Page 2 of 6 FirstFirst 1234 ... LastLast
Results 11 to 20 of 59
  1. #11
    Member
    Join Date
    Dec 2012
    Posts
    30
    Points
    0

    Default

    # AdwCleaner v2.011 - Logfile created 12/08/2012 at 05:13:29
    # Updated 02/12/2012 by Xplode
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # User : yuanhan - ANDREWGOH-PC
    # Boot Mode : Safe mode with networking
    # Running from : C:\Users\yuanhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUG4YIYL\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Users\yuanhan\AppData\Local\Temp\Uninstall.exe
    Folder Found : C:\Program Files (x86)\GamesBar
    Folder Found : C:\Program Files (x86)\Yontoo
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\ProgramData\Trymedia
    Folder Found : C:\Users\yuanhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Folder Found : C:\Users\yuanhan\AppData\Roaming\Mozilla\Firefox\Profiles\gaoovijc.default\extensions\plugin@yontoo.com
    Folder Found : C:\Users\yuanhan\AppData\Roaming\Mozilla\Firefox\Profiles\gaoovijc.default\extensions\staged
    Folder Found : C:\Users\yuanhan\AppData\Roaming\yourfiledownloader

    ***** [Registry] *****

    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\Softonic
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\Freeze.com
    Key Found : HKLM\Software\GamesBarSetup
    Key Found : HKLM\Software\Iminent
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\SOFTWARE\Tarma Installer

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16455

    [OK] Registry is clean.

    -\\ Mozilla Firefox v6.0 (en-US)

    Profile name : default
    File : C:\Users\Andrew Goh\AppData\Roaming\Mozilla\Firefox\Profiles\8zn5uoqi.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Users\yuanhan\AppData\Roaming\Mozilla\Firefox\Profiles\gaoovijc.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\njf14gf1.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v23.0.1271.91

    File : C:\Users\Andrew Goh\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\yuanhan\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\---\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [5243 octets] - [08/12/2012 05:13:29]

    ########## EOF - C:\AdwCleaner[R1].txt - [5303 octets] ##########


    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    1ClickDownloader
    3DVIA player 5.0
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Advanced Audio FX Engine
    AhnLab Policy Agent 4.5
    AhnLab V3 Internet Security 8.0
    Ancient Rome 1.0
    Apple Application Support
    Apple Software Update
    ATI Catalyst Control Center
    Avenue Flo
    BaiduPlayer1.19.0.57
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCleaner
    Compatibility Pack for the 2007 Office system
    Cook, Serve, Delicious
    Dell DataSafe Online
    Dell Dock
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell Support Center
    Dell Touchpad
    Dell Video Chat
    Dell Webcam Central
    Dropbox
    FastAccess
    Gardenscapes - Mansion Makeover Collectors Edition
    Gardenscapes 1.00
    Garena - BlackShot
    Garena Messenger
    Google Chrome
    Google Earth
    Google Quick Search Box
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist 8.0.0.514
    Hells Kitchen
    Hotel Dash: Suite Success
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    INISafeWeb 6.4
    Integrated Webcam Driver (1.00.04.0310)
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 13 (64-bit)
    Java(TM) 6 Update 35
    Jojo's Fashion Show: World Tour (remove only)
    Jojos Fashion Show
    Juniper Networks Network Connect 6.5.0
    Juniper Networks Setup Client
    Juniper Networks Setup Client Activex Control
    Junk Mail filter update
    Kelly Green Garden Queen
    Live! Cam Avatar Creator
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Mobile Broadband Modem
    Mozilla Firefox 6.0 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NSIS Hisoutensoku English
    osu!
    PaperPort Image Printer
    PC Confidential 2008
    PowerDVD DX
    Quickset
    QuickTime
    RaySource 2.2.0.1
    Revo Uninstaller 1.94
    Rising Software Deployment System
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    ScanSoft PaperPort 11
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Skins
    Skype? 6.0
    Sony Ericsson PC Companion 2.02.002
    Sony Ericsson Update Engine
    swMSM
    System Requirements Lab for Intel
    Top Chef Demo
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    WIDCOMM Bluetooth Software 6.2.0.6600
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Yontoo 1.10.02
    .
    ==== End Of File ===========================


    Uninstalled Karpersky Internet Security

  2. #12
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    6,187
    Points
    1099

    Default

    Hi,

    Uninstalled Karpersky Internet Security
    Did that help any with freezing ?

    next
    Please rescan with AdwCleaner.
    Double-click AdwCleaner.exe to run the tool.
    Click Delete.
    Everything that was found will be deleted.
    Save and open files and approve the reboot. A text file will open after the restart.
    Please post the contents of that logfile with your next reply.

    Let me know how things are after you run adwCleaner and do the deletions.




    Optimism is the faith that leads to achievement. Nothing can be done without hope and confidence.

  3. #13
    Member
    Join Date
    Dec 2012
    Posts
    30
    Points
    0

    Default

    After I ran AdwCleaner I restarted the system in normal mode. Things are much better in that they don't start freezing if I mouseover anything. I was also able to click on the Start button or highlight some desktop icons without freezing.

