Not sure if im infected

Wendeng · August 10, 2013

I dont know if im infected because last month i got hacked on my amazon but i used malwarebytes and removed the virus, but this month i got hacked on facebook so i dont know if i still have virus or not

Wendeng · August 10, 2013

I have 2 computers btw not sure which one has the virus

Maniac · August 10, 2013

Hello Wendeng! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

We working with one single PC. For another one, you should start a new thread. Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Wendeng · August 10, 2013

ok here they are

dds.txt

attach.txt

Wendeng · August 10, 2013

help?

Wendeng · August 10, 2013

ok here they are

i close everything for this one

dds.txt

attach.txt

Wendeng · August 10, 2013

~my other computer~

I dont know if im infected because last month i got hacked on my amazon but i used malwarebytes and removed the virus, but this month i got hacked on facebook so i dont know if i still have virus or not

dds.txt

attach.txt

Wendeng · August 11, 2013

Help please

Maniac · August 11, 2013

Please do not bump your thread. As soon as I'm here, I will answer.

Why did you post two log files? Please generate a new fresh DDS log files from one of the PC you want and do not post anything else.

Wendeng · August 11, 2013

Bump

Wendeng · August 11, 2013

no one want to help me :c ?

Wendeng · August 11, 2013

care to help anyone please

Wendeng · August 11, 2013

why no one helps me whyyy :c

Maniac · August 12, 2013

I already answer you:

http://forums.malwarebytes.org/index.php?showtopic=130749&p=713594

Please read more carefully.

Wendeng · August 12, 2013

Sorry i didnt see your posts

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16635

Run by ad at 8:32:35 on 2013-08-12

Microsoft Windows 7 Home Premium 6.1.7601.1.936.86.1033.18.8191.6748 [GMT -7:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Windows\SysWOW64\svchost.exe -k PPTVServiceGroup

C:\Program Files (x86)\AntiLogger\AntiLogger.exe

C:\Windows\system32\taskeng.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: BrowserHelper: {4BF2CB0E-658A-442B-AC83-A64EC2150BFC} - C:\ProgramData\PPBrowserHelper\BHO\TipsBHO.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll

BHO: ArcPluginIEBHO Class: {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll

BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll

BHO: QvodExtend: {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.94.0\QvodExtend.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\ad\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll

BHO: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [PPAP] "C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe" -background

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

mRun: [AntiLogger] "C:\Program Files (x86)\AntiLogger\AntiLogger.exe" /minimized

mRun: [QvodTerminal] "C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe" -autorun

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: 使用快播按图找片 - C:\Program Files (x86)\QvodPlayer\AddIn\ImgSeed.htm

IE: 使用快车3下载 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm

IE: 使用快车3下载全部视频 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm

IE: 使用快车3下载全部链接 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm

IE: 使用快车3下载当前视频 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm

IE: {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe

LSP: C:\Program Files (x86)\YouKu\YoukuClient\ikutm.dll

TCP: NameServer = 10.0.0.1

TCP: Interfaces\{3ADA6396-90C4-4F7F-BC98-53959E5C57A3} : DHCPNameServer = 10.0.0.1

TCP: Interfaces\{3ADA6396-90C4-4F7F-BC98-53959E5C57A3}\2375942554132363 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{56E0C141-5EED-4209-AF3A-68EC17F9BD5D} : DHCPNameServer = 192.168.1.254

Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\KGMusic\KuGoo3DownXControl.ocx

Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\KGMusic\KuGoo3DownXControl.ocx

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll

SSODL: WebCheck - <orphaned>

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: QvodExtend: {A8502600-B272-4F68-A67B-A0305D46D298} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.94.0\QvodExtend_x64.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - <orphaned>

x64-Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-6-8 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-6-8 1139800]

R1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2013-8-6 49240]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-27 45856]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-16 1393240]

R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-6-8 169048]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130809.001\IDSviA64.sys [2013-8-9 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-6-8 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-6-8 433752]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-10 418376]

R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe [2013-6-8 144368]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]

R2 PPTVService;PPTVService;C:\Windows\System32\svchost.exe -k PPTVServiceGroup [2009-7-13 27136]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-7-26 4153184]

R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [2013-7-29 1616048]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-1-9 138912]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-10 25928]

R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-10 701512]

S3 ArcService;Arc Service;C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [2013-7-18 88424]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-7 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-6 1255736]

.

=============== Created Last 30 ================

.

2013-08-08 00:51:31 -------- d-----w- C:\Media

2013-08-08 00:47:13 -------- d-s---w- C:\KuaiwanGames

2013-08-08 00:42:07 -------- d-----w- C:\ProgramData\KuaiWan

2013-08-08 00:42:07 -------- d-----w- C:\Program Files (x86)\Kuaiwan

2013-08-08 00:42:06 -------- d-----w- C:\Program Files (x86)\QMovie

2013-08-08 00:42:03 -------- d-----w- C:\ProgramData\QvodPlayer

2013-08-08 00:42:03 -------- d-----w- C:\Program Files (x86)\QvodPlayer

2013-08-06 15:59:01 49240 ----a-w- C:\Windows\System32\drivers\AntiLog64.sys

2013-08-06 15:59:00 -------- dc-h--w- C:\ProgramData\{33CC04A6-7C06-4D73-B22D-D63FE2603F84}

