys2013-12-21 05:41:51 223032 ----a-w- C:\Windows\System32\drivers\kisknl.sys2013-12-21 05:41:51 152888 ----a-w- C:\Windows\System32\drivers\kdhacker64.sys2013-12-21 05:41:51 101176 ----a-w- C:\Windows\System32\drivers\kdhacker.sys2013-12-21 05:41:50 31848 ----a-w- C:\Windows\System32\drivers\kavbootc64.sys2013-12-21 05:41:50 27240 ----a-w- C:\Windows\System32\drivers\kavbootc.sys2013-12-21 05:02:12 -------- d-----w- C:\Program Files (x86)\MSECache2013-12-21 03:35:40 -------- d-----w- C:\Users\LYON\AppData\Local\Programs2013-12-21 03:04:48 -------- d-----w- C:\Users\LYON\AppData\Local\liebao2013-12-20 21:52:06 -------- d-----w- C:\Users\LYON\AppData\Local\assembly2013-12-20 21:52:03 -------- d-----w- C:\Users\LYON\AppData\Local\Deployment2013-12-20 21:52:03 -------- d-----w- C:\Users\LYON\AppData\Local\Apps2013-12-20 20:03:56 -------- d-----w- C:\Users\LYON\AppData\Roaming\BaiduYunGuanjia.==================== Find3M ====================.2013-12-22 19:34:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-22 19:34:26 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-11-15 01:37:29 2334720 ----a-w- C:\Windows\System32\jscript9.dll2013-11-15 01:29:03 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-11-15 01:28:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-11-15 01:22:21 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-11-15 01:20:47 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-11-15 01:18:03 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-11-14 22:50:50 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-11-14 22:42:41 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-11-14 22:42:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-11-14 22:38:54 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-11-14 22:38:16 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-11-14 22:35:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-11-14 11:38:18 709144 ----a-w- C:\Windows\System32\drivers\cmdguard.sys2013-11-14 11:38:02 43216 ----a-w- C:\Windows\System32\cmdcsr.dll2013-10-23 00:23:22 191672 ----a-w- C:\Windows\System32\drivers\BAPIDRV64.SYS2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe2013-09-24 16:54:12 48872 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys2013-09-24 16:54:12 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys2013-09-24 16:53:52 444392 ----a-w- C:\Windows\System32\guard64.dll2013-09-24 16:53:52 354240 ----a-w- C:\Windows\SysWow64\guard32.dll2013-09-24 16:53:42 347864 ----a-w- C:\Windows\System32\cmdvrt64.dll2013-09-24 16:53:40 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll2013-09-24 16:53:36 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll2013-09-24 16:53:36 280792 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll.============= FINISH: 15:12:59.60 =============== ATTACH .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 10/3/12 00:28:04System Uptime: 12/22/13 13:39:52 (2 hours ago).Motherboard: LENOVO | | 3254CTOProcessor: Intel® Core i5-3320M CPU @ 2.60GHz | CPU Socket - U3E1 | 1196/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 464 GiB total, 13.165 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: KDHackerDevice ID: ROOT\LEGACY_KDHACKER\0000Manufacturer: Name: KDHackerPNP Device ID: ROOT\LEGACY_KDHACKER\0000Service: KDHacker.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: EncryptedDiskDevice ID: ROOT\LEGACY_ENCRYPTEDDISK\0000Manufacturer: Name: EncryptedDiskPNP Device ID: ROOT\LEGACY_ENCRYPTEDDISK\0000Service: EncryptedDisk.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.3607-Zip 9.30 (x64 edition)Absolute ReminderAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.05)Apple Application SupportApple Mobile Device SupportApple Software UpdateBonjourBurn.Now 4.5Classical Poetry Library 2009 Build 2009.09.22COMODO Internet Security PremiumConexant HD AudioCorel Burn.Now Lenovo EditionCorel DVD MovieFactory 7Corel DVD MovieFactory Lenovo EditionCreate Recovery MediaDirect DiscRecorderDropboxFingerprint ReaderGoogle ChromeGoogle Update HelperIntegrated Camera Driver Installer Package Ver.1.2.1.18Intel AppUp(SM) centerIntel® Control CenterIntel® Manageability Engine Firmware Recovery AgentIntel® Management Engine ComponentsIntel® OpenCL CPU RuntimeIntel® Processor GraphicsIntel® PROSet/Wireless for Bluetooth® + High SpeedIntel® PROSet/Wireless Software for Bluetooth® TechnologyIntel® USB 3.0 eXtensible Host Controller DriverIntel® WiDiIntel® Wireless DisplayIntel? PROSet/Wireless WiFi SoftwareIntel? Trusted Connect Service ClientiTunesJava 7 Update 15 (64-bit)Java 7 Update 21Java Auto UpdaterLenovo Auto Scroll UtilityLenovo Fingerprint SoftwareLenovo Patch UtilityLenovo Patch Utility 64 bitLenovo RegistrationLenovo SimpleTapLenovo Solution CenterLenovo System UpdateLenovo User GuideLenovo Warranty InformationLenovo