I have infected by gorilla price

[summerINlyon]

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 10.21.2

Run by LYON at 15:10:45 on 2013-12-22

Microsoft Windows 7 Home Premium   6.1.7601.1.936.86.1033.18.3690.1075 [GMT -5:00]

.

AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}

FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\DTS.exe

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\ATService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\360\360Safe\deepscan\zhudongfangyu.exe

C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe

C:\Windows\SysWOW64\NLSSRV32.EXE

C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\SysWOW64\SAsrv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\ProgramData\GorillaPrice\WatGorp.exe

C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe

C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

C:\Windows\system32\taskhost.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Windows\system32\rundll32.exe

C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE

C:\Windows\system32\Dwm.exe

C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files (x86)\Tencent\QQPinyin\4.2.1073.400\QQPYTrayBar.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe

C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\360\360Safe\safemon\360tray.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Program Files\COMODO\COMODO Internet Security\cis.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE

C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe

C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe

C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe

C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe

C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe

C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe

C:\Program Files (x86)\Tencent\QQ\QQProtect\Bin\QQProtect.exe

C:\Program Files (x86)\Tencent\QQ\bin\QQ.exe

C:\Program Files (x86)\Tencent\QQ\Bin\TXPlatform.exe

C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uProxyServer = hxxp=127.0.0.1:8080

mWinlogon: Userinit = userinit.exe

BHO: IEHelper Class: {000DA090-57AA-424B-A8F0-621B7C08B8F4} - C:\Program Files (x86)\WandouLabs

 

\wandoujia_bho32.dll

BHO: {0F4BF955-A127-41B7-A998-369904AA2578} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java

 

\jre7\bin\ssv.dll

BHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo 

 

Fingerprint Reader\x86\IEBHO.dll

BHO: SafeMon Class: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files (x86)\360\360Safe\safemon

 

\safemon.dll

BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files 

 

(x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java

 

\jre7\bin\jp2ssv.dll

BHO: AccountProtectBHO Class: {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} - C:\Users\LYON\AppData\Roaming

 

\Tencent\QQ\QQAntiPhishing\AccountProtect.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [YodaoDict] "C:\Users\LYON\AppData\Local\Youdao\Dict\Application\YodaoDict.exe" -hide -autostart

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application

 

\iusb3mon.exe"

mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe

mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-

 

FD0C-4A48-B101-F0314A6172E4

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install 

 

/silent

dRun: [360sd] "C:\Program Files (x86)\360\360sd\360sdrun.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:221

uPolicies-Explorer: NoSimpleStartMenu = dword:0

uPolicies-Explorer: DisallowCpl = dword:0

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: DisableCAD = dword:1

mPolicies-Windows\System: EnableSmartScreen = dword:0

IE: Download all with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlall.htm

IE: Download selected with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager

 

\dlselected.htm

IE: Download video with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htm

IE: Download with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dllink.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files 

 

(x86)\Microsoft Office\Office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files 

 

(x86)\Microsoft Office\Office15\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files 

 

(x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00} : NameServer = 156.154.70.25,156.154.71.25

TCP: Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00}\35E48455D235 : NameServer = 

 

156.154.70.25,156.154.71.25

TCP: Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00}\35E48455D235 : DHCPNameServer = 172.16.132.29 

 

172.16.225.25 172.16.123.25

TCP: Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00}\37A6A7 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00}\876696E696479777966696 : NameServer = 

 

156.154.70.25,156.154.71.25

TCP: Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00}\876696E696479777966696 : DHCPNameServer = 

 

75.75.75.75 75.75.76.76

TCP: Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00}\C4947373 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{D69048E5-8712-4B0C-81A7-F0C3B66B6FD3} : NameServer = 156.154.70.25,156.154.71.25

SSODL: WebCheck - <orphaned>

LSA: Notification Packages =  scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u wsauth

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application

 

\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java

 

\jre7\bin\ssv.dll

x64-BHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo 

 

Fingerprint Reader\IEBHO.dll

x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files 

 

(x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java

 

\jre7\bin\jp2ssv.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t

x64-Run: [TpShocks] TpShocks.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup

x64-Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s

x64-Run: [FingerPrintSoftwareSplashScreen] "C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe" \s

x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

x64-Run: [ATUpdatePBA.ltp] C:\Windows\SysWOW64\ATUpdatePBA.exe

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>

x64-Notify: ATFUS - <no file>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-23 

 

19224]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-29 25416]

R1 360AntiHacker;360Safe Anti Hacker Service;C:\Windows\System32\drivers\360AntiHacker64.sys [2013-12-22 70336]

R1 360Box64;360Box mini-filter driver;C:\Windows\System32\drivers\360Box64.sys [2013-12-22 305336]

R1 360Camera;360Safe Camera Filter Service;C:\Windows\System32\drivers\360Camera64.sys [2013-12-22 40120]

R1 360FsFlt;360FsFlt mini-filter driver;C:\Windows\System32\drivers\360fsflt.sys [2013-12-22 234680]

R1 360netmon;360netmon;C:\Windows\System32\drivers\360netmon.sys [2013-12-22 62144]

R1 BAPIDRV;BAPIDRV;C:\Windows\System32\drivers\BAPIDRV64.SYS [2013-11-4 191672]

R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-9-24 23168]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-9-24 

 

709144]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2013-9-24 48872]

R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2012-10-15 15472]

R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344]

R2 kisknl;kisknl;C:\Windows\System32\drivers\kisknl.sys [2013-12-21 223032]

R3 5U877;5U877;C:\Windows\System32\drivers\5U877.sys [2012-9-23 216704]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-9-23 331264]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-9-23 356632]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-9-23 

 

789272]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-12-20 25496]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-22 25928]

R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-9-23 259688]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-9-23 565352]

R3 SmbDrvIntel;SmbDrvIntel;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-9-23 27448]

R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-7 40248]

R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\System32\drivers\tvtvcamd.sys [2012-9-23 27432]

S3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2011-11-30 51712]

S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-2-13 95232]

S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-2-13 747008]

S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2012-10-5 33736]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-12-20 34200]

S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-12-22 31800]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

.

=============== File Associations ===============

.

.

=============== Created Last 30 ================

.

2013-12-22 19:56:46 -------- d-----w- C:\Users\LYON\AppData\Roaming\Malwarebytes

2013-12-22 19:56:19 -------- d-----w- C:\ProgramData\Malwarebytes

2013-12-22 19:56:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-12-22 19:56:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-22 18:48:40 -------- d-----w- C:\Users\LYON\AppData\Roaming\Maxthon3

2013-12-22 18:48:37 -------- d-----w- C:\Program Files (x86)\Maxthon

2013-12-22 18:19:47 -------- d-----w- C:\Users\LYON\AppData\Local\Tencent

2013-12-22 18:17:42 4959096 ----a-w- C:\Windows\System32\QQPinyin.ime

2013-12-22 18:08:21 -------- d-----w- C:\ProgramData\boost_interprocess

2013-12-22 18:08:00 -------- d-----w- C:\ProgramData\Tencent

2013-12-22 17:21:40 -------- d-----w- C:\AdwCleaner

2013-12-22 17:04:23 -------- d-----w- C:\Users\LYON\AppData\Local\VS Revo Group

2013-12-22 17:04:20 -------- d-----w- C:\ProgramData\VS Revo Group

2013-12-22 17:04:19 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys

2013-12-22 17:04:19 -------- d-----w- C:\Program Files\VS Revo Group

2013-12-22 16:32:03 3155968 ----a-w- C:\Windows\System32\win32k.sys

2013-12-22 16:30:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-12-22 16:29:49 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-12-22 16:29:49 830464 ----a-w- C:\Windows\System32\nshwfp.dll

2013-12-22 16:29:49 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-12-22 16:29:49 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-12-22 16:29:49 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

2013-12-22 15:51:03 -------- d-----w- C:\Users\LYON\AppData\Roaming\360mobilemgr

2013-12-22 15:40:58 -------- d-----w- C:\Users\LYON\AppData\Roaming\360safe

2013-12-22 15:40:24 39112 ----a-w- C:\Windows\System32\drivers\360LanProtect.sys

2013-12-22 15:40:16 234680 ----a-w- C:\Windows\System32\drivers\360fsflt.sys

2013-12-22 15:40:08 70336 ----a-w- C:\Windows\System32\drivers\360AntiHacker64.sys

2013-12-22 15:40:06 40120 ----a-w- C:\Windows\System32\drivers\360Camera64.sys

2013-12-22 15:40:05 305336 ----a-w- C:\Windows\System32\drivers\360Box64.sys

2013-12-22 15:40:05 -------- d-sh--r- C:\360SANDBOX

2013-12-22 15:40:00 146872 ----a-w- C:\Windows\SysWow64\360SoftMgr.cpl

2013-12-22 15:39:50 62144 ----a-w- C:\Windows\System32\drivers\360netmon.sys

2013-12-21 19:06:54 -------- d-----w- C:\Windows\PCHEALTH

2013-12-21 19:06:54 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server

2013-12-21 19:04:48 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-12-21 17:55:24 -------- d-----w- C:\360Downloads

2013-12-21 17:47:27 -------- d-----w- C:\Users\LYON\AppData\Local\TNT2

2013-12-21 06:24:32 -------- d-----w- C:\Users\LYON\AppData\Roaming\Open Download Manager

2013-12-21 06:23:43 -------- d-----w- C:\ProgramData\GorillaPrice

2013-12-21 06:23:42 -------- d-----w- C:\Program Files (x86)\GorillaPrice

2013-12-21 05:42:10 -------- d-sh--w- C:\KRECYCLE

2013-12-21 05:41:52 84328 ----a-w- C:\Windows\System32\drivers\ksapi.sys

2013-12-21 05:41:52 19352 ----a-w- C:\Windows\System32\drivers\ksskrpr.sys

2013-12-21 05:41:52 18296 ----a-w- C:\Windows\System32\drivers\kusbquery64.sys

2013-12-21 05:41:52 14200 ----a-w- C:\Windows\System32\drivers\kusbquery.sys

2013-12-21 05:41:51 223032 ----a-w- C:\Windows\System32\drivers\kisknl64.sys

2013-12-21 05:41:51 223032 ----a-w- C:\Windows\System32\drivers\kisknl.sys

2013-12-21 05:41:51 152888 ----a-w- C:\Windows\System32\drivers\kdhacker64.sys

2013-12-21 05:41:51 101176 ----a-w- C:\Windows\System32\drivers\kdhacker.sys

2013-12-21 05:41:50 31848 ----a-w- C:\Windows\System32\drivers\kavbootc64.sys

2013-12-21 05:41:50 27240 ----a-w- C:\Windows\System32\drivers\kavbootc.sys

2013-12-21 05:02:12 -------- d-----w- C:\Program Files (x86)\MSECache

2013-12-21 03:35:40 -------- d-----w- C:\Users\LYON\AppData\Local\Programs

2013-12-21 03:04:48 -------- d-----w- C:\Users\LYON\AppData\Local\liebao

2013-12-20 21:52:06 -------- d-----w- C:\Users\LYON\AppData\Local\assembly

2013-12-20 21:52:03 -------- d-----w- C:\Users\LYON\AppData\Local\Deployment

2013-12-20 21:52:03 -------- d-----w- C:\Users\LYON\AppData\Local\Apps

2013-12-20 20:03:56 -------- d-----w- C:\Users\LYON\AppData\Roaming\BaiduYunGuanjia

.

==================== Find3M  ====================

.

2013-12-22 19:34:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-22 19:34:26 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-11-15 01:37:29 2334720 ----a-w- C:\Windows\System32\jscript9.dll

2013-11-15 01:29:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-11-15 01:28:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-11-15 01:22:21 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-11-15 01:20:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-11-15 01:18:03 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-11-14 22:50:50 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-11-14 22:42:41 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-11-14 22:42:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-11-14 22:38:54 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-11-14 22:38:16 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-11-14 22:35:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-11-14 11:38:18 709144 ----a-w- C:\Windows\System32\drivers\cmdguard.sys

2013-11-14 11:38:02 43216 ----a-w- C:\Windows\System32\cmdcsr.dll

2013-10-23 00:23:22 191672 ----a-w- C:\Windows\System32\drivers\BAPIDRV64.SYS

2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx

2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll

2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx

2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll

2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe

2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe

2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe

2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe

2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll

2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys

2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys

2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll

2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll

2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll

2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll

2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe

2013-09-24 16:54:12 48872 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2013-09-24 16:54:12 23168 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2013-09-24 16:53:52 444392 ----a-w- C:\Windows\System32\guard64.dll

2013-09-24 16:53:52 354240 ----a-w- C:\Windows\SysWow64\guard32.dll

2013-09-24 16:53:42 347864 ----a-w- C:\Windows\System32\cmdvrt64.dll

2013-09-24 16:53:40 45784 ----a-w- C:\Windows\System32\cmdkbd64.dll

2013-09-24 16:53:36 40664 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll

2013-09-24 16:53:36 280792 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll

.