2013-07-26 17:56:47 -------- d-----w- C:\Users\ad\AppData\Roaming\TeamViewer

2013-07-26 17:24:49 -------- d-----w- C:\Program Files (x86)\TeamViewer

2013-07-22 22:20:51 -------- d-----w- C:\Users\ad\AppData\Roaming\NVIDIA

2013-07-22 18:07:37 -------- d--h--w- C:\ArcTemp

2013-07-22 18:04:49 -------- d-----w- C:\Users\ad\AppData\Roaming\Arc

2013-07-22 18:04:26 -------- d-----w- C:\Program Files (x86)\Perfect World Entertainment

2013-07-19 16:54:52 -------- d-----w- C:\Program Files (x86)\AhnLab

2013-07-19 16:52:47 -------- d-----w- C:\Users\ad\AppData\Local\LucidMS

2013-07-19 16:27:21 -------- d-----w- C:\Program Files (x86)\NEXON

2013-07-19 14:40:50 -------- d-----w- C:\Users\ad\AppData\Roaming\RIFT

2013-07-19 14:40:49 -------- d-----w- C:\Program Files (x86)\RIFT

2013-07-16 20:37:00 -------- d-----w- C:\Program Files\Paint.NET

2013-07-16 20:36:41 -------- d-----w- C:\Users\ad\AppData\Local\Paint.NET

2013-07-14 15:12:55 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.3

2013-07-14 14:31:51 -------- d-----w- C:\Users\ad\AppData\Local\Adobe

2013-07-14 02:30:50 -------- d-----w- C:\Windows\System32\MRT

.

==================== Find3M ====================

.

2013-07-29 21:48:58 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2013-06-18 05:37:08 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2013-06-18 03:03:28 478032 ----a-w- C:\Windows\SysWow64\PPTVSvc.dll

2013-06-18 03:03:28 399816 ----a-w- C:\Windows\SysWow64\PPTVLauncher.exe

2013-06-18 03:03:28 399816 ----a-w- C:\Windows\System32\PPTVLauncher.exe

2013-06-18 03:03:08 2584912 ----a-w- C:\Windows\System32\kindling.dll

2013-06-18 03:03:02 2307408 ----a-w- C:\Windows\SysWow64\kindling.dll

2013-06-12 21:39:37 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-12 21:39:37 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2013-06-04 01:25:39 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-05-23 05:25:28 1139800 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys

2013-05-21 05:02:00 493656 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys

2013-05-16 05:02:14 796760 ----a-w- C:\Windows\System32\drivers\N360x64\1404000.028\srtsp64.sys

.

============= FINISH: 8:32:59.05 ===============

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 1/6/2013 6:56:51 PM

System Uptime: 8/12/2013 8:21:55 AM (0 hours ago)

.

Motherboard: PEGATRON CORPORATION | | Benicia

Processor: Intel® Core2 Quad CPU Q9300 @ 2.50GHz | CPU 1 | 2500/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 836.864 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP31: 7/10/2013 3:54:57 PM - Windows Update

RP32: 7/11/2013 1:03:42 AM - Windows Update

RP33: 7/13/2013 7:30:32 PM - Windows Update

RP35: 7/16/2013 1:36:43 PM - Paint.NET v3.5.10

RP36: 7/22/2013 11:04:11 AM - Installed Arc

RP37: 7/22/2013 11:59:01 AM - Installed DirectX

RP38: 7/22/2013 11:59:58 AM - Installed DirectX

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

7-Zip 9.30 alpha

Adobe Flash Player 11 ActiveX

Advertising Center

AntiLogger

Arc

Ask Toolbar

AVG SafeGuard toolbar

BaiduPlayer1.19.0.78

Cheat Engine 6.3

Combat Arms

Europe MapleStory

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

League of Legends

LightScribe System Software

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 12

Nero 9 Lite

Nero Audio Pack 1

Nero BackItUp

Nero BackItUp Help (CHM)

Nero Blu-ray Player

Nero Blu-ray Player Help (CHM)

Nero Burning ROM

Nero Burning ROM Help (CHM)

Nero ControlCenter

Nero ControlCenter Help (CHM)

Nero Core Components

Nero Disc Menus Basic

Nero Effects Basic

Nero Express

Nero Express Help (CHM)

Nero Installer

Nero Kwik Media

Nero Kwik Media Help (CHM)

Nero Kwik Themes Basic

Nero Online Upgrade

Nero PiP Effects Basic

Nero Recode

Nero Recode Help (CHM)

Nero RescueAgent

Nero RescueAgent Help (CHM)

Nero SharedVideoCodecs

Nero StartSmart

Nero Toolbar Updater

Nero Update

Nero Video

Nero Video Help (CHM)

neroxml

Nexon Game Manager

Norton 360

NVIDIA 3D Vision Controller Driver 314.07

NVIDIA 3D Vision Driver 314.07

NVIDIA Control Panel 314.07

NVIDIA Graphics Driver 314.07

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.12.12

NVIDIA Update Components

Paint.NET v3.5.10

PPTV V3.3.6.0027

Prerequisite installer

RIFT

ROBLOX Player for ad

ROBLOX Studio 2013 for ad

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

TeamViewer 8

Welcome App (Start-up experience)

WinRAR 4.20 (64 位)

优酷客户端

影视搜索

快播 5.14.142

快车(FlashGet)3.7 正式版

酷狗音乐2012

.

==== Event Viewer Messages From Past Week ========

.

8/12/2013 8:24:35 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

8/12/2013 8:24:35 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

8/11/2013 11:05:13 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.0.0.4 with the system having network hardware address AC-86-7E-03-F7-8D. Network operations on this system may be disrupted as a result.