WelcomeMalwarebytes Anti-Malware version 1.75.0.1300Message Center PlusMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Access MUI (English) 2013Microsoft Access Setup Metadata MUI (English) 2013Microsoft DCF MUI (English) 2013Microsoft Excel MUI (English) 2013Microsoft Groove MUI (English) 2013Microsoft InfoPath MUI (English) 2013Microsoft Lync MUI (English) 2013Microsoft Office 64-bit Components 2013Microsoft Office OSM MUI (English) 2013Microsoft Office OSM UX MUI (English) 2013Microsoft Office Professional Plus 2013Microsoft Office Proofing (English) 2013Microsoft Office Proofing Tools 2013 - EnglishMicrosoft Office Proofing Tools 2013 - Espa?olMicrosoft Office Shared 64-bit MUI (English) 2013Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013Microsoft Office Shared MUI (English) 2013Microsoft Office Shared Setup Metadata MUI (English) 2013Microsoft OneNote MUI (English) 2013Microsoft Outlook MUI (English) 2013Microsoft PowerPoint MUI (English) 2013Microsoft Publisher MUI (English) 2013Microsoft SilverlightMicrosoft SkyDriveMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual Studio 2010 Tools for Office Runtime (x64)Microsoft Word MUI (English) 2013MSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)Nitro Pro 7On Screen DisplayPower ManagerQQRapidBoot HDD AcceleratorRapidBoot ShieldRealtek Ethernet Controller DriverRealtek PCIE Card ReaderSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2894842)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2894842)Security Update for Microsoft Excel 2013 (KB2827238) 32-Bit EditionSecurity Update for Microsoft Lync 2013 (KB2850057) 32-Bit EditionSecurity Update for Microsoft Office 2013 (KB2768005) 32-Bit EditionSecurity Update for Microsoft Office 2013 (KB2810009) 32-Bit EditionSecurity Update for Microsoft Office 2013 (KB2817623) 32-Bit EditionSecurity Update for Microsoft Office 2013 (KB2850064) 32-Bit EditionSecurity Update for Microsoft Outlook 2013 (KB2837618) 32-Bit EditionSimpChinese Speech PackageTencent QQMail PluginThinkPad UltraNav DriverThinkVantage Active Protection SystemThinkVantage Communications UtilityThinkVantage Fingerprint SoftwareUnity Web PlayerUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)VC80CRTRedist - 8.0.50727.4053Vensim PLEVIP AccessVisual Studio 2010 x64 RedistributablesVMware View ClientWindows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2010 8.6.0.29)Windows Driver Package - Intel (iaStor) hdc (11/29/2011 11.0.0.1032)Windows Driver Package - Lenovo 1.65.05.21 (01/11/2012 1.65.05.21)WinMount V3.4.1020.==== Event Viewer Messages From Past Week ========.12/22/13 13:40:48, Error: Service Control Manager [7034] - The Wireless PAN DHCP Server service terminated unexpectedly. It has done this 1 time(s).12/22/13 13:40:47, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: EncryptedDisk KDHacker WMDrive12/22/13 13:40:24, Error: Service Control Manager [7000] - The Conexant Audio Message Service service failed to start due to the following error: The system cannot find the path specified.12/22/13 13:40:22, Error: Service Control Manager [7000] - The Kingsoft Core Service service failed to start due to the following error: The system cannot find the file specified.12/22/13 13:40:18, Error: Service Control Manager [7000] - The SMI Helper Driver (smihlp2) service failed to start due to the following error: The system cannot find the file specified.12/22/13 13:39:56, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\WMDrive.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.12/22/13 13:38:31, Error: Service Control Manager [7016] - The Data Transfer Service service has reported an invalid current state 0.12/21/13 13:47:25, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Installer service, but this action failed with the following error: An instance of the service is already running.12/21/13 13:45:25, Error: Service Control Manager [7031] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.12/21/13 00:54:25, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: EncryptedDisk WMDrive12/21/13 00:52:35, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FastbootService service.12/21/13 00:52:16, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ZeroConfigService service.12/20/13 22:47:29, Error: Service Control Manager [7000] - The WMDrive service failed to start due to the following error: This driver has been blocked from loading12/16/13 13:45:12, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LENOVO.TPKNRSVC service..==== End Of File =========================== THANK YOU FOR HELP
  14. summerINlyon
    I’ve been infected by Gorilla Price. I have deleted and uninstalled it several times, but some websites/windows still keep jumping up every day! Please help me! Thank you!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.