============= FINISH: 15:12:59.60 ===============

 

ATTACH

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 10/3/12 00:28:04

System Uptime: 12/22/13 13:39:52 (2 hours ago)

.

Motherboard: LENOVO |  | 3254CTO

Processor: Intel® Core i5-3320M CPU @ 2.60GHz | CPU Socket - U3E1 | 1196/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 464 GiB total, 13.165 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: KDHacker

Device ID: ROOT\LEGACY_KDHACKER\0000

Manufacturer: 

Name: KDHacker

PNP Device ID: ROOT\LEGACY_KDHACKER\0000

Service: KDHacker

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: EncryptedDisk

Device ID: ROOT\LEGACY_ENCRYPTEDDISK\0000

Manufacturer: 

Name: EncryptedDisk

PNP Device ID: ROOT\LEGACY_ENCRYPTEDDISK\0000

Service: EncryptedDisk

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

360

7-Zip 9.30 (x64 edition)

Absolute Reminder

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.05)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Burn.Now 4.5

Classical Poetry Library 2009 Build 2009.09.22

COMODO Internet Security Premium

Conexant HD Audio

Corel Burn.Now Lenovo Edition

Corel DVD MovieFactory 7

Corel DVD MovieFactory Lenovo Edition

Create Recovery Media

Direct DiscRecorder

Dropbox

Fingerprint Reader

Google Chrome

Google Update Helper

Integrated Camera Driver Installer Package Ver.1.2.1.18

Intel AppUp(SM) center

Intel® Control Center

Intel® Manageability Engine Firmware Recovery Agent

Intel® Management Engine Components

Intel® OpenCL CPU Runtime

Intel® Processor Graphics

Intel® PROSet/Wireless for Bluetooth® + High Speed

Intel® PROSet/Wireless Software for Bluetooth® Technology

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® WiDi

Intel® Wireless Display

Intel? PROSet/Wireless WiFi Software

Intel? Trusted Connect Service Client

iTunes

Java 7 Update 15 (64-bit)

Java 7 Update 21

Java Auto Updater

Lenovo Auto Scroll Utility

Lenovo Fingerprint Software

Lenovo Patch Utility

Lenovo Patch Utility 64 bit

Lenovo Registration

Lenovo SimpleTap

Lenovo Solution Center

Lenovo System Update

Lenovo User Guide

Lenovo Warranty Information

Lenovo Welcome

Malwarebytes Anti-Malware version 1.75.0.1300

Message Center Plus

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Access MUI (English) 2013

Microsoft Access Setup Metadata MUI (English) 2013

Microsoft DCF MUI (English) 2013

Microsoft Excel MUI (English) 2013

Microsoft Groove MUI (English) 2013

Microsoft InfoPath MUI (English) 2013

Microsoft Lync MUI (English) 2013

Microsoft Office 64-bit Components 2013

Microsoft Office OSM MUI (English) 2013

Microsoft Office OSM UX MUI (English) 2013

Microsoft Office Professional Plus 2013

Microsoft Office Proofing (English) 2013

Microsoft Office Proofing Tools 2013 - English

Microsoft Office Proofing Tools 2013 - Espa?ol

Microsoft Office Shared 64-bit MUI (English) 2013

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013

Microsoft Office Shared MUI (English) 2013

Microsoft Office Shared Setup Metadata MUI (English) 2013

Microsoft OneNote MUI (English) 2013

Microsoft Outlook MUI (English) 2013

Microsoft PowerPoint MUI (English) 2013

Microsoft Publisher MUI (English) 2013

Microsoft Silverlight

Microsoft SkyDrive

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

Microsoft Word MUI (English) 2013

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

Nitro Pro 7

On Screen Display

Power Manager

QQ

RapidBoot HDD Accelerator

RapidBoot Shield

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2894842)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2894842)

Security Update for Microsoft Excel 2013 (KB2827238) 32-Bit Edition

Security Update for Microsoft Lync 2013 (KB2850057) 32-Bit Edition

Security Update for Microsoft Office 2013 (KB2768005) 32-Bit Edition

Security Update for Microsoft Office 2013 (KB2810009) 32-Bit Edition

Security Update for Microsoft Office 2013 (KB2817623) 32-Bit Edition

Security Update for Microsoft Office 2013 (KB2850064) 32-Bit Edition

Security Update for Microsoft Outlook 2013 (KB2837618) 32-Bit Edition

SimpChinese Speech Package

Tencent QQMail Plugin

ThinkPad UltraNav Driver

ThinkVantage Active Protection System

ThinkVantage Communications Utility

ThinkVantage Fingerprint Software

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VC80CRTRedist - 8.0.50727.4053

Vensim PLE

VIP Access

Visual Studio 2010 x64 Redistributables

VMware View Client

Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (07/02/2010 8.6.0.29)

Windows Driver Package - Intel (iaStor) hdc  (11/29/2011 11.0.0.1032)

Windows Driver Package - Lenovo 1.65.05.21 (01/11/2012 1.65.05.21)

WinMount V3.4.1020

.

==== Event Viewer Messages From Past Week ========

.

12/22/13 13:40:48, Error: Service Control Manager [7034]  - The Wireless PAN DHCP Server service terminated 

 

unexpectedly.  It has done this 1 time(s).

12/22/13 13:40:47, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to 

 

load:  EncryptedDisk KDHacker WMDrive

12/22/13 13:40:24, Error: Service Control Manager [7000]  - The Conexant Audio Message Service service failed to start 

 

due to the following error:  The system cannot find the path specified.

12/22/13 13:40:22, Error: Service Control Manager [7000]  - The Kingsoft Core Service service failed to start due to the 

 

following error:  The system cannot find the file specified.

12/22/13 13:40:18, Error: Service Control Manager [7000]  - The SMI Helper Driver (smihlp2) service failed to start due to 

 

the following error:  The system cannot find the file specified.

12/22/13 13:39:56, Error: Application Popup [1060]  - \??\C:\Windows\SysWow64\drivers\WMDrive.sys has been blocked 

 

from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the 

 

driver.

12/22/13 13:38:31, Error: Service Control Manager [7016]  - The Data Transfer Service service has reported an invalid 

 

current state 0.

12/21/13 13:47:25, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action 

 

(Restart the service) after the unexpected termination of the Windows Installer service, but this action failed with the 

 

following error:  An instance of the service is already running.

12/21/13 13:45:25, Error: Service Control Manager [7031]  - The Windows Installer service terminated unexpectedly.  It 

 

has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

12/21/13 00:54:25, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to 

 

load:  EncryptedDisk WMDrive

12/21/13 00:52:35, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for 

 

a transaction response from the FastbootService service.

12/21/13 00:52:16, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for 

 

a transaction response from the ZeroConfigService service.

12/20/13 22:47:29, Error: Service Control Manager [7000]  - The WMDrive service failed to start due to the following 

 

error:  This driver has been blocked from loading

12/16/13 13:45:12, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for 

 

a transaction response from the LENOVO.TPKNRSVC service.

.

==== End Of File ===========================

 

 

THANK YOU FOR HELP

 

[summerINlyon]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.22.04

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

LYON :: NOBEL [administrator]

 

Protection: Enabled

 

12/22/13 14:57:40

MBAM-log-2013-12-22 (16-17-06).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 214594

Time elapsed: 9 minute(s), 25 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 9

HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> No action taken.

HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> No action taken.

HKCR\Typelib\{87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) -> No action taken.

HKCR\Interface\{988934A4-064B-11D3-BB80-00104B35E7F9} (Trojan.BHO) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.

 

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Data: @biocpl.dll,-1 -> No action taken.

 

Registry Data Items Detected: 1

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.FindWide) -> Bad: (http://search.findwide.com/?guid={67274129-CA04-4A98-9280-97E87D5A2107}&serpv=22) Good: (http://www.google.com) -> No action taken.

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll (Trojan.BHO) -> No action taken.

 

(end)

[MrCharlie]

Welcome to the forum, please try this procedure:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

• Double click on AdwCleaner.exe to run the tool.

  Vista/Windows 7/8 users right-click and select Run As Administrator

• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Please uncheck elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you may want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
• If you're ready to clean it all up.....click the Clean button.
• After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted:
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[summerINlyon]

THE REPORT:

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.22.05

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

LYON :: NOBEL [administrator]

 

Protection: Enabled

 

12/22/13 17:53:34

MBAM-log-2013-12-22 (17-59-10).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 213946

Time elapsed: 5 minute(s), 7 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 7

HKCR\Typelib\{87CA3845-37FE-414C-81CF-E08A7D0F6779} (Trojan.BHO) -> No action taken.

HKCR\Interface\{988934A4-064B-11D3-BB80-00104B35E7F9} (Trojan.BHO) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} (Trojan.BHO) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.

 

 

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Data: @biocpl.dll,-1 -> No action taken.

 

Registry Data Items Detected: 1

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.FindWide) -> Bad: (http://search.findwide.com/?guid={67274129-CA04-4A98-9280-97E87D5A2107}&serpv=22) Good: (http://www.google.com) -> No action taken.

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll (Trojan.BHO) -> No action taken.

 

(end)

[MrCharlie]

Nothing was done: No action taken

MrC

[summerINlyon]

1. I clicked Remove Selected, my computer was restarted.

2. I ran malwarebyte Again, and this is the report.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.22.05

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

LYON :: NOBEL [administrator]

 

Protection: Disabled

 

12/22/13 18:18:35

mbam-log-2013-12-22 (18-18-35).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 213821

Time elapsed: 5 minute(s), 11 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

--------------------

 

I guess my computer is clean now, isn't it?

[MrCharlie]

Did you run AdwCleaner???

MrC

[summerINlyon]

Yes, i should write it clearly as:

 

1. I ran advcleaner, and clicked Remove Selected.

2. my computer was restarted

3. I ran malwarebyte Again, and this is the report.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.12.22.05

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

LYON :: NOBEL [administrator]

 

Protection: Disabled

 

12/22/13 18:18:35

mbam-log-2013-12-22 (18-18-35).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 213821

Time elapsed: 5 minute(s), 11 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

--------------------

 

I guess my computer is clean now, isn't it?

[MrCharlie]

I don't know if it's gone, you didn't post the log from AdwCleaner.

MrC

[summerINlyon]

 

 

The log from AdwCleaner

 

 

# AdwCleaner v3.016 - Report created 22/12/2013 at 18:57:39

# Updated 23/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : LYON - NOBEL

# Running from : C:\Users\LYON\Desktop\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Found C:\Program Files (x86)\Common Files\Tencent

Folder Found C:\Program Files (x86)\Tencent

Folder Found C:\ProgramData\boost_interprocess

Folder Found C:\ProgramData\Tencent

Folder Found C:\Users\LYON\AppData\Local\Tencent

Folder Found C:\Users\LYON\AppData\LocalLow\Tencent

Folder Found C:\Users\LYON\AppData\Roaming\Tencent

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\TENCENT

Key Found : [x64] HKCU\Software\TENCENT

Key Found : HKLM\Software\TENCENT

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16526

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2240 octets] - [22/12/2013 12:21:45]

AdwCleaner[R1].txt - [2300 octets] - [22/12/2013 12:22:58]

AdwCleaner[R2].txt - [2360 octets] - [22/12/2013 13:00:29]

AdwCleaner[R3].txt - [1722 octets] - [22/12/2013 13:11:47]

AdwCleaner[R4].txt - [1920 octets] - [22/12/2013 17:29:18]

AdwCleaner[R5].txt - [1389 octets] - [22/12/2013 18:26:02]

AdwCleaner[R6].txt - [1690 octets] - [22/12/2013 18:38:38]

AdwCleaner[R7].txt - [1485 octets] - [22/12/2013 18:57:39]

AdwCleaner[s0].txt - [2464 octets] - [22/12/2013 13:03:43]

AdwCleaner[s1].txt - [1986 octets] - [22/12/2013 17:31:20]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [1665 octets] ##########

[MrCharlie]

Please do this:

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

[summerINlyon]

I ran the Farbar Recovery Scan Tool , but both FRST.txt and Addition.txt are totally blank.