.

==== End Of File ===========================

Maniac · August 12, 2013

Did you have the same password for Amazon and Facebook?

Step 1

Please uninstall the following applications:

Ask Toolbar

AVG SafeGuard toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.

Step 3

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[s1].txt as well.

Step 4

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 5

Download on the desktop RogueKillerQuit all programsStart RogueKiller.exeWait until Prescan has finished ...Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

Junkware Removal Tool log
AdwCleaner log
Malwarebytes' Anti-Malware log
RogueKiller log

Wendeng · August 12, 2013

1.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.4.4 (08.12.2013:1)

OS: Windows 7 Home Premium x64

Ran by ad on 08/12/2013 Mon at 15:42:26.95

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-928765255-3382952000-2108925264-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{16C8C46E-C811-4977-BF0A-B5CC1FA78D95}

~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\BAIDUPLAYER.EXE-2016EFEA.pf

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"

Successfully deleted: [Folder] "C:\Users\ad\AppData\Roaming\baidu"

Successfully deleted: [Folder] "C:\Users\ad\appdata\locallow\baidu"

Successfully deleted: [Folder] "C:\Program Files (x86)\baidu"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 08/12/2013 Mon at 15:47:45.88

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2.# AdwCleaner v2.306 - Logfile created 08/12/2013 at 15:51:44

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : ad - AD-PC

# Boot Mode : Normal

# Running from : C:\Users\ad\Downloads\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\ad\AppData\Local\Temp\Uninstall.exe

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116BA71C-8187-4F15-9A1F-C9D6289155D1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{116BA71C-8187-4F15-9A1F-C9D6289155D1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2974C985-8151-4DE5-B23C-B875F0A8522F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\ad\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [1547 octets] - [12/08/2013 15:51:44]

########## EOF - C:\AdwCleaner[s1].txt - [1607 octets] ##########

3.Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.08.12.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

ad :: AD-PC [administrator]

Protection: Disabled

8/12/2013 3:56:14 PM

mbam-log-2013-08-12 (15-56-14).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 240069

Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

4. RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : ad [Admin rights]

Mode : Scan -- Date : 08/12/2013 16:05:10

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST1000DM003-9YN162 ATA Device +++++

--- User ---

[MBR] a606eba581aae0a2e4de2ca141c8c055

[bSP] 4796f4c97ed669329a01e8e357e2a93b : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2052 | Size: 99 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 205200 | Size: 953768 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_S_08122013_160510.txt >>

Maniac · August 13, 2013

What about my question?

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

Once you've read the article and are ready to use the program you can download it directly from the link below.
Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Direct download link for: ComboFix.exe
Please make sure you disable your security applications before running ComboFix.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
Please copy/paste the contents or attach that log file to your next reply.
If needed the file can be located here: C:\combofix.txt
NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Wendeng · August 13, 2013

no my password were not the same

Maniac · August 13, 2013

Okay, thanks. Please proceed with ComboFix.

Wendeng · August 13, 2013

Why i need run combofix, im scared my computer gonna mess up since i have badluck

Maniac · August 13, 2013

Because your problem seems to be more deep. If you want alternative:

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Wendeng · August 13, 2013

could you guide me thorough combofix with teamviewer?

Wendeng · August 13, 2013

okay ill use OTL

Wendeng · August 13, 2013

OTL logfile created on: 8/13/2013 10:31:56 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ad\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16635)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.57 Gb Available Physical Memory | 82.14% Memory free

16.00 Gb Paging File | 14.54 Gb Available in Paging File | 90.91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 836.59 Gb Free Space | 89.82% Space Free | Partition Type: NTFS

Computer Name: AD-PC | User Name: ad | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/13 10:30:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ad\Desktop\OTL.exe

PRC - [2013/07/22 08:35:19 | 017,289,640 | ---- | M] (Zemana Ltd.) -- C:\Program Files (x86)\AntiLogger\AntiLogger.exe

PRC - [2013/07/08 04:09:10 | 004,153,184 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

PRC - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/02/09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\wincfi39.dll

MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/08/08 19:20:22 | 000,478,032 | ---- | M] (PPTV) [Auto | Running] -- C:\Windows\SysWOW64\PPTVSvc.dll -- (PPTVService)

SRV - [2013/07/18 17:50:50 | 000,088,424 | ---- | M] (Perfect World Entertainment Inc) [On_Demand | Stopped] -- C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe -- (ArcService)

SRV - [2013/07/08 04:09:10 | 004,153,184 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

SRV - [2013/06/12 14:39:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/02/09 20:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2013/02/09 19:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/06 08:59:01 | 000,049,240 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32)

DRV:64bit: - [2013/06/17 22:37:08 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2013/05/22 22:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys -- (SymEFA)

DRV:64bit: - [2013/05/20 22:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys -- (SymDS)

DRV:64bit: - [2013/05/15 22:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2013/04/24 17:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys -- (SymNetS)

DRV:64bit: - [2013/04/15 19:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys -- (ccSet_N360)

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/03/04 18:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys -- (SymIRON)

DRV:64bit: - [2013/03/04 18:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 06:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/06/10 13:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2013/05/31 09:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2013/05/21 23:49:13 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130813.002\ex64.sys -- (NAVEX15)

DRV - [2013/05/21 23:49:13 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130813.002\eng64.sys -- (NAVENG)

DRV - [2013/01/08 20:40:38 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130810.001\IDSviA64.sys -- (IDSVia64)