    The system restarted with the AdwCleaner logfile on the desktop so I tried saving it. Everything after that became really, really slow. It took 10-15 secs for the system to react to whatever I was doing. The Start menu took that long to appear, the drop down menu for the save location took the same time to appear.

    After 5-10min it just froze again.

    Following is the log:

    # AdwCleaner v2.011 - Logfile created 12/08/2012 at 12:17:17
    # Updated 02/12/2012 by Xplode
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # User : yuanhan - ANDREWGOH-PC
    # Boot Mode : Safe mode with networking
    # Running from : C:\Users\yuanhan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JUG4YIYL\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\GamesBar
    Deleted on reboot : C:\Program Files (x86)\Yontoo
    Deleted on reboot : C:\ProgramData\Tarma Installer
    Deleted on reboot : C:\ProgramData\Trymedia
    Deleted on reboot : C:\Users\yuanhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Deleted on reboot : C:\Users\yuanhan\AppData\Roaming\Mozilla\Firefox\Profiles\gaoovijc.default\extensions\plugin@yontoo.com
    Deleted on reboot : C:\Users\yuanhan\AppData\Roaming\Mozilla\Firefox\Profiles\gaoovijc.default\extensions\staged
    Deleted on reboot : C:\Users\yuanhan\AppData\Roaming\yourfiledownloader
    File Deleted : C:\Users\yuanhan\AppData\Local\Temp\Uninstall.exe

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\GamesBarSetup
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Tarma Installer

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16455

    [OK] Registry is clean.

    -\\ Mozilla Firefox v6.0 (en-US)

    Profile name : default
    File : C:\Users\Andrew Goh\AppData\Roaming\Mozilla\Firefox\Profiles\8zn5uoqi.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Users\yuanhan\AppData\Roaming\Mozilla\Firefox\Profiles\gaoovijc.default\prefs.js

    C:\Users\yuanhan\AppData\Roaming\Mozilla\Firefox\Profiles\gaoovijc.default\user.js ... Deleted !

    [OK] File is clean.

    Profile name : default
    File : C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\njf14gf1.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v23.0.1271.91

    File : C:\Users\Andrew Goh\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\yuanhan\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\---\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [5364 octets] - [08/12/2012 05:13:29]
    AdwCleaner[S1].txt - [5325 octets] - [08/12/2012 12:17:17]

    ########## EOF - C:\AdwCleaner[S1].txt - [5385 octets] ##########

  4. #14
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    6,187
    Points
    1099

    Default

    Hi,

    I'd like to see one more scan,

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Under the Standard Registry box change it to All.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


    Thanks,

    Joe
    Last edited by zep516; 12-09-2012 at 09:07 AM.




    Optimism is the faith that leads to achievement. Nothing can be done without hope and confidence.

  5. #15
    Member
    Join Date
    Dec 2012
    Posts
    30
    Points
    0

    Default

    OTL.exe:
    OTL logfile created on: 08/12/2012 12:50:32 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\yuanhan\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 72.27% Memory free
    6.19 Gb Paging File | 5.44 Gb Available in Paging File | 87.86% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.07 Gb Total Space | 273.92 Gb Free Space | 60.73% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 5.20 Gb Free Space | 35.47% Space Free | Partition Type: NTFS

    Computer Name: ANDREWGOH-PC | User Name: yuanhan | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found
    PRC - C:\Windows\SysWOW64\NetClient5\n5client.exe (DoctorSoft)


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - (V3 Service) -- C:\Program Files\AhnLab\V3IS80\V3Svc.exe (AhnLab, Inc.)
    SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
    SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (IDT, Inc.)
    SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Andrea Electronics Corporation)
    SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (paSvc) -- C:\Program Files (x86)\AhnLab\APC2\Policy Agent\PaSvc.exe (AhnLab, Inc.)
    SRV - (Policy Agent PD Service) -- C:\Program Files (x86)\AhnLab\APC2\Policy Agent\PaPd.exe (AhnLab, Inc.)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (N5Client Agent) -- C:\Windows\SysWOW64\NetClient5\n5agent64.exe (DoctorSoft)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (Image Protection) -- C:\Windows\ImageSAFERSvc.exe (MarkAny)
    SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
    SRV - (FAService) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
    SRV - (RsMgrSvc) -- C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe (Beijing Rising Information Technology Co., Ltd.)
    SRV - (dsNcService) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
    SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (v3engine) -- C:\Windows\SysNative\drivers\v3engine.sys (AhnLab, Inc.)
    DRV:64bit: - (AhnSZE) -- C:\Windows\SysNative\drivers\AhnSZE.sys (AhnLab, Inc.)
    DRV:64bit: - (ATamptNt_V3IS80) -- C:\Program Files\AhnLab\V3IS80\ATamptNt.sys (AhnLab, Inc.)
    DRV:64bit: - (AhnRghNt) -- C:\Windows\SysNative\