[MrCharlie]

Did you use the correct version...64bit

If so, download a fresh copy and try it again.

MrC

[summerINlyon]

Yes, i used 64, and I download a new one. But still, it keeps showing this window:

 

----------------------------------------

 

cannot find the C:\Users\LYON\Desktop\FRST.txt file.

 

Do you want to create a new file?

 

-----------------------------------------------

 

I click YES, but still, the txt is totally blank.

[MrCharlie]

You have to press Scan, not Fix

 

MrC

[summerINlyon]

I did, i just clicked scan.

[MrCharlie]

Do this instead:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

[summerINlyon]

OTL.txt

 

OTL logfile created on: 12/22/13 19:55:22 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\LYON\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

 

3.60 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 43.15% Memory free

7.21 Gb Paging File | 4.52 Gb Available in Paging File | 62.69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 464.29 Gb Total Space | 12.80 Gb Free Space | 2.76% Space Free | Partition Type: NTFS

 

Computer Name: NOBEL | User Name: LYON | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/12/22 19:54:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LYON\Desktop\OTL.exe

PRC - [2013/12/22 18:32:29 | 000,167,480 | ---- | M] (Tencent) -- C:\Program Files (x86)\Tencent\QQ\Bin\TXPlatform.exe

PRC - [2013/12/22 18:32:29 | 000,143,032 | ---- | M] (Tencent) -- C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe

PRC - [2013/12/01 20:26:04 | 000,243,512 | ---- | M] (Maxthon International ltd.) -- C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe

PRC - [2013/11/30 12:15:14 | 000,070,144 | ---- | M] () -- C:\ProgramData\GorillaPrice\WatGorp.exe

PRC - [2013/11/30 12:07:14 | 000,625,152 | ---- | M] () -- C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe

PRC - [2013/11/20 08:07:42 | 000,167,608 | ---- | M] (Tencent) -- C:\Program Files (x86)\Tencent\QQ\QQProtect\Bin\QQProtect.exe

PRC - [2013/09/23 10:31:26 | 000,224,192 | ---- | M] (360.cn) -- C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/12/08 14:50:00 | 000,472,216 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe

PRC - [2012/12/03 10:18:48 | 002,436,096 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe

PRC - [2012/06/01 22:48:58 | 000,061,296 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

PRC - [2012/06/01 22:48:38 | 000,058,224 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe

PRC - [2012/05/24 01:05:34 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE

PRC - [2012/05/15 16:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe

PRC - [2012/05/15 16:32:00 | 001,662,560 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe

PRC - [2012/05/15 16:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

PRC - [2012/04/19 02:15:40 | 002,542,184 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe

PRC - [2012/04/19 02:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe

PRC - [2012/04/13 11:06:42 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

PRC - [2012/03/06 17:49:18 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2012/03/06 17:49:16 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2012/03/06 17:49:08 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

PRC - [2012/03/06 17:49:04 | 000,163,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

PRC - [2012/01/17 01:29:24 | 000,169,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe

PRC - [2011/11/04 14:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2011/07/12 15:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe

PRC - [2011/07/12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2011/04/26 00:08:28 | 000,984,440 | ---- | M] (Tencent) -- C:\Program Files (x86)\Tencent\QQPinyin\4.2.1073.400\QQPYTrayBar.exe

PRC - [2011/01/06 23:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe

PRC - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/12/22 18:32:32 | 000,093,752 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQ\Bin\zlib.dll

MOD - [2013/12/22 18:32:31 | 000,310,840 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQ\Bin\libjpegturbo.dll

MOD - [2013/12/22 18:32:31 | 000,167,480 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQ\Bin\libpng.dll

MOD - [2013/12/22 18:32:31 | 000,155,192 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQ\Bin\lua.dll

MOD - [2013/12/22 18:32:31 | 000,138,808 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQ\Bin\libexpatw.dll

MOD - [2013/11/25 20:25:42 | 015,990,664 | ---- | M] () -- C:\Program Files (x86)\Maxthon\Core\Webkit\Npplugins\NPSWF32.dll

MOD - [2013/11/21 01:37:14 | 000,109,336 | ---- | M] () -- C:\Program Files (x86)\Maxthon\Core\Webkit\libEGL.dll

MOD - [2013/11/21 01:37:06 | 000,887,064 | ---- | M] () -- C:\Program Files (x86)\Maxthon\Core\Webkit\libGLESv2.dll

MOD - [2013/11/17 20:18:38 | 000,258,944 | ---- | M] () -- C:\Program Files (x86)\Maxthon\Bin\Maxzlib.dll

MOD - [2013/11/17 20:18:36 | 000,232,760 | ---- | M] () -- C:\Program Files (x86)\Maxthon\Addons\Mobile\MxMobile.dll

 

 

 

========== Services (SafeList) ==========

 

 

SRV:64bit: - [2013/10/20 02:23:22 | 006,254,152 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)

SRV:64bit: - [2013/09/24 11:53:32 | 000,164,056 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)

SRV:64bit: - [2012/12/08 14:50:00 | 000,472,216 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)

SRV:64bit: - [2012/12/03 10:18:48 | 002,436,096 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe -- (vmware-view-usbd)

SRV:64bit: - [2012/06/07 02:04:04 | 000,328,552 | ---- | M] (AuthenTec, Inc) [On_Demand | Stopped] -- C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe -- (FPLService)

SRV:64bit: - [2012/06/01 22:49:06 | 000,179,568 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM)

SRV:64bit: - [2012/06/01 22:48:58 | 000,061,296 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)

SRV:64bit: - [2012/06/01 22:48:38 | 000,058,224 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)

SRV:64bit: - [2012/05/29 17:27:14 | 000,144,992 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)

SRV:64bit: - [2012/05/24 01:05:28 | 000,216,072 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2)

SRV:64bit: - [2012/04/11 02:27:06 | 000,047,440 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)

SRV:64bit: - [2012/02/26 07:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)

SRV:64bit: - [2012/02/26 07:07:42 | 000,273,168 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2012/02/26 07:07:32 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2012/02/26 07:07:26 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2012/02/03 00:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV:64bit: - [2012/01/17 18:12:28 | 000,135,952 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)

SRV:64bit: - [2012/01/09 14:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)

SRV:64bit: - [2011/12/29 00:48:24 | 000,049,480 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)

SRV:64bit: - [2011/07/12 15:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)

SRV:64bit: - [2011/07/12 15:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

SRV:64bit: - [2011/07/12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV:64bit: - [2011/07/12 02:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)

SRV:64bit: - [2011/05/31 06:29:08 | 000,117,760 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DTS.exe -- (dtsvc)

SRV:64bit: - [2011/05/31 06:29:04 | 000,130,048 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ADMonitor.exe -- (ADMonitor)

SRV:64bit: - [2011/05/31 06:22:56 | 002,715,976 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\SysNative\ATService.exe -- (ATService)

SRV - [2013/12/22 14:34:26 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/11/30 12:15:14 | 000,070,144 | ---- | M] () [Auto | Running] -- C:\ProgramData\GorillaPrice\WatGorp.exe -- (WatGorp)

SRV - [2013/11/30 12:07:14 | 000,625,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe -- (GorillaPrice)

SRV - [2013/09/23 10:31:26 | 000,224,192 | ---- | M] (360.cn) [Auto | Running] -- C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe -- (ZhuDongFangYu)

SRV - [2013/06/26 14:57:38 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/11/20 13:08:32 | 000,919,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)

SRV - [2012/06/25 01:19:50 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012/05/24 01:05:34 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)

SRV - [2012/05/15 16:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)

SRV - [2012/05/15 16:32:00 | 001,662,560 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)

SRV - [2012/04/19 02:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)

SRV - [2012/03/27 10:02:04 | 001,104,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2012/03/27 10:02:02 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)

SRV - [2012/03/27 10:01:56 | 001,014,096 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2012/03/06 17:49:18 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012/03/06 17:49:16 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012/03/06 17:49:08 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®

SRV - [2012/03/06 17:49:04 | 000,163,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)

SRV - [2012/01/17 01:29:24 | 000,169,776 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe -- (FastbootService)

SRV - [2011/01/06 23:28:42 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)

SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2)

DRV:64bit: - [2013/12/21 00:41:51 | 000,223,032 | ---- | M] (Kingsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kisknl.sys -- (kisknl)

DRV:64bit: - [2013/10/31 12:02:10 | 000,234,680 | ---- | M] (360.cn) [File_System | System | Running] -- C:\Windows\SysNative\drivers\360fsflt.sys -- (360FsFlt)

DRV:64bit: - [2013/10/22 19:23:22 | 000,191,672 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BAPIDRV64.SYS -- (BAPIDRV)

DRV:64bit: - [2013/10/14 17:25:18 | 000,305,336 | ---- | M] (360.cn) [File_System | System | Running] -- C:\Windows\SysNative\drivers\360Box64.sys -- (360Box64)

DRV:64bit: - [2013/09/24 11:54:12 | 000,023,168 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)

DRV:64bit: - [2013/08/23 02:42:14 | 000,070,336 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\360AntiHacker64.sys -- (360AntiHacker)

DRV:64bit: - [2013/07/11 12:43:58 | 000,040,120 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\360Camera64.sys -- (360Camera)

DRV:64bit: - [2013/05/23 05:11:20 | 000,062,144 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\360netmon.sys -- (360netmon)

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/11/20 13:08:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2012/11/20 13:08:20 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)

DRV:64bit: - [2012/10/05 22:57:05 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2012/09/23 14:44:07 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/06/25 01:19:38 | 014,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012/06/20 21:46:46 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2012/06/19 14:32:20 | 000,431,928 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2012/06/19 14:32:20 | 000,027,448 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvIntel)

DRV:64bit: - [2012/05/15 16:32:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)

DRV:64bit: - [2012/04/13 11:06:42 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)

DRV:64bit: - [2012/04/13 11:06:42 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)

DRV:64bit: - [2012/04/13 11:06:42 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)

DRV:64bit: - [2012/04/11 02:27:04 | 000,042,280 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)

DRV:64bit: - [2012/03/28 15:16:48 | 000,216,704 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)

DRV:64bit: - [2012/03/26 18:07:06 | 000,033,344 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)

DRV:64bit: - [2012/03/08 01:59:08 | 001,602,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2012/02/20 14:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)

DRV:64bit: - [2012/02/13 11:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)

DRV:64bit: - [2012/02/13 10:53:54 | 000,095,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)

DRV:64bit: - [2012/01/09 14:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)

DRV:64bit: - [2012/01/09 14:32:40 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)

DRV:64bit: - [2011/12/29 00:48:24 | 000,147,784 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)

DRV:64bit: - [2011/12/29 00:48:24 | 000,025,416 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)

DRV:64bit: - [2011/12/26 04:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)

DRV:64bit: - [2011/12/23 07:37:12 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/12/20 19:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)

DRV:64bit: - [2011/12/20 19:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)

DRV:64bit: - [2011/12/08 15:24:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/12/08 15:24:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/12/07 20:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd)

DRV:64bit: - [2011/11/30 14:19:46 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)

DRV:64bit: - [2011/11/10 04:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2011/10/26 21:27:52 | 000,259,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)

DRV:64bit: - [2011/08/23 07:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/05/29 05:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)

DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/09/07 13:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2013/01/20 15:15:58 | 000,065,856 | ---- | M] (WinMount International Inc) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\WMDrive.sys -- (WMDrive)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://weibo.com/lordyama

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.987.com/?WY

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://weibo.com/

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = "http://www.987.com/?WY" 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.987.com/?WY

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = "http://www.987.com/?WY" 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.987.com/?WY

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://my.snhu.edu/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=5

IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\..\SearchScopes\{41D5AD6E-9CC7-4656-8E72-2AFE0B25B4F0}: "URL" = http://search.findwide.com/serp?guid={67274129-CA04-4A98-9280-97E87D5A2107}&action=default_search&serpv=22&k={searchTerms}

IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS504

IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\..\SearchScopes\{FEA1D6F5-3FC9-44B8-8020-CCCC824BBA10}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10883

IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8080

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdsetup: C:\Windows\Downloaded Program Files\5432610\npxbdsetup.dll ()