DRV - [2013/01/07 02:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2013/01/07 02:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-928765255-3382952000-2108925264-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-928765255-3382952000-2108925264-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-928765255-3382952000-2108925264-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-928765255-3382952000-2108925264-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 5B A3 79 85 EC CD 01 [binary data]

IE - HKU\S-1-5-21-928765255-3382952000-2108925264-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-928765255-3382952000-2108925264-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-928765255-3382952000-2108925264-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll (Shenzhen QVOD Technology Co.,Ltd)

FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdsetup: C:\Windows\Downloaded Program Files\358958\npxbdsetup.dll ()

FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: C:\Program Files (x86)\Baidu\BaiduPlayer\1.19.0.159\npxbdyy.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)

FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.4576\npplugin2.dll (PPLive Corporation)

FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)

FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\ad\AppData\Local\Roblox\Versions\version-5fd8234dbfe247fe\\NPRobloxProxy.dll ()

FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013/08/13 09:06:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2013/01/07 22:50:51 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll

CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL

CHR - plugin: BaiduPlayer Browser Plugin (Enabled) = C:\Program Files (x86)\Baidu\BaiduPlayer\1.19.0.78\npxbdyy.dll

CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\\npsitesafety.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: PPLive PPTV Plugin (Enabled) = C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.3471\npplugin2.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: BaiduSetUp Plugin (Enabled) = C:\Windows\Downloaded Program Files\3851789\npxbdsetup.dll

CHR - Extension: YouTube = C:\Users\ad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\ad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: AdBlock = C:\Users\ad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0\

CHR - Extension: Gmail = C:\Users\ad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.94.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (BrowserHelper) - {4BF2CB0E-658A-442B-AC83-A64EC2150BFC} - C:\ProgramData\PPBrowserHelper\BHO\TipsBHO.dll (TODO: <Company name>)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (ArcPluginIEBHO Class) - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)

O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.94.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)

O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\ad\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [AntiLogger] C:\Program Files (x86)\AntiLogger\AntiLogger.exe (Zemana Ltd.)

O4 - HKLM..\Run: [QvodTerminal] C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-928765255-3382952000-2108925264-1000..\Run: [PPAP] C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O8:64bit: - Extra context menu item: 使用快播按图找片 - C:\Program Files (x86)\QvodPlayer\AddIn\ImgSeed.htm ()

O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()

O8:64bit: - Extra context menu item: 使用快车3下载全部视频 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm ()

O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()

O8:64bit: - Extra context menu item: 使用快车3下载当前视频 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm ()

O8 - Extra context menu item: 使用快播按图找片 - C:\Program Files (x86)\QvodPlayer\AddIn\ImgSeed.htm ()

O8 - Extra context menu item: 使用快车3下载 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()

O8 - Extra context menu item: 使用快车3下载全部视频 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm ()

O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()

O8 - Extra context menu item: 使用快车3下载当前视频 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm ()

O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)

O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\YouKu\YoukuClient\ikutm.dll (youku.com)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\YouKu\YoukuClient\ikutm.dll (youku.com)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\YouKu\YoukuClient\ikutm.dll (youku.com)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ADA6396-90C4-4F7F-BC98-53959E5C57A3}: DhcpNameServer = 10.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56E0C141-5EED-4209-AF3A-68EC17F9BD5D}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found

O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found

O18 - Protocol\Handler\KuGoo {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\KGMusic\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)

O18 - Protocol\Handler\KuGoo3 {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\KGMusic\KuGoo3DownXControl.ocx (广州酷狗计算机科技有限公司)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/13 10:30:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ad\Desktop\OTL.exe

[2013/08/12 15:58:42 | 000,000,000 | ---D | C] -- C:\Users\ad\AppData\Roaming\Baidu

[2013/08/12 15:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu

[2013/08/12 15:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BaiduPlayer

[2013/08/12 15:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu

[2013/08/12 15:42:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/08/08 19:20:22 | 000,478,032 | ---- | C] (PPTV) -- C:\Windows\SysWow64\PPTVSvc.dll

[2013/08/08 19:20:22 | 000,399,816 | ---- | C] (PPLive Corporation) -- C:\Windows\SysWow64\PPTVLauncher.exe

[2013/08/08 19:20:22 | 000,399,816 | ---- | C] (PPLive Corporation) -- C:\Windows\SysNative\PPTVLauncher.exe

[2013/08/07 17:51:31 | 000,000,000 | ---D | C] -- C:\Media

[2013/08/07 17:47:13 | 000,000,000 | --SD | C] -- C:\KuaiwanGames

[2013/08/07 17:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\快播软件

[2013/08/07 17:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\KuaiWan

[2013/08/07 17:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kuaiwan

[2013/08/07 17:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\影视搜索

[2013/08/07 17:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QMovie

[2013/08/07 17:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\QvodPlayer

[2013/08/07 17:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QvodPlayer

[2013/08/06 08:59:01 | 000,049,240 | ---- | C] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys

[2013/08/06 08:59:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\{33CC04A6-7C06-4D73-B22D-D63FE2603F84}

[2013/08/06 08:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiLogger

[2013/07/26 10:56:47 | 000,000,000 | ---D | C] -- C:\Users\ad\AppData\Roaming\TeamViewer

[2013/07/26 10:24:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer

[2013/07/22 15:20:51 | 000,000,000 | ---D | C] -- C:\Users\ad\AppData\Roaming\NVIDIA

[2013/07/22 11:07:37 | 000,000,000 | -H-D | C] -- C:\ArcTemp

[2013/07/22 11:04:49 | 000,000,000 | ---D | C] -- C:\Users\ad\AppData\Roaming\Arc

[2013/07/22 11:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment

[2013/07/22 11:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perfect World Entertainment

[2013/07/19 09:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AhnLab

[2013/07/19 09:52:47 | 000,000,000 | ---D | C] -- C:\Users\ad\AppData\Local\LucidMS

[2013/07/19 09:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEXON

[2013/07/19 09:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NEXON

[2013/07/19 09:07:42 | 000,000,000 | ---D | C] -- C:\Users\ad\Documents\RIFT

[2013/07/19 07:40:50 | 000,000,000 | ---D | C] -- C:\Users\ad\AppData\Roaming\RIFT

[2013/07/19 07:40:50 | 000,000,000 | ---D | C] -- C:\Users\ad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RIFT

[2013/07/19 07:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RIFT

[2013/07/16 13:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET

[2013/07/16 13:36:41 | 000,000,000 | ---D | C] -- C:\Users\ad\AppData\Local\Paint.NET

========== Files - Modified Within 30 Days ==========

[2013/08/13 10:30:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ad\Desktop\OTL.exe

[2013/08/13 09:57:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/08/13 09:39:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/08/13 09:13:07 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/08/13 09:13:07 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/08/13 09:10:42 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/08/13 09:10:42 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/08/13 09:10:42 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/08/13 09:04:38 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/08/13 09:04:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/08/13 09:04:30 | 2146,881,535 | -HS- | M] () -- C:\hiberfil.sys

[2013/08/12 23:03:12 | 000,000,954 | ---- | M] () -- C:\Users\ad\AppData\Roaming\coreavc.ini

[2013/08/12 15:58:46 | 000,001,296 | ---- | M] () -- C:\Users\Public\Desktop\BaiduPlayer.lnk

[2013/08/08 19:20:22 | 000,478,032 | ---- | M] (PPTV) -- C:\Windows\SysWow64\PPTVSvc.dll

[2013/08/08 19:20:22 | 000,399,816 | ---- | M] (PPLive Corporation) -- C:\Windows\SysWow64\PPTVLauncher.exe

[2013/08/08 19:20:22 | 000,399,816 | ---- | M] (PPLive Corporation) -- C:\Windows\SysNative\PPTVLauncher.exe

[2013/08/08 19:20:02 | 002,585,424 | ---- | M] () -- C:\Windows\SysNative\shellfire.dll

[2013/08/08 19:19:54 | 002,307,408 | ---- | M] () -- C:\Windows\SysWow64\shellfire.dll

[2013/08/08 12:11:25 | 000,001,161 | ---- | M] () -- C:\Users\ad\Desktop\ROBLOX Studio 2013.lnk

[2013/08/07 17:42:28 | 000,001,941 | ---- | M] () -- C:\Users\ad\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk

[2013/08/07 17:42:27 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\快播.lnk

[2013/08/07 17:42:07 | 000,001,003 | ---- | M] () -- C:\Users\ad\Application Data\Microsoft\Internet Explorer\Quick Launch\影视搜索.lnk

[2013/08/07 17:42:06 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\影视搜索.lnk

[2013/08/06 08:59:01 | 000,049,240 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys

[2013/08/06 08:59:00 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\AntiLogger.lnk

[2013/08/01 16:00:20 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/07/27 07:16:08 | 000,277,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/08/12 15:58:46 | 000,001,296 | ---- | C] () -- C:\Users\Public\Desktop\BaiduPlayer.lnk

[2013/08/08 19:20:02 | 002,585,424 | ---- | C] () -- C:\Windows\SysNative\shellfire.dll

[2013/08/08 19:19:54 | 002,307,408 | ---- | C] () -- C:\Windows\SysWow64\shellfire.dll

[2013/08/07 17:42:27 | 000,001,941 | ---- | C] () -- C:\Users\ad\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk

[2013/08/07 17:42:27 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\快播.lnk

[2013/08/07 17:42:06 | 000,001,003 | ---- | C] () -- C:\Users\ad\Application Data\Microsoft\Internet Explorer\Quick Launch\影视搜索.lnk

[2013/08/07 17:42:06 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\影视搜索.lnk

[2013/08/06 08:59:00 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\AntiLogger.lnk

[2013/07/26 10:24:51 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk

[2013/07/16 13:38:11 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk

[2013/06/17 20:03:02 | 002,307,408 | ---- | C] () -- C:\Windows\SysWow64\kindling.dll

[2013/04/17 23:15:20 | 000,000,424 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat

[2013/04/17 23:15:19 | 000,000,305 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat

[2013/03/10 22:50:45 | 000,000,954 | ---- | C] () -- C:\Users\ad\AppData\Roaming\coreavc.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/26 18:04:41 | 000,000,000 | ---D | M] -- C:\Users\ad\AppData\Roaming\Arc

[2013/08/12 15:58:42 | 000,000,000 | ---D | M] -- C:\Users\ad\AppData\Roaming\Baidu

[2013/06/12 14:22:53 | 000,000,000 | ---D | M] -- C:\Users\ad\AppData\Roaming\BITS

[2013/04/18 21:06:30 | 000,000,000 | ---D | M] -- C:\Users\ad\AppData\Roaming\FlashGet

[2013/04/17 23:15:26 | 000,000,000 | ---D | M] -- C:\Users\ad\AppData\Roaming\FlashGetBHO

[2013/06/08 19:37:40 | 000,000,000 | ---D | M] -- C:\Users\ad\AppData\Roaming\FlashgetSetup