FF - HKLM\Software\MozillaPlugins\@iciba.com/GrabWord: C:\Program Files (x86)\Kingsoft\PowerWordDict\plugin\NPAPI\npGrabWord.dll File not found

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@kingsfot.com/npkws: c:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )

FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll (Tencent)

FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll ()

FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll (Tencent)

FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.32\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\WMZHE\Pure Codec\Real Player\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\WMZHE\Pure Codec\Real Player\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tencent.com/npQQMailWebKit,version=1.0.0.1: C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll (Tencent)

FF - HKLM\Software\MozillaPlugins\@tencent.com/nptxftnWebKit,version=1.0.0.1: C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@wandoujia.com: C:\Program Files (x86)\WandouLabs\npWandoujiaHelper.dll (wandoujia.com)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@360.cn/360MMPlugin: C:\Program Files (x86)\360\360Safe\MobileMgr\np360MMPlugIn.dll (360.cn)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\LYON\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\xdict@www.iciba.com: C:\Program Files (x86)\Kingsoft\PowerWordDict\plugin\Firefox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP5X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012/09/23 15:23:21 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\dict@www.youdao.com: C:\Users\LYON\AppData\Local\Youdao\Dict\Application\stable\extensions\firefox [2013/12/22 14:35:16 | 000,000,000 | ---D | M]

 

[2013/11/15 03:30:36 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

 

========== Chrome  ==========

 

CHR - default_search_provider: FindWide (Enabled)

CHR - default_search_provider: search_url = http://search.findwide.com/serp?guid={67274129-CA04-4A98-9280-97E87D5A2107}&action=default_search&serpv=22&k={searchTerms}

CHR - default_search_provider: suggest_url = ,

CHR - homepage: http://search.findwide.com/?guid={67274129-CA04-4A98-9280-97E87D5A2107}&serpv=22

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

CHR - plugin: TrueSuite (Enabled) = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\npwebsitelogon.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Windows Media Player\np-mswmp.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: 360MMPlugin (Enabled) = C:\Program Files (x86)\360\360safe\MobileMgr\np360MMPlugIn.dll

CHR - plugin: QQ2011 (Enabled) = C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll

CHR - plugin: Tencent SSO Platform (Enabled) = C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.80\Bin\npSSOAxCtrlForPTLogin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll

CHR - plugin: QQMusic (Enabled) = C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll

CHR - plugin: npQQPhotoDrawEx (Enabled) = C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\WMZHE\Pure Codec\Real Player\browser\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\WMZHE\Pure Codec\Real Player\browser\plugins\nprpjplug.dll

CHR - plugin: Wandoujia Plugin (Enabled) = C:\Program Files (x86)\WandouLabs\npWandoujiaHelper.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\LYON\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: Website Logon = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0\

CHR - Extension: \u7F51\u9875\u622A\u56FE\uFF08\u7531Google\u63D0\u4F9B\uFF09 = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.6_0\

CHR - Extension: Ratchet & Clank Future 2 = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\

CHR - Extension: \u4F18\u9177\u6D77\u5916\u7248 = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\emmoddikhgncnaikamapbkggedoafomi\2.8_0\

CHR - Extension: \u5FEB\u6377\u5DE5\u5177\uFF08\u7531Google\u63D0\u4F9B\uFF09 = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.32_0\

CHR - Extension: Change Colors = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbmkekhehjedonbhoikhhkmlapalklgn\2.144_0\

CHR - Extension: \u89C6\u9891\u4E0B\u8F7D\u5668 = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdnbhldpiapfgmcphnalacpaaociblnm\1.0_0\

CHR - Extension: Google \u7535\u5B50\u94B1\u5305 = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

CHR - Extension: Unblock Youku = C:\Users\LYON\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.9.3_0\

 

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (TrueSuite Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.dll (AuthenTec Inc.)

O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (IEHelper Class) - {000DA090-57AA-424B-A8F0-621B7C08B8F4} - C:\Program Files (x86)\WandouLabs\wandoujia_bho32.dll (Wandoulabs)

O2 - BHO: (no name) - {0F4BF955-A127-41B7-A998-369904AA2578} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (TrueSuite Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)

O2 - BHO: (SafeMon Class) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files (x86)\360\360Safe\safemon\safemon.dll (360.cn)

O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)

O2 - BHO: (QQÏÂÔØÖúÊÖä¯ÀÀÆ÷¿Ø¼þ) - {C9C7334B-5657-41e1-8F79-F6AACECA05F4} - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\41\Browser\QQIEHelper01.dll (Tencent Technology (Shenzhen) Company Limited)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (AccountProtectBHO Class) - {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} - C:\Users\LYON\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll (Tencent)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4:64bit: - HKLM..\Run: []  File not found

O4:64bit: - HKLM..\Run: [ATUpdatePBA.ltp] C:\Windows\SysWOW64\ATUpdatePBA.exe (AuthenTec, Inc.)

O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)

O4:64bit: - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)

O4:64bit: - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.)

O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (Authentec Inc.)

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)

O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)

O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo)

O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)

O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)

O4 - HKLM..\Run: [kxesc] "c:\program files (x86)\kingsoft\kingsoft antiviruskxetray.exe" -autorun File not found

O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

O4 - HKU\.DEFAULT..\Run: [360sd] "C:\Program Files (x86)\360\360sd\360sdrun.exe" File not found

O4 - HKU\S-1-5-18..\Run: [360sd] "C:\Program Files (x86)\360\360sd\360sdrun.exe" File not found

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1142630531-3674883881-839332835-1000..\Run: [QQ2009] C:\Program Files (x86)\Tencent\QQ\QQProtect\Bin\QQProtect.exe (Tencent)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O7 - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1

O7 - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221

O7 - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0

O7 - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\..Trusted Domains: sharepoint.com ([snhu] https in Trusted sites)

O15 - HKU\S-1-5-21-1142630531-3674883881-839332835-1000\..Trusted Domains: sharepoint.com ([snhu-my] https in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00}: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15AF22A8-0996-432B-A5DB-FCDE5E627A00}: NameServer = 156.154.70.25,156.154.71.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D69048E5-8712-4B0C-81A7-F0C3B66B6FD3}: NameServer = 156.154.70.25,156.154.71.25

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\osf - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30:64bit: - LSA: Security Packages - (wsauth) - C:\Windows\SysNative\wsauth.dll (VMware, Inc.)

O30 - LSA: Security Packages - (wsauth) -  File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{68816246-05b7-11e2-8b8b-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{68816246-05b7-11e2-8b8b-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/12/22 19:54:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\LYON\Desktop\OTL.exe

[2013/12/22 19:12:45 | 000,000,000 | ---D | C] -- C:\FRST

[2013/12/22 18:33:50 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Local\Tencent

[2013/12/22 18:31:34 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件

[2013/12/22 18:31:33 | 004,959,096 | ---- | C] (Tencent) -- C:\Windows\SysNative\qqpinyinime_backup0.ime

[2013/12/22 18:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tencent

[2013/12/22 18:31:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tencent

[2013/12/22 17:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Tencent

[2013/12/22 17:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2013/12/22 15:10:13 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\LYON\Desktop\dds.com

[2013/12/22 14:56:46 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Roaming\Malwarebytes

[2013/12/22 14:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/12/22 14:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/12/22 14:56:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/12/22 14:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/12/22 14:55:11 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\LYON\Desktop\mbam-setup-1.75.0.1300.exe

[2013/12/22 13:48:40 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Roaming\Maxthon3

[2013/12/22 13:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxthon

[2013/12/22 13:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\傲游云浏览器

[2013/12/22 13:17:42 | 004,959,096 | ---- | C] (Tencent) -- C:\Windows\SysNative\QQPinyin_1.ime

[2013/12/22 13:17:42 | 004,959,096 | ---- | C] (Tencent) -- C:\Windows\SysNative\QQPinyin.ime

[2013/12/22 12:21:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/12/22 12:04:23 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Local\VS Revo Group

[2013/12/22 12:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group

[2013/12/22 12:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

[2013/12/22 12:04:19 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys

[2013/12/22 12:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2013/12/22 11:22:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/12/22 10:51:03 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Roaming\360mobilemgr

[2013/12/22 10:44:37 | 000,000,000 | ---D | C] -- C:\Windows\tasks\360Disabled

[2013/12/22 10:40:58 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Roaming\360safe

[2013/12/22 10:40:24 | 000,039,112 | ---- | C] (360.cn) -- C:\Windows\SysNative\drivers\360LanProtect.sys

[2013/12/22 10:40:16 | 000,234,680 | ---- | C] (360.cn) -- C:\Windows\SysNative\drivers\360fsflt.sys

[2013/12/22 10:40:08 | 000,070,336 | ---- | C] (360.cn) -- C:\Windows\SysNative\drivers\360AntiHacker64.sys

[2013/12/22 10:40:06 | 000,040,120 | ---- | C] (360.cn) -- C:\Windows\SysNative\drivers\360Camera64.sys

[2013/12/22 10:40:05 | 000,305,336 | ---- | C] (360.cn) -- C:\Windows\SysNative\drivers\360Box64.sys

[2013/12/22 10:40:05 | 000,000,000 | RHSD | C] -- C:\360SANDBOX

[2013/12/22 10:40:00 | 000,146,872 | ---- | C] (360.cn) -- C:\Windows\SysWow64\360SoftMgr.cpl

[2013/12/22 10:39:50 | 000,062,144 | ---- | C] (360.cn) -- C:\Windows\SysNative\drivers\360netmon.sys

[2013/12/22 10:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全中心

[2013/12/21 14:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

[2013/12/21 14:08:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2013/12/21 14:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft

[2013/12/21 14:06:54 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2013/12/21 14:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server

[2013/12/21 14:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services

[2013/12/21 14:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2013/12/21 14:02:11 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2013/12/21 12:55:24 | 000,000,000 | ---D | C] -- C:\360Downloads

[2013/12/21 12:47:27 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Local\TNT2

[2013/12/21 12:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\abc

[2013/12/21 01:24:32 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Roaming\Open Download Manager

[2013/12/21 01:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\GorillaPrice

[2013/12/21 01:23:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GorillaPrice

[2013/12/21 00:42:10 | 000,000,000 | -HSD | C] -- C:\KRECYCLE

[2013/12/21 00:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\金山毒霸

[2013/12/21 00:41:52 | 000,084,328 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksapi.sys

[2013/12/21 00:41:52 | 000,019,352 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksskrpr.sys

[2013/12/21 00:41:52 | 000,018,296 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kusbquery64.sys

[2013/12/21 00:41:52 | 000,014,200 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kusbquery.sys

[2013/12/21 00:41:51 | 000,223,032 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl64.sys

[2013/12/21 00:41:51 | 000,223,032 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl.sys

[2013/12/21 00:41:51 | 000,152,888 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker64.sys

[2013/12/21 00:41:51 | 000,101,176 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker.sys

[2013/12/21 00:41:50 | 000,031,848 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc64.sys

[2013/12/21 00:41:50 | 000,027,240 | ---- | C] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc.sys

[2013/12/21 00:02:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache

[2013/12/20 22:35:40 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Local\Programs

[2013/12/20 22:04:48 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Local\liebao

[2013/12/20 22:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Office2013激活工具

[2013/12/20 21:30:45 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Local\Microsoft Toolkit

[2013/12/20 20:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2013/12/20 18:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Toolkit

[2013/12/20 16:52:06 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Local\assembly

[2013/12/20 16:52:03 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Local\Deployment

[2013/12/20 16:52:03 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Local\Apps

[2013/12/20 15:03:56 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Roaming\BaiduYunGuanjia

[2013/12/20 14:47:23 | 000,000,000 | ---D | C] -- C:\Users\LYON\Documents\EViews User Objects

[2013/12/20 14:47:23 | 000,000,000 | ---D | C] -- C:\Users\LYON\Documents\EViews Addins

[2013/12/20 14:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EViews 8

[2013/12/20 14:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\IHS EViews

[2013/12/20 14:46:37 | 000,000,000 | ---D | C] -- C:\Users\LYON\AppData\Roaming\InstallShield Installation Information

[2013/12/20 14:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EViews 8

 

========== Files - Modified Within 30 Days ==========

 

[2013/12/22 19:58:25 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat

[2013/12/22 19:54:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LYON\Desktop\OTL.exe

[2013/12/22 18:57:27 | 001,233,962 | ---- | M] () -- C:\Users\LYON\Desktop\AdwCleaner.exe