[2013/07/31 01:12:38 | 000,000,000 | ---D | M] -- C:\Users\ad\AppData\Roaming\KuGou8

[2013/04/20 13:19:24 | 000,000,000 | ---D | M] -- C:\Users\ad\AppData\Roaming\LolClient

[2013/01/09 00:46:40 | 000,000,000 | ---D | M] -- C:\Users\ad\AppData\Roaming\PPLive

[2013/07/19 09:12:36 | 000,000,000 | ---D | M] -- C:\Users\ad\AppData\Roaming\RIFT

[2013/07/26 11:45:51 | 000,000,000 | ---D | M] -- C:\Users\ad\AppData\Roaming\TeamViewer

[2013/06/08 18:39:44 | 000,000,000 | ---D | M] -- C:\Users\ad\AppData\Roaming\Wandoujia2

[2013/05/26 22:32:01 | 000,000,000 | ---D | M] -- C:\Users\ad\AppData\Roaming\youku

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 8/13/2013 10:31:56 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ad\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16635)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.57 Gb Available Physical Memory | 82.14% Memory free

16.00 Gb Paging File | 14.54 Gb Available in Paging File | 90.91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 836.59 Gb Free Space | 89.82% Space Free | Partition Type: NTFS

Computer Name: AD-PC | User Name: ad | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-928765255-3382952000-2108925264-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)

"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)

"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)

"C:\Users\ad\AppData\Local\Temp\fgcn_349.exe" = C:\Users\ad\AppData\Local\Temp\fgcn_349.exe:*:Enabled:fg_ol_silent

"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)

"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)

"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)

"C:\Users\ad\AppData\Local\Temp\fgcn_349.exe" = C:\Users\ad\AppData\Local\Temp\fgcn_349.exe:*:Enabled:fg_ol_silent

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0369A9EF-64B2-4531-BAE2-3A5272B6254A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{0A9D8135-ECE0-4CB3-B60A-A7A8EC01DFFB}" = rport=139 | protocol=6 | dir=out | app=system |

"{0D837078-25F8-4D54-A36D-141A9CC73F21}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{0DC85DE2-9FDE-43A4-BC4B-03F158244804}" = lport=445 | protocol=6 | dir=in | app=system |

"{1DC0394C-D483-4666-BBE2-16DDBE26D68B}" = lport=139 | protocol=6 | dir=in | app=system |

"{288371A7-17DD-4CE9-911E-26F5D99F2B01}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{5AB7C2C3-7956-4029-9B5E-D7D1908020A3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5E397DB7-3F7D-4495-9FA3-18D7FC41A62E}" = lport=138 | protocol=17 | dir=in | app=system |

"{5E50EE30-E77A-4579-9229-4A3B0DD362C9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{67316453-7099-4895-A1D3-8EBA94E86FFD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{72035EAD-F4AA-46A7-A9FA-F8B1B61AEC7E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7CC3CD03-ADAC-4172-8A73-8FD3D1820136}" = rport=10243 | protocol=6 | dir=out | app=system |

"{8DFC1BDB-9F86-4F6B-9AE5-7FFF60889C38}" = rport=445 | protocol=6 | dir=out | app=system |

"{91DF5F73-03D8-4050-A6EA-58014E2C4891}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9EC1167C-B955-4522-9170-D03534A56F47}" = lport=137 | protocol=17 | dir=in | app=system |

"{BF266BF6-7277-4354-80A7-E1BDF9816D6A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{C8467366-CAB8-4C4B-B6A1-091CBAAEBCA1}" = rport=138 | protocol=17 | dir=out | app=system |

"{C99F0C35-8E6A-4077-A9C9-3CCDFBB4456C}" = rport=137 | protocol=17 | dir=out | app=system |

"{CABD872D-773C-4DAF-BCC2-6A4D2F3C5957}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E41C2177-A833-4557-A795-9A4A9D4739D8}" = lport=10243 | protocol=6 | dir=in | app=system |

"{E7D148E3-6C9A-4BD3-944F-7609E79A6A41}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0578AB00-5CB6-46F7-A5BA-B6DBE64B5729}" = protocol=6 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.19.0.78\baidusetupax_0.exe |

"{059C86C1-1CD0-4B75-83D9-EDC574C96D70}" = protocol=17 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kgservice.exe |

"{0AC73F91-26DC-4EEF-B80E-41300E8DFC99}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.8.0023\crashreporter.exe |

"{0D34BB5A-932C-4F32-B25D-870EBA1306A7}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.4576\plugininstaller.exe |

"{0E46A14C-73F9-4FAA-B66E-32A2D9F64E34}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{0F9B3D51-0D37-4C37-B4E8-E3212DF3B9A3}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.19.0.159\baidup2pservice.exe |

"{133FE8BD-7B26-4D71-B14F-951051D7DB72}" = protocol=6 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kugou.exe |

"{1524886A-0876-414E-814C-A6E53C7733DE}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.3105\plugininstaller.exe |

"{1AF05F44-0C0D-43DA-9CD8-DB457E50FA9A}" = protocol=17 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.19.0.159\baidusetupax_0.exe |

"{1BCDDF16-6117-4D39-85BE-65F0C58E7BF9}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |

"{1C3118AC-C722-47DC-B767-FA2DB0E2BFAF}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{28EDBB79-1460-4939-9DDF-13A4F892B9CB}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.19.0.159\baiduplayer.exe |

"{2951C356-CE91-4F16-87D0-17A4AFC260F8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{298B6E40-04A4-4278-BFBF-316F6C6ACC12}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{2BE01CBB-BF06-4B97-A45F-141346741AC1}" = protocol=17 | dir=in | app=c:\windows\system32\pptvlauncher.exe |

"{2FE66442-9C06-4A71-A5AE-48A573B7C3AF}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.3105\plugininstaller.exe |

"{30183748-5952-4C40-AD46-40C34F47DF4A}" = protocol=17 | dir=in | app=c:\users\ad\downloads\qvodsetup5.exe |

"{37F4DE0B-A1C4-4C4B-B744-7929BBABE9C3}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\pplive.exe |

"{3C16FF32-037A-419C-A921-7D3C7106F8BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3F429AD4-2FF8-4033-BB53-DC021F98044A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{424EB936-6548-44D0-BECE-D907651E546F}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.8.0023\crashreporter.exe |

"{4616DFD1-8132-409D-AB3A-4F603834DC5A}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |

"{47EABE13-414F-4EBF-A138-EBD87C0D69B0}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.8.0023\repairsetup.exe |

"{482C5A0C-7603-4A6E-A194-E89930062A37}" = protocol=17 | dir=in | app=c:\program files\nexon\combat arms\nmservice.exe |

"{49531245-388A-4B51-B062-49147A3CC792}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |

"{4ACF9B2B-CA2B-4570-AF88-9FF8E11560EF}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.19.0.78\baiduplayer.exe |

"{5148DFA2-6687-409D-BAD9-9B21623ACD0F}" = protocol=6 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.19.0.159\baidusetupax_0.exe |

"{546C5000-0103-4956-A139-8FB6E2A2A744}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |

"{5533D972-D508-453B-91DD-4618B0661EDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{58CE22FB-0BA4-4CFE-81F8-44C84AC24E77}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |

"{5A63A15F-3911-4FD0-9831-C59820A68ACD}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe |

"{602D2D19-FD2C-4BA3-A1AF-38FAED7DBA6E}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.19.0.159\statreport.exe |

"{610DFBA4-0A69-44B2-A1E6-B7475985392B}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.3471\plugininstaller.exe |

"{633912C1-3CCE-4E3A-8AFC-6A52F00F5F79}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.3471\plugininstaller.exe |

"{640B3DF1-20C1-43B8-8C33-8DFCDF509CBB}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{68DC87FC-808A-4E41-87F4-B6A832D44DA7}" = dir=in | app=c:\programdata\baidu\baiduplayer\bdupdate.exe |

"{69DDF032-FBFE-4E58-83D9-4305EF03C6F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{6A7784AB-D71C-4D9C-BA1C-1760244BE8AD}" = protocol=17 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kugou.exe |

"{6B86811C-9DA2-4C08-B737-9C9416552932}" = protocol=6 | dir=out | app=system |

"{754E47DC-6CC4-4C56-A526-A3A8539D5E41}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.4576\plugininstaller.exe |

"{80A7A068-E9D4-42C3-8DBA-6BD08462880D}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{88099185-FB52-49CB-A433-D005D61F5B53}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.4543\plugininstaller.exe |

"{896A0033-3B0F-4BF0-A487-B5EE7E950632}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{8AFC4CCA-04F5-4657-96B9-9544A2E3D27D}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.4543\plugininstaller.exe |

"{8E596D61-0258-41D6-91FD-A17D616519A5}" = protocol=6 | dir=in | app=c:\program files (x86)\kugou\kgmusic\kgservice.exe |

"{97BB6FFD-0CBB-4640-B404-1C9B5055F64C}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\pplive.exe |

"{9A792309-D05E-411A-BA15-C4555F76A687}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{9AFC037C-464D-43F6-B40A-6ED5F799D870}" = dir=in | app=c:\programdata\baidu\baiduplayer\bdupdate.exe |

"{9BC6A909-35CB-4A79-8759-D12E035DEDB3}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.4396\plugininstaller.exe |

"{9D1DA8A6-3B9C-4322-915B-FB6906D8D481}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A25C916E-2CAB-4F1B-AF7A-EC27AE3B5F4F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A2C5E945-034D-4EC1-8E27-89D640F11BD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A2D7F018-CCE8-4021-98E1-1EFA3C7AB8F0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{A5DEE363-2258-45D8-A85B-ED5E9008EE6D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{A6194729-CF10-4F6C-A290-65BF0525CA01}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |

"{AD070225-F973-46A1-94F1-B7C2E77BEC61}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.8.0023\ppliveu.exe |

"{B2027441-ACD0-42E4-8ECC-BC8046A54CED}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.8.0023\repairsetup.exe |

"{B39F65B0-63FC-44C2-9D62-F7A06E77F7B2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |

"{B4930A75-3F0A-4897-B9FD-A59E443A19CE}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\3.3.8.0023\ppliveu.exe |

"{C2216421-5057-4D9A-8429-5CF4B601BBD8}" = protocol=6 | dir=in | app=c:\users\ad\downloads\qvodsetup5.exe |

"{CC603760-D0E5-42EA-BE16-6103FAFE20E8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |

"{CC92BCCF-7663-4A97-AD79-8B69F79AC57A}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.4396\plugininstaller.exe |

"{D536F911-EC86-44B0-B975-B79C0D96FC92}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |

"{DC5DF855-8571-4E60-8C0E-28E18CF9B86B}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.19.0.78\baidup2pservice.exe |

"{E2C5B7B0-E104-4712-BC07-8C6386DD20F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{E51D4AB5-A1BE-4FED-B601-FAEC336C22AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E687E712-FC4E-493E-934E-735778DB94B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E695C7DA-1C67-43B6-81F1-EB6D02303695}" = protocol=6 | dir=in | app=c:\windows\system32\pptvlauncher.exe |

"{E8633BE3-6545-42FA-9374-D84CFCF62FAD}" = protocol=6 | dir=in | app=c:\program files\nexon\combat arms\nmservice.exe |

"{E929A6CA-B28D-40C2-9A7A-698B2E9CF303}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{EA90F777-AC14-4DE4-A5F4-00B99A89ED1E}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |

"{EEC4152C-6F07-44BF-AA72-7B67D4ABC14E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{F3E744BC-5AFE-4C37-89AE-7BB3644C7592}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.19.0.78\statreport.exe |

"{F8571643-3EE6-4DF2-9FFD-EE22F90C073F}" = protocol=17 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.19.0.78\baidusetupax_0.exe |

"{FF7A68D1-D2CA-42A0-84BD-F9E127452907}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe |

"TCP Query User{3E7D93BA-B552-4FAB-BCA4-C02D7A640102}C:\program files (x86)\youku\youkuclient\youkumediacenter.exe" = protocol=6 | dir=in | app=c:\program files (x86)\youku\youkuclient\youkumediacenter.exe |

"TCP Query User{41F40431-22C2-4A27-AF89-8EC3D6EC3958}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |

"TCP Query User{85AF224C-0279-42DD-B119-7B4BC7C6F560}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |

"UDP Query User{95C8632A-A820-4718-A6AE-899B996D62AE}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |

"UDP Query User{B5D914AD-465C-412C-8275-16CC8D048E06}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |

"UDP Query User{C7DB15F0-1EF9-43AD-A7C2-4B38648BA336}C:\program files (x86)\youku\youkuclient\youkumediacenter.exe" = protocol=17 | dir=in | app=c:\program files (x86)\youku\youkuclient\youkumediacenter.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 314.07

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.07

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.07

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.07

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"WinRAR archiver" = WinRAR 4.20 (64 位)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{014534FF-1D46-4A77-9B48-29EFD145995B}" = AntiLogger

"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media

"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)

"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode

"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic

"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs

"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)

"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic

"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)

"{5CD2E27A-F2C9-4A87-9A06-DFAF9A182481}" = Nero Express

"{622B6CB8-70B1-4D65-B672-093D19759BA1}" = Nero 12

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience)

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video

"{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM)

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player

"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter

"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic

"{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM)

"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center

"{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent

"{bd36d20a-08dc-432d-972f-b142e5136165}" = Nero 9 Lite

"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter

"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components

"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade

"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)

"{CED8E25B-122A-4E80-B612-7F99B93284B3}" = Arc

"{CF508721-0E1E-4F99-A359-59E4EA8DAEC1}" = Nero Burning ROM

"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp

"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software

"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic

"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer

"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"7-Zip" = 7-Zip 9.30 alpha

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"AntiLogger" = AntiLogger

"BaiduPlayer" = BaiduPlayer1.19.0.159

"Cheat Engine 6.3_is1" = Cheat Engine 6.3

"Combat Arms" = Combat Arms

"Europe MapleStory_is1" = Europe MapleStory

"Google Chrome" = Google Chrome

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"N360" = Norton 360

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"PPLive" = PPTV V3.3.8.0023

"QvodPlayer" = 快播 5.14.142

"TeamViewer 8" = TeamViewer 8

"YoukuClient" = 优酷客户端

"影视搜索" = 影视搜索

"快车(FlashGet)3.7" = 快车(FlashGet)3.7 正式版

"酷狗音乐2012" = 酷狗音乐2012

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-928765255-3382952000-2108925264-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}" = ROBLOX Studio 2013 for ad

"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for ad

"RIFT" = RIFT

========== Last 20 Event Log Errors ==========

[ System Events ]

Error - 8/12/2013 6:55:48 PM | Computer Name = ad-PC | Source = Service Control Manager | ID = 7038

Description = The nvUpdatusService service was unable to log on as .\UpdatusUser

with the currently configured password due to the following error: %%1330 To ensure

that the service is configured properly, use the Services snap-in in Microsoft

Management Console (MMC).

Error - 8/12/2013 6:55:48 PM | Computer Name = ad-PC | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Update Service Daemon service failed to start due to the

following error: %%1069

Error - 8/13/2013 1:35:08 AM | Computer Name = ad-PC | Source = Service Control Manager | ID = 7038

Description = The nvUpdatusService service was unable to log on as .\UpdatusUser

with the currently configured password due to the following error: %%1330 To ensure

that the service is configured properly, use the Services snap-in in Microsoft

Management Console (MMC).

Error - 8/13/2013 1:35:08 AM | Computer Name = ad-PC | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Update Service Daemon service failed to start due to the

following error: %%1069

Error - 8/13/2013 12:06:54 PM | Computer Name = ad-PC | Source = Service Control Manager | ID = 7038

Description = The nvUpdatusService service was unable to log on as .\UpdatusUser

with the currently configured password due to the following error: %%1330 To ensure

that the service is configured properly, use the Services snap-in in Microsoft

Management Console (MMC).

Error - 8/13/2013 12:06:54 PM | Computer Name = ad-PC | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Update Service Daemon service failed to start due to the

following error: %%1069

< End of report >

Not sure if im infected

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information