[2013/12/22 18:42:34 | 000,002,262 | ---- | M] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/12/22 18:36:02 | 000,791,022 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/12/22 18:36:02 | 000,661,088 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/12/22 18:36:02 | 000,123,840 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/12/22 18:34:25 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/12/22 18:34:25 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/12/22 18:32:34 | 000,002,261 | ---- | M] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\腾讯QQ.lnk

[2013/12/22 18:29:33 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

[2013/12/22 18:28:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/12/22 18:28:25 | 2901,901,312 | -HS- | M] () -- C:\hiberfil.sys

[2013/12/22 17:47:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

[2013/12/22 15:10:13 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\LYON\Desktop\dds.com

[2013/12/22 14:56:19 | 000,001,144 | ---- | M] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2013/12/22 14:56:19 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/12/22 14:55:11 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\LYON\Desktop\mbam-setup-1.75.0.1300.exe

[2013/12/22 14:20:09 | 000,001,142 | ---- | M] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

[2013/12/22 11:46:52 | 000,526,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/12/22 11:35:45 | 000,776,934 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/12/22 11:29:32 | 004,177,920 | ---- | M] () -- C:\Windows\SysNative\360rescue.img

[2013/12/22 10:39:50 | 000,001,260 | ---- | M] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\360软件管家.lnk

[2013/12/22 10:39:50 | 000,001,116 | ---- | M] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全卫士.lnk

[2013/12/21 00:41:52 | 000,084,328 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksapi.sys

[2013/12/21 00:41:52 | 000,019,352 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\ksskrpr.sys

[2013/12/21 00:41:52 | 000,018,296 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kusbquery64.sys

[2013/12/21 00:41:52 | 000,014,200 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kusbquery.sys

[2013/12/21 00:41:51 | 000,223,032 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl64.sys

[2013/12/21 00:41:51 | 000,223,032 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kisknl.sys

[2013/12/21 00:41:51 | 000,152,888 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker64.sys

[2013/12/21 00:41:50 | 000,101,176 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kdhacker.sys

[2013/12/21 00:41:50 | 000,031,848 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc64.sys

[2013/12/21 00:41:50 | 000,027,240 | ---- | M] (Kingsoft Corporation) -- C:\Windows\SysNative\drivers\kavbootc.sys

[2013/12/19 18:08:49 | 000,001,851 | ---- | M] () -- C:\Windows\SysWow64\cid_store.dat

 

========== Files Created - No Company Name ==========

 

[2013/12/22 18:57:27 | 001,233,962 | ---- | C] () -- C:\Users\LYON\Desktop\AdwCleaner.exe

[2013/12/22 14:56:19 | 000,001,144 | ---- | C] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2013/12/22 14:56:19 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/12/22 11:29:32 | 004,177,920 | ---- | C] () -- C:\Windows\SysNative\360rescue.img

[2013/12/22 10:39:50 | 000,001,260 | ---- | C] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\360软件管家.lnk

[2013/12/22 10:39:50 | 000,001,116 | ---- | C] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全卫士.lnk

[2013/12/21 14:15:27 | 000,001,142 | ---- | C] () -- C:\Users\LYON\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

[2013/06/03 14:31:00 | 000,000,182 | ---- | C] () -- C:\Windows\venple.ini

[2013/04/28 12:14:11 | 000,000,000 | ---- | C] () -- C:\Windows\LiveUpdate.INI

[2013/03/09 18:12:00 | 000,776,934 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/02/25 13:32:18 | 000,000,252 | ---- | C] () -- C:\Windows\KillSwitch.INI

[2013/02/02 22:43:55 | 000,001,851 | ---- | C] () -- C:\Windows\SysWow64\cid_store.dat

[2013/01/23 16:09:17 | 000,000,029 | ---- | C] () -- C:\Windows\AdvConfig.ini

[2013/01/10 09:55:55 | 000,000,258 | RHS- | C] () -- C:\Users\LYON\ntuser.pol

[2013/01/10 09:55:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2012/10/12 19:07:33 | 000,001,042 | ---- | C] () -- C:\Users\LYON\AppData\Roaming\coreavc.ini

[2012/10/03 01:27:57 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat

[2012/10/03 00:07:33 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll

[2012/10/02 23:29:06 | 000,016,645 | ---- | C] () -- C:\Users\LYON\AppData\Roaming\AbsoluteReminder.xml

[2012/10/02 23:28:25 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat

[2012/09/23 14:55:28 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin

[2012/09/23 14:55:27 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin

[2012/09/23 14:55:25 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012/09/23 14:55:23 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll

[2012/02/03 00:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

 

========== ZeroAccess Check ==========

 

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/09/23 14:43:32 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/09/23 14:43:32 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013/12/22 14:41:54 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\360Desktop

[2013/12/17 21:13:25 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\360DiagnoseScan

[2013/12/22 11:05:26 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\360Login

[2013/12/22 11:17:22 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\360mobilemgr

[2013/12/22 14:34:54 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\360safe

[2013/03/18 09:05:04 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\360se

[2013/02/11 19:06:02 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\360SuperKiller

[2013/12/20 16:23:51 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\BaiduYunGuanjia

[2013/01/10 20:22:48 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\CachedFiles

[2013/01/09 15:46:25 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Design Science

[2013/05/31 18:21:11 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Dropbox

[2013/06/23 20:42:25 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\ELEX

[2012/10/03 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\FileOpen

[2012/10/03 02:02:15 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Foxit Software

[2013/10/13 14:33:07 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Kingsoft

[2012/10/02 23:32:34 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Leadertech

[2012/10/02 23:34:10 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Lenovo

[2013/09/21 23:24:24 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\LSC

[2013/12/22 13:48:51 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Maxthon3

[2013/12/22 18:33:43 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Nitro PDF

[2013/12/21 10:59:36 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Open Download Manager

[2012/10/02 23:55:01 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\POTPLAYERMINI

[2013/07/19 09:56:18 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\PPStream

[2012/10/03 00:39:40 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\PwrMgr

[2013/01/07 20:02:31 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Quantitative Micro Software

[2013/12/22 18:35:30 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Tencent

[2013/01/07 12:48:14 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\TuneUp Software

[2013/01/20 14:23:57 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Ulead Systems

[2013/06/03 19:58:25 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Vensim

[2013/12/15 01:28:18 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Wandoujia2

[2012/10/16 17:27:24 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Windows Live Writer

[2013/01/20 15:16:55 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\WinMount

[2012/11/07 12:45:33 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Xigou

[2013/01/10 21:00:43 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\YozoWeboffice

[2013/01/10 21:00:52 | 000,000,000 | ---D | M] -- C:\Users\LYON\AppData\Roaming\Yozo_Office

 

========== Purity Check ==========

 

 

 

========== Files - Unicode (All) ==========

[2013/10/18 18:53:58 | 101,890,677 | ---- | M] ()(C:\Windows\SysWow64\?熅?|) -- C:\Windows\SysWow64\쫢熅ᅌ¦

[2013/10/18 12:53:50 | 101,890,677 | ---- | C] ()(C:\Windows\SysWow64\?熅?|) -- C:\Windows\SysWow64\쫢熅ᅌ¦

[2013/10/16 09:48:19 | 101,406,750 | ---- | M] ()(C:\Windows\SysWow64\?醺??) -- C:\Windows\SysWow64\ਥ醺ᅌ

[2013/10/16 09:48:19 | 101,406,750 | ---- | C] ()(C:\Windows\SysWow64\?醺??) -- C:\Windows\SysWow64\ਥ醺ᅌ

[2013/10/14 15:42:49 | 100,975,419 | ---- | M] ()(C:\Windows\SysWow64\恁莝?6) -- C:\Windows\SysWow64\恁莝ᅌ6

[2013/10/14 09:43:11 | 100,975,419 | ---- | C] ()(C:\Windows\SysWow64\恁莝?6) -- C:\Windows\SysWow64\恁莝ᅌ6

[2013/10/13 20:24:58 | 100,838,141 | ---- | M] ()(C:\Windows\SysWow64\?箠?W) -- C:\Windows\SysWow64\ᖭ箠ᅌW

[2013/10/13 08:25:02 | 100,838,141 | ---- | C] ()(C:\Windows\SysWow64\?箠?W) -- C:\Windows\SysWow64\ᖭ箠ᅌW

 

< End of report >

[summerINlyon]

 

 

 

Extra.txt

 

 

OTL Extras logfile created on: 12/22/13 19:55:22 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\LYON\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

 

3.60 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 43.15% Memory free

7.21 Gb Paging File | 4.52 Gb Available in Paging File | 62.69% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 464.29 Gb Total Space | 12.80 Gb Free Space | 2.76% Space Free | Partition Type: NTFS

 

Computer Name: NOBEL | User Name: LYON | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_USERS\S-1-5-21-1142630531-3674883881-839332835-1000\SOFTWARE\Classes\<extension>]

.html [@ = Max3.Association.HTML] -- C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Playback] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" "%1" (Alen Soft)

Directory [PlayList] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" /a "%1" (Alen Soft)

Directory [PotPlayer.Enqueue] -- "C:\PROGRAM FILES (X86)\WMZHE\PURE CODEC\POTPLAYERMINI.EXE" "%1"  /Add ()

Directory [PotPlayer.Play] -- "C:\PROGRAM FILES (X86)\WMZHE\PURE CODEC\POTPLAYERMINI.EXE" "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Playback] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" "%1" (Alen Soft)

Directory [PlayList] -- "C:\Program Files (x86)\TTPlayer\TTPlayer.exe" /a "%1" (Alen Soft)

Directory [PotPlayer.Enqueue] -- "C:\PROGRAM FILES (X86)\WMZHE\PURE CODEC\POTPLAYERMINI.EXE" "%1"  /Add ()

Directory [PotPlayer.Play] -- "C:\PROGRAM FILES (X86)\WMZHE\PURE CODEC\POTPLAYERMINI.EXE" "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\software\jinshan ciba\Powerword 2007\xdict.exe" = C:\software\jinshan ciba\Powerword 2007\xdict.exe:*:Enabled:Kingsoft PowerWord

"C:\software\jinshan ciba\Powerword 2007\update.exe" = C:\software\jinshan ciba\Powerword 2007\update.exe:*:Enabled:Kingsoft PowerWord Online Update

"C:\PROGRAM FILES (X86)\WMZHE\PURE CODEC\POTPLAYERMINI.EXE" = C:\PROGRAM FILES (X86)\WMZHE\PURE CODEC\POTPLAYERMINI.EXE:*:Enabled:PotPlayer -- ()

"C:\software\jinshan ciba\Powerword 2007\xdict.exe" = C:\software\jinshan ciba\Powerword 2007\xdict.exe:*:Enabled:Kingsoft PowerWord

"C:\software\jinshan ciba\Powerword 2007\update.exe" = C:\software\jinshan ciba\Powerword 2007\update.exe:*:Enabled:Kingsoft PowerWord Online Update

"C:\PROGRAM FILES (X86)\WMZHE\PURE CODEC\POTPLAYERMINI.EXE" = C:\PROGRAM FILES (X86)\WMZHE\PURE CODEC\POTPLAYERMINI.EXE:*:Enabled:PotPlayer -- ()

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] 

"{0EC3039D-22E3-4E50-A7B2-BE7EEB5D2199}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{104DFE0B-7440-4F45-87A5-1F7BC101973A}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{19793493-3456-46FD-8DC4-E8F739D66272}" = lport=139 | protocol=6 | dir=in | app=system | 

"{2961B694-B81E-4750-BB25-BEF21DC177FC}" = rport=137 | protocol=17 | dir=out | app=system | 

"{4FE20D1B-70CF-46D3-A3D8-6CA9F2C8D6E6}" = lport=138 | protocol=17 | dir=in | app=system | 

"{55E40586-281B-499D-8CF3-A259BA5898C3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{61B46D9E-E8DA-45B4-BC14-95FEB7442F77}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{69A5AA02-C3C4-48B5-A58F-ACAAA258A04C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{7356F68C-872A-470E-8FDA-6A9B51CD7683}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{79BE2C9E-2F5B-483D-8DEC-C0C221C1F093}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe | 

"{7D25ADD2-83F9-4449-BF52-7D7A4E77A019}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{82C44682-364F-4A5C-9872-697D8CA19F44}" = rport=138 | protocol=17 | dir=out | app=system | 

"{8CDF0113-761E-4F80-A311-1D50E829E832}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{921C987C-BAEE-4428-94C3-6B0B84BC8ABF}" = lport=445 | protocol=6 | dir=in | app=system | 

"{A94539D5-2CCE-4E0E-9C10-3D5900AE6AEC}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{B1FE831E-BE05-49D6-B906-19476A89BC02}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{B61FF255-9C67-44DF-8FDD-D4D6973B9BF3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{C0314902-14CA-4F5C-B361-208D8BCB38EC}" = rport=139 | protocol=6 | dir=out | app=system | 

"{D6053A39-1FE0-40F8-B1C8-97BB70EFC8DC}" = lport=137 | protocol=17 | dir=in | app=system | 

"{E7BC0EC1-2853-488A-B139-F6E2EDA229C0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{F90EDDF0-08AF-4291-A35F-161B709998F5}" = rport=445 | protocol=6 | dir=out | app=system | 

"{FEF3B342-FE43-454C-813D-CA0525EACF4D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00F1BCAE-D04A-4551-8EBD-E52A2A91F4AD}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | 

"{060EC23F-9B81-4615-8C00-8ED4439508CA}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe | 

"{0673B12A-4413-492F-B049-E76758DF71B7}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyconfig.exe | 

"{069BE544-3DA6-4298-8183-4F261F76EC46}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpylevel.exe | 

"{086032DC-6B07-447F-99CF-FB2E9B60105D}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpymblog.exe | 

"{08993227-B146-4679-A583-517FD906F9D9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{0DDEF93D-C46E-4D16-AC9B-4518802DA9E3}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\maupdat.exe | 

"{1009DA10-EE93-432A-8BB9-E3B8E2AB5AB4}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | 

"{10CD4995-F82B-44D7-9AAA-7E54D42866F7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe | 

"{120C75CF-EE58-42F6-B525-377AF1B28B8A}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpylevel.exe | 

"{1417F798-8FBA-4035-84F8-DFD551668966}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\statreport.exe | 

"{143022F3-3D68-4C6E-B387-CA9EA8458791}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimedownload.exe | 

"{150E873E-A765-453C-BAD8-B2D95B6EDD8A}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpcdetector.exe | 

"{1533ECB7-6B10-468A-B268-B7AAF3EBAC77}" = protocol=17 | dir=in | app=c:\users\lyon\appdata\roaming\tencent\qq\stemp\backupdltmp\download\miniqtupdate.exe | 

"{1568AA90-AE92-4DCA-B250-60C0D1761AAF}" = dir=in | app=c:\users\public\documents\tencent\qqgamemicro\qqgamemicro.exe | 

"{16055792-B85E-4F05-B9CF-F9AFB5B4FECB}" = protocol=6 | dir=in | app=c:\program files (x86)\wandoulabs\wandoujia2.exe | 

"{1848DF01-98EB-47DB-83AA-2FD5803608AB}" = protocol=6 | dir=in | app=c:\users\lyon\appdata\roaming\tencent\qq\stemp\backupdltmp\download\miniqtupdate.exe | 

"{18AB64CC-2088-4565-BE5F-A93665A97A2B}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpymblog.exe | 

"{19B0649D-222A-4501-AF67-F8200E44F0A5}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimedownload.exe | 

"{1AC53BDC-31EC-457A-A945-3FCAEECB58A0}" = protocol=6 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baidusetupax_0.exe | 

"{1C1D932C-9B1B-451C-8325-692739E31A57}" = dir=in | app=c:\users\public\documents\tencent\qqgamemicro\ieproc.exe | 

"{1C36F44A-6213-41E9-8C31-D0534CFAC9BF}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpycloud.exe | 

"{1CB055B4-58CE-4778-9587-24C2D5BF5128}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\auclt.exe | 

"{1D27B36E-9F03-49CB-B763-3B5CC18CDAF7}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyliveup.exe | 

"{1EEC6279-8B40-4390-8BC8-CE4EEE3B9A68}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpylevel.exe | 

"{1F27A7FF-407F-4B58-8074-6C6E1AE8D8B3}" = dir=in | app=c:\programdata\baidu\baiduplayer\bdupdate3.2.1.107.exe | 

"{1F97124D-B831-47E8-B40A-B3E3C048A717}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon4\bin\mxup.exe | 

"{21DEC6CD-2386-4329-91F4-04AA670D0EB4}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe | 

"{23494F52-B648-4A6B-BE2C-810C51A8746F}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe | 

"{23D4EE6A-F19D-4D5A-B807-B214D98D5098}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | 

"{23E37202-7150-42D0-9005-F5B4F5D9072C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 

"{24077C52-6D17-4C8C-B750-2CEFA9E92E39}" = dir=in | app=c:\users\public\documents\tencent\qqgamemicro\ieproc.exe | 

"{242CA5AC-313C-4D36-8ABF-AB7F143B8525}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpycloud.exe | 

"{249872A5-4A37-4FED-8F86-A6A9B3B2B151}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpymblog.exe | 

"{262E1D4D-7B2A-460B-8415-6010B1F6F2B7}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\qqprotect\bin\qqprotect.exe | 

"{266354A5-C880-4975-8CD3-AFFDFB53B75B}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon4\bin\maxthon.exe | 

"{27645871-E1E7-4A0E-8AA1-81E1A6F8C6B4}" = protocol=6 | dir=out | app=system | 

"{27662D0E-6E98-4A11-8BD3-3BD3C56010ED}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpydict.exe | 

"{286D701D-FBDB-4957-881C-422D888C65C3}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyhandinput.exe | 

"{2B8E85CF-53B0-4A99-ACF5-0E7FBC5BE5B2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{2FDBB6C2-A77D-4680-AD6D-7ACFF7B478CA}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | 

"{30D9DE2C-BB07-4144-9F0F-8355A73B301C}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimeregdict.exe | 

"{315222BA-D90B-42C4-B9D7-1C2489ABE184}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\malauncher.exe | 

"{31E0619D-F247-47DE-81AF-4A8F5BB3481C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{31F2547C-8B97-462E-A538-C33EBB92086F}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\statreport.exe | 

"{3513D270-513D-40AA-99F6-ACF249605999}" = protocol=6 | dir=in | app=c:\users\lyon\appdata\roaming\dropbox\bin\dropbox.exe | 

"{3713D3C9-AE88-4447-933C-615934D59FAD}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\statreport.exe | 

"{38DCBBF5-4D1D-4D7E-8FD6-82FC5995B012}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{38F31F69-BA8B-4BAE-A25D-2E91C2BFF088}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyhandinput.exe | 

"{39E03701-BF69-49D3-AF06-FA68E043754C}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\auclt.exe | 

"{3B408579-632E-4E98-9320-88DB5064A13E}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | 

"{3C62BF4C-2ADD-48F3-9F93-4DC36C987F1D}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe | 

"{3EE643EA-E0FA-4490-B947-9DE956318758}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyliveup.exe | 

"{414B5E29-8589-408A-B5E7-B05FC57A517F}" = protocol=17 | dir=in | app=c:\program files (x86)\wandoulabs\wandoujia2.exe | 

"{43C63748-532C-481C-9EE6-C5FD410F7794}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpymblog.exe | 

"{44DCCFFB-3C96-47A1-931D-866C42D5F613}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyconfig.exe | 

"{456D187B-4062-4DB3-9DFF-392836257CC7}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimedownload.exe | 

"{46C08A47-2760-4E16-9B1D-5EC5B1C10D09}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpymblog.exe | 

"{46E99874-4125-46ED-8C87-23D8C7A6B17C}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyconfig.exe | 

"{46F09F08-AEC6-4342-B56A-22E7A4EB9A82}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpydict.exe | 

"{47B57521-9C11-4E17-A6F0-B94556133A42}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyhandinput.exe | 

"{47D93FE8-79EC-4BD1-96D4-65FA3B794C69}" = protocol=6 | dir=in | app=c:\users\lyon\desktop\360安全卫士inst.exe | 

"{485BD379-AEA1-42B9-922E-12E051944994}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{48F233D2-FB88-4E72-A543-316116AE6A1C}" = protocol=17 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baidusetupax_0.exe | 

"{4A1FA2C2-448A-46CD-8256-FE899EE2B8DF}" = dir=in | app=c:\program files (x86)\common files\tencent\qqminidl\41\qqminidlui.exe | 

"{4A3F1ED8-5074-43D0-BCF3-DB5D47C38EAC}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baidup2pservice.exe | 

"{4B4DF298-3B24-4FBB-9815-E417FC123140}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe | 

"{4B632C10-3EB4-4B35-A584-040A1F324A86}" = protocol=6 | dir=in | app=c:\users\lyon\appdata\local\temp\nsr2883.tmp\qqpcdetector.exe | 

"{4C0D9ED1-8D17-4ED7-A940-338DE05FC4EB}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpydict.exe | 

"{4D581A0C-EB91-4584-B02F-AF1206EB1B32}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{4E1AEE92-0FC0-44A7-8A95-08DB45DA675C}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpymblog.exe | 

"{4E6B4C9C-E3FE-4A48-BF02-1A951C4CCF89}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpylevel.exe | 

"{51D7A38C-68F6-4AF7-AAA9-534D06B5755F}" = dir=in | app=c:\users\lyon\appdata\local\microsoft\skydrive\skydrive.exe | 

"{53632296-3E9F-4109-ACF7-E10D8EE6EFA7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe | 

"{579AF96A-C379-4CD8-A333-4EEA549C08CA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{57DF70D4-865B-4A89-8310-947B7444F649}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyconfig.exe | 

"{582A4DEE-EAF8-49AE-B180-B5069F2E491A}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe | 

"{589C8066-8AC0-4978-8116-19EA805F627F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{5B64ABF3-A951-4EFF-9984-956B0B616CD4}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimeregskin.exe | 

"{5D905630-F282-43D4-AD37-452836C4BCF3}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpydict.exe | 

"{5DCA0485-4837-41A7-AD0F-C8E22C8C3FEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{5EACAE8A-97E9-4FFF-8FC3-66102E3D35E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{5F0ADEAC-DD50-4994-9DCD-339D2893AB49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{5FA5E12E-332F-4CB0-9090-F2CAAF25516E}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimeregskin.exe | 

"{62B6D4B2-BA93-45FD-9C8D-DE395881193F}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimedownload.exe | 

"{64F7811D-F6DE-4BF7-97F9-9F51153DBA3C}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe | 

"{65D4AF15-BFEB-4E19-B9A7-FB861C232180}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon4\bin\mxup.exe | 

"{67790C4A-6D6A-4750-914E-7E8A8453FA8A}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpydict.exe | 

"{6AB7ED7D-DE6B-4854-92D1-10222DD71CD6}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baidup2pservice.exe | 

"{6D0A443C-599F-4D79-8FB1-86FB1EEA7016}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyhandinput.exe | 

"{6D611D05-C35D-4940-8A89-3BE25DBD0662}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 

"{6E2CC295-85DB-4D45-B5D3-2B20B9DA8FA4}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyhandinput.exe | 

"{6E5DA448-017A-4552-B177-C97F3636E479}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpylevel.exe | 

"{6F374B15-2B4E-423B-A3CE-929E061FB266}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{70666ADE-31D4-4A70-9CD9-8298134828A0}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\statreport.exe | 

"{716AC591-2A57-4940-A676-AD0AB58CF4C9}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\malauncher.exe | 

"{71BEB63B-2B81-4881-AB66-33B32BCDDE2E}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpycloud.exe | 

"{727CE28C-388A-4A73-9D1F-E254877E1A69}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyliveup.exe | 

"{7698D85F-9516-42B4-A20C-9280C6F8003F}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyconfig.exe | 

"{778C88AC-4C92-46BD-BBE1-27ED8C1D1566}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{7990C131-92E9-4232-9E6A-C7A187F8CF73}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpcdetector.exe | 

"{7ACC0BDC-46C0-46F4-A536-66F6C9CFE465}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | 

"{7E1B986E-CE80-453F-884A-4E1294875EA7}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyliveup.exe | 

"{7F467C91-CA37-4F39-8D71-53B36B80200D}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimedownload.exe | 

"{7F59644E-68D0-431A-A8ED-AA6BC7230DE0}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | 

"{804BA6D0-9F34-45FD-A43E-E514D87D309A}" = dir=in | app=c:\programdata\baidu\baiduplayer\bdupdate3.2.1.107.exe | 

"{819780FE-9D46-42AE-BD95-E91ADE91D79E}" = dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpcdetector.exe | 

"{824FB3F7-682B-4FB8-A050-BAF55D735F39}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpydict.exe | 

"{840C75A6-EFC5-48C6-BF2D-AF26E0433055}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpycloud.exe | 

"{866A25A1-7F06-4701-B3AA-60356008AC2D}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpymblog.exe | 

"{87C92C18-FBDC-4689-8A13-83E88D75C58B}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe | 

"{87E821A7-372C-4D53-AE66-8E1E533E7E53}" = protocol=6 | dir=in | app=c:\software\360\inst.exe | 

"{89E67487-E63A-487B-B83B-6F73A8D42880}" = dir=in | app=c:\program files (x86)\common files\tencent\qqminidl\41\qqminidl.exe | 

"{8A3FAC64-41AF-40B9-8928-68791D82FC00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{8B1EF5C6-1522-4631-BBC0-D1532CF54A06}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon4\bin\maxthon.exe | 

"{8CFBE6A0-8E27-4AB1-97E8-A58B6060E67A}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimeregdict.exe | 

"{9093FEA8-F171-4719-A874-D3B4596E073B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{90D63392-DE16-4854-942E-FBAD5A0537F8}" = dir=in | app=c:\program files (x86)\ppstream\ppskernel.exe | 

"{91F51E77-890E-4260-8F5B-B5EABA8CE2A7}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimedownload.exe | 

"{924D0559-7940-4F9E-947E-B68465C377C3}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpylevel.exe | 

"{9679541A-4DA7-4CE0-A621-A9F3F6CBCFE8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{992BC950-CE79-4612-9E92-0E74B6E82FAF}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpycloud.exe | 

"{99565845-19C3-4BF4-9012-CC9F63563CFB}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | 

"{9996802E-FA6B-4DC2-9390-96CB5DC4AB10}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpymblog.exe | 

"{9B37BF7A-24E5-48D3-A5CF-BE08F54E465B}" = protocol=6 | dir=in | app=c:\program files (x86)\kingsoft\powerworddict\xdict.exe | 

"{9BBD62CB-D14A-4571-AD03-52A2EA3D10E7}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyliveup.exe | 

"{9C92CBC0-1F14-4B34-AFD7-4E3E7088AC44}" = dir=in | app=c:\program files (x86)\common files\tencent\qqminidl\41\qqminidl.exe | 

"{A166E404-0E8F-46B3-A040-63A61B175F87}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpcdetector.exe | 

"{A2592585-2C48-4341-92C9-E0C4BA46F452}" = dir=in | app=c:\users\public\documents\tencent\qqgamemicro\qqgamemicro.exe | 

"{A36FBA99-46EF-4C74-86ED-47084C80D909}" = dir=in | app=c:\program files (x86)\common files\tencent\qqminidl\41\qqminidlui.exe | 

"{A4C977BD-DDFE-4486-B299-985689DE7991}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyhandinput.exe | 

"{A5471144-CF7E-475B-A0FF-78C1365FA59A}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe | 

"{A5FBCEBD-FAC5-4098-8724-2F87E45848BA}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpylevel.exe | 

"{A8156902-1325-47E4-AFD8-134DD7A14062}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe | 

"{A8775FA2-3853-4F88-8E92-4EF22CE3063F}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe | 

"{A8D178E9-6A24-4FBA-8B88-2BB625242B3B}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyhandinput.exe | 

"{A9482A29-9A75-4BA5-B2AA-0FC7DF8326C4}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimeregskin.exe | 

"{A9A059F8-E4C0-4A0E-A320-16E08494068A}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyconfig.exe | 

"{A9D13D90-687A-42C2-A62C-E5B5B870083F}" = dir=in | app=c:\users\lyon\appdata\local\tnt2\2.0.0.1702\tnt2user.exe | 

"{AA34DC2C-260B-4753-AE75-4903BC540210}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{AB072621-907D-47CA-8076-7CB62EDD0CF7}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyhandinput.exe | 

"{ABCDD000-AD3B-49BD-A949-E1AF8FF2E018}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{AC0861E6-9D47-4C1C-BAE2-7EE45C9539E8}" = protocol=17 | dir=in | app=c:\users\lyon\appdata\roaming\dropbox\bin\dropbox.exe | 

"{AC69A9AC-0525-4372-A04F-6F0210F6951E}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimeregskin.exe | 

"{ACA2A132-0133-4F4D-B7A6-4FD23CE94B37}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpydict.exe | 

"{AD781F18-FD4C-4759-8197-1CFD376ACA50}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{B0F7CE92-771D-4B1D-ACF6-C0D596FBCD05}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 

"{B1BF5F12-C0B1-4377-8E55-299B01BA784B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe | 

"{B2AF23C0-E522-4D2C-8E1D-F939DAEE8077}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimeregdict.exe | 

"{B2C21179-D397-44D4-803E-0B0D72194E8E}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimeregdict.exe | 

"{B41CF6DE-20C2-44B6-805B-B2D0358181BD}" = protocol=17 | dir=in | app=c:\users\lyon\desktop\360安全卫士inst.exe | 

"{B5288E9D-2F33-4FBF-A840-C08BFEE4266B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{B59A43B0-ACCB-45EB-8727-0188BC4EBD61}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe | 

"{B62CA78F-6E55-4CFC-9266-479E92ACE4E0}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe | 

"{B6BEB80E-6D34-4963-AB12-B9AE1925E5FB}" = protocol=17 | dir=in | app=c:\software\360\inst.exe | 

"{B8B3538B-166C-4769-9517-BB1A2E5ECE12}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\vmware-remotemks.exe |  

"{BB01E442-5204-41DA-A70F-6155F4FB375B}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyconfig.exe | 

"{BB94AC2F-AC33-4BE6-BE49-AB8F88027A31}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpydict.exe | 

"{BE0C2716-3916-45F6-8363-3FD4FB460DB1}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe | 

"{C0D5BE96-A163-4FED-BADD-218CBEC9147C}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyliveup.exe | 

"{C27523C9-3E6D-4138-A516-01D09817242C}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe | 

"{C2D9C1F3-9460-40B4-9357-58CBB53BDA83}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe | 

"{C3F0325F-23A4-44CF-870B-625F423DE500}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baiduplayer.exe | 

"{C46ABB27-1DED-4D6D-BC26-74F695407E92}" = dir=in | app=c:\programdata\baidu\baiduplayer\bdupdate3.2.1.107.exe | 

"{C52193AB-36A7-42DC-9592-83B2AACADCE3}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimeregdict.exe | 

"{C5A87C98-7C44-4E3E-BDB4-19D957D37335}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 

"{C5C90730-4404-4501-BFB6-4B27074F8454}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpycloud.exe | 

"{C718BD7F-2BAD-4859-BCC3-7DBE430EE5D3}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimeregdict.exe | 

"{C88B3600-B042-42B9-8D9B-D594A5401EAB}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\qqprotect\bin\qqprotect.exe | 

"{C896D93C-726B-4A78-850E-0DA94B2CFCDC}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe | 

"{C93DEC86-D857-4494-B128-9A1925739B71}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{CBA794FF-A9B4-40F8-9C6C-2DC5320E4688}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimeregskin.exe | 

"{CCABE81A-D43D-49B2-AC1D-6C6D29F1248F}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qzonemusic\qzonemusic.exe | 

"{CE1869B4-4FED-40AE-B032-0CF14FFAC774}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpylevel.exe | 

"{CFA6F4E7-7AAA-4AE2-B21A-E9196F63A690}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimeregskin.exe | 

"{CFE47171-21AD-4C7A-BF18-5ADB52F0EFF8}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimeregdict.exe | 

"{D06D01D4-7BCA-4740-82D1-544CA2310E5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D07B259F-0DBB-4A53-9D9D-141AA53AA5E3}" = protocol=6 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe | 

"{D0C627BA-86EF-4083-8A7D-580009D19810}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baiduplayer.exe | 

"{D37F5411-3F3E-44D7-B834-588E026DC629}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baidup2pservice.exe | 

"{D510D04F-C665-4DE5-9AB5-1AA4BA46A24E}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 

"{D5310302-AAC3-4013-B089-B4BC418C24B0}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | 

"{DD81CC86-A58E-4120-A40E-0EA968DC9050}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\maupdat.exe | 

"{DE23E37E-13C5-497B-9B9F-BBDB406D24C2}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware view\client\bin\wswc.exe | 

"{DE617C94-C4AF-4DC0-A09C-C324CBE43B35}" = protocol=17 | dir=in | app=c:\users\lyon\appdata\local\temp\nsr2883.tmp\qqpcdetector.exe | 

"{DE7CF211-D279-4E5D-BA09-707C886307B3}" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\safemon\360tray.exe | 

"{DEF583A8-1C6F-43EE-84C2-3652BEB398D4}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baiduplayer.exe | 

"{E4A949F7-057F-465F-A343-727B8A3A4E8C}" = dir=in | app=c:\programdata\baidu\baiduplayer\bdupdate3.2.1.107.exe | 

"{E58FDFCF-4C65-4353-AC1C-87FBD5CC5DE1}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyliveup.exe | 

"{E6FFFDA5-D554-41CA-BCC2-9075F3D9499F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe | 

"{E7D362C7-E4D3-4247-9776-4E64781FA6CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{E89276EB-7029-477A-96C1-355D6790415B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{E8D06675-7809-4D55-A894-F15F61F3B311}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimeregdict.exe | 

"{E950B0C3-3729-4064-A856-802016F84901}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe | 

"{E9E86C9D-3759-47D7-968C-1748CD643D38}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 

"{EA1FE512-6DFA-4EE8-BC91-A2CD80AB5AE9}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqmusic\qzonemusic\qzonemusic.exe | 

"{F0506441-D07F-4CE4-BA6E-0AC26F692855}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpycloud.exe | 

"{F0F09A94-57AF-4BA0-AF08-F406567E53B3}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimedownload.exe | 

"{F1C7FE6B-02F5-4CF3-B186-F354D9D0833B}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpyconfig.exe | 

"{F33A0F44-0E16-4E81-8FAB-6B02CAD369CC}" = protocol=17 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe | 

"{F38B160E-D888-4638-800A-6BD481BB8D4A}" = dir=in | app=c:\users\public\documents\tencent\qqgamemicro\ieproc.exe | 

"{F3E1290A-6BEB-48A4-8CC1-A6D2FFD5D3A6}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqpycloud.exe | 

"{F6599C1C-A2F6-449C-9BAC-7B0F7E888A0A}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpyliveup.exe | 

"{F806BD43-6BFC-453B-9BAD-B49CB9B87336}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baidup2pservice.exe | 

"{F9CC36FA-4993-48A1-A3C3-5E0F17C42C46}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqimeregskin.exe | 

"{FAD4C492-D1BB-4F3F-A702-8BED8A1DD252}" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\liveupdate360.exe | 

"{FC0E0DA5-B1FF-4175-A13E-8939428F023E}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.5.2017.400\qqpcdetector.exe | 

"{FC2EADAA-2D16-4CF1-AACE-FB5FC84AEF56}" = protocol=6 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe | 

"{FC7E0CCE-F059-424C-BFBB-CD32CAC51488}" = protocol=17 | dir=in | app=c:\program files (x86)\kingsoft\powerworddict\xdict.exe | 

"{FCD71189-4979-429B-8083-6841EBC194A7}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimedownload.exe | 

"{FD50065C-EAFC-40C5-B9B1-7D90DE11C1DF}" = dir=in | app=c:\users\public\documents\tencent\qqgamemicro\qqgamemicro.exe | 

"{FD8D4ACB-7164-4924-937B-95D61C4291C7}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpinyin\4.2.1073.400\qqimeregskin.exe | 

"{FE5E79D1-4076-48CD-9DE8-FD517097336A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe | 

"{FFDDF70D-F62B-4CB1-8BA2-824D54816DE4}" = dir=in | app=c:\program files (x86)\baidu\baiduplayer\3.2.1.107\baiduplayer.exe | 

"TCP Query User{1F40B189-698B-4C0E-B3F2-AFAA20034059}C:\program files (x86)\tencent\qqdownload\qqdownload.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqdownload\qqdownload.exe | 

"TCP Query User{2F5FE249-9F4B-4CD0-B98A-D1223D41968B}C:\program files (x86)\360\360safe\360leakfixer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\360leakfixer.exe | 

"TCP Query User{34EBABEB-2360-4426-AF04-5C1894B009AD}C:\program files (x86)\360\360sd\360sdupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\360\360sd\360sdupd.exe | 

"TCP Query User{3744417C-117C-408A-BD4B-5624FF4EA377}C:\program files (x86)\tencent\qq\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe | 

"TCP Query User{435A629A-B5AE-4F3C-A1B9-B3491308203F}C:\program files (x86)\360\360safe\360leakfixer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\360\360safe\360leakfixer.exe | 

"TCP Query User{5F7B2979-EF51-46CC-801A-2EB319E92F1D}C:\program files (x86)\wandoulabs\wandoujia2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wandoulabs\wandoujia2.exe | 

"TCP Query User{6654B86D-08EE-48D7-8B86-742217A038DA}C:\program files (x86)\tencent\qqdownload\qdautoupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqdownload\qdautoupdate.exe | 

"TCP Query User{B67E6D08-18D7-4B75-996B-961A22A2189E}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 

"TCP Query User{C7431D80-E6C6-42B8-A42A-E7E1EDCEDA74}C:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe | 

"TCP Query User{D380A7C3-0325-4790-B4C5-ABA06F3C73C9}C:\program files (x86)\meitu\xiuxiu\liveupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\meitu\xiuxiu\liveupdate.exe | 

"TCP Query User{D88361A2-30C6-4184-BFAE-CBB2A6E555C8}C:\program files (x86)\surfmusik 3.1\surfmusik.exe" = protocol=6 | dir=in | app=c:\program files (x86)\surfmusik 3.1\surfmusik.exe | 

"TCP Query User{DDC4DD00-8546-40A6-9EC5-DFB953FB2833}C:\program files (x86)\meitu\xiuxiu\liveupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\meitu\xiuxiu\liveupdate.exe | 

"TCP Query User{E03876CD-BF39-4F68-BAC8-E98DFE0BC648}C:\program files (x86)\360\360sd\360sdupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\360\360sd\360sdupd.exe | 

"UDP Query User{21B28901-F222-4960-B7A0-3A129DE0BD61}C:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\119\tencentdl.exe | 

"UDP Query User{28F24A7A-B817-4232-B72D-2E105C8F2CC2}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 

"UDP Query User{3DB4E27A-D641-4A98-A5E4-BE8D42E7048A}C:\program files (x86)\tencent\qqdownload\qqdownload.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqdownload\qqdownload.exe | 

"UDP Query User{4FEF5575-6AB7-40D7-85B3-2DB75079C89B}C:\program files (x86)\360\360sd\360sdupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\360\360sd\360sdupd.exe | 

"UDP Query User{52044163-84EA-4CC2-B640-1E5808BB5F17}C:\program files (x86)\360\360safe\360leakfixer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\360leakfixer.exe | 

"UDP Query User{62B9A6DF-FBC9-477A-813C-1609475E6DE2}C:\program files (x86)\360\360sd\360sdupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\360\360sd\360sdupd.exe | 

"UDP Query User{77241DD6-7F2D-41AB-A268-81531B601272}C:\program files (x86)\surfmusik 3.1\surfmusik.exe" = protocol=17 | dir=in | app=c:\program files (x86)\surfmusik 3.1\surfmusik.exe | 

"UDP Query User{783E1A4D-D1BC-40F2-A717-46B6E07E716B}C:\program files (x86)\360\360safe\360leakfixer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\360\360safe\360leakfixer.exe | 

"UDP Query User{A52F2E01-F2AB-400A-B8A1-44D93CB8BD7C}C:\program files (x86)\tencent\qq\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe | 

"UDP Query User{AED99201-030E-4073-BE03-299EFA3C2B57}C:\program files (x86)\meitu\xiuxiu\liveupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\meitu\xiuxiu\liveupdate.exe | 

"UDP Query User{C5DD7772-BD13-4343-9E17-57C626DF1D95}C:\program files (x86)\wandoulabs\wandoujia2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wandoulabs\wandoujia2.exe | 

"UDP Query User{DF666D3B-0F7E-4DE0-A07E-8E74A63D5D2A}C:\program files (x86)\tencent\qqdownload\qdautoupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqdownload\qdautoupdate.exe | 

"UDP Query User{E9C506C4-2B01-4151-8F6D-0FCF59CC72C2}C:\program files (x86)\meitu\xiuxiu\liveupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\meitu\xiuxiu\liveupdate.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{23170F69-40C1-2702-0930-000001000000}" = 7-Zip 9.30 (x64 edition)

"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)

"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display

"{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}" = Lenovo Fingerprint Software

"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support

"{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}" = Intel® PROSet/Wireless Software for Bluetooth® Technology

"{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel® PROSet/Wireless for Bluetooth® + High Speed

"{38294D95-DB90-4D8C-824C-26856E5001A6}" = ThinkVantage Fingerprint Software

"{3849486C-FF09-4F5D-B491-3E179D58EE15}" = Message Center Plus

"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit

"{4041B18B-DE30-4D78-9D60-6ADC586C5E00}" = Lenovo Solution Center

"{40F962CF-3C1E-44EB-A319-5590BEEB90CF}" = COMODO Internet Security Premium

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot Shield

"{6248C52A-5236-4C07-9BD5-393C40A42316}" = VMware View Client

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E0790DA-185E-4DC1-8A88-750B2A6218FD}" = Nitro Pro 7

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013

"{90150000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2013

"{90150000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{BF601122-9F0A-41A9-BA06-3158D9FB4B80}" = Lenovo SimpleTap

"{C5BB9380-D729-410A-A440-061EBCADCCB9}" = Fingerprint Reader

"{E97F409F-9E1C-42A0-B72D-765A78DF3696}" = Intel® PROSet/Wireless WiFi Software

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes

"05FBE63CF9C9B3424152207E7278CD6DA193C56C" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (07/02/2010 8.6.0.29)

"64A62163FE43328D13305746CB8BCC93F2DF6545" = Windows Driver Package - Intel (iaStor) hdc  (11/29/2011 11.0.0.1032)

"CNXT_AUDIO_HDA" = Conexant HD Audio

"FD2ED46D31CE7DF190049D079E92DE03D347A634" = Windows Driver Package - Lenovo 1.65.05.21 (01/11/2012 1.65.05.21)

"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"OnScreenDisplay" = On Screen Display

"SynTPDeinstKey" = ThinkPad UltraNav Driver

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide

"{1D78E62C-B585-446A-8FC7-2754332C0521}" = EViews 8

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver

"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility

"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21

"{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome

"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder

"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media

"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7

"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration

"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{90150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013

"{90150000-0016-0409-0000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013

"{90150000-0018-0409-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013

"{90150000-0019-0409-0000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013

"{90150000-001A-0409-0000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013

"{90150000-001B-0409-0000-0000000FF1CE}" = Microsoft Word MUI (English) 2013

"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English

"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français

"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español

"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013

"{90150000-0044-0409-0000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013

"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013

"{90150000-0090-0409-0000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013

"{90150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013

"{90150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013

"{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013

"{90150000-00E2-0409-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013

"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013

"{90150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013

"{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013

"{91150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013

"{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel® WiDi

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5

"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent

"{A78800AF-1779-4AE8-8EBE-16E1BE727C71}" = Integrated Camera Driver Installer Package Ver.1.2.1.18

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)

"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader

"{D96DB0AB-87D0-11D6-AF24-F7A021CEBF7F}" = SimpChinese Speech Package

"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Power Manager

"{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime

"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information

"360安全卫士" = 360安全卫士

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Fastboot" = RapidBoot HDD Accelerator

"Foxit Phantom" = Foxit Phantom

"Google Chrome" = Google Chrome

"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition

"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition

"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder

"Intel AppUp(SM) center 33057" = Intel AppUp(SM) center

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

 

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1142630531-3674883881-839332835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"InstallShield_{1D78E62C-B585-446A-8FC7-2754332C0521}" = EViews 8

"SkyDriveSetup.exe" = Microsoft SkyDrive

"UnityWebPlayer" = Unity Web Player

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 12/22/13 19:46:15 | Computer Name = NOBEL | Source = Application Error | ID = 1000

Description = Faulting application name: Maxthon.exe, version: 4.2.0.4000, time 

stamp: 0x529be175  Faulting module name: ntdll.dll, version: 6.1.7601.18229, time 

stamp: 0x51fb1072  Exception code: 0xc0000374  Fault offset: 0x000ce753  Faulting process

 id: 0x1424  Faulting application start time: 0x01ceff6e915cfa18  Faulting application

 path: C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe  Faulting module path: C:\Windows\SysWOW64\ntdll.dll

Report

 Id: 3e7e996f-6b63-11e3-87e0-84a6c87d9708

 

[ System Events ]

Error - 12/22/13 19:04:33 | Computer Name = NOBEL | Source = Service Control Manager | ID = 7034

Description = The Wireless PAN DHCP Server service terminated unexpectedly.  It 

has done this 1 time(s).

 

Error - 12/22/13 19:27:50 | Computer Name = NOBEL | Source = Service Control Manager | ID = 7016

Description = The Data Transfer Service service has reported an invalid current 

state 0.

 

Error - 12/22/13 19:28:25 | Computer Name = NOBEL | Source = Application Popup | ID = 1060

Description = \??\C:\Windows\SysWow64\drivers\WMDrive.sys has been blocked from 

loading due to incompatibility with this system. Please contact your software vendor

 for a compatible version of the driver.

 

Error - 12/22/13 19:28:35 | Computer Name = NOBEL | Source = Service Control Manager | ID = 7000

Description = The SMI Helper Driver (smihlp2) service failed to start due to the

 following error:   %%2

 

Error - 12/22/13 19:28:40 | Computer Name = NOBEL | Source = Service Control Manager | ID = 7000

Description = The Kingsoft Core Service service failed to start due to the following

 error:   %%2

 

Error - 12/22/13 19:28:43 | Computer Name = NOBEL | Source = Service Control Manager | ID = 7000

Description = The Conexant Audio Message Service service failed to start due to 

the following error:   %%3

 

Error - 12/22/13 19:28:52 | Computer Name = NOBEL | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

   EncryptedDisk  KDHacker  WMDrive

 

Error - 12/22/13 19:28:52 | Computer Name = NOBEL | Source = Service Control Manager | ID = 7034

Description = The Wireless PAN DHCP Server service terminated unexpectedly.  It 

has done this 1 time(s).

 

 

 

< End of report >

 

[MrCharlie]

Please do this:
Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in bold:
  
  :Files
  C:\ProgramData\GorillaPrice\WatGorp.exe
  C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe
  C:\ProgramData\GorillaPrice
  C:\Program Files (x86)\GorillaPrice
  
  :Commands
  [EMPTYJAVA]
  [emptytemp]
  [EMPTYFLASH]

 

• Then click the Run Fix button at the top
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
• Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  
  MrC
   

[summerINlyon]

All processes killed

========== FILES ==========

C:\ProgramData\GorillaPrice\WatGorp.exe moved successfully.

File move failed. C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe scheduled to be moved on reboot.

C:\ProgramData\GorillaPrice folder moved successfully.

Folder move failed. C:\Program Files (x86)\GorillaPrice scheduled to be moved on reboot.

========== COMMANDS ==========

 

[EMPTYJAVA]

 

User: All Users

 

User: Default

 

User: Default User

 

User: LYON

->Java cache emptied: 2499530 bytes

 

User: Public

 

Total Java Files Cleaned = 2.00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 57472 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: LYON

->Temp folder emptied: 143344310 bytes

->Temporary Internet Files folder emptied: 34397826 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 594288 bytes

->Flash cache emptied: 58319 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 22540 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes

RecycleBin emptied: 3856560 bytes

 

Total Files Cleaned = 174.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: LYON

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 12222013_204209

 

Files\Folders moved on Reboot...

C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe moved successfully.

C:\Program Files (x86)\GorillaPrice folder moved successfully.

C:\Users\LYON\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-3224.log moved successfully.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

---------------------

 

I can see a lot of "moved successfully". Are they mean my computer is clean?

[MrCharlie]

OK, that should do it.

How is it??

MrC

[summerINlyon]

I guess it's clean. No more new window jump up.

 

Thank you so much for your patient and kindness. 

 

I send you a little money, not so much, because I am just a poor student. But still, thank you so much.

 

Merry Christmas and Happy New Year

[MrCharlie]

OK..Take Care MrC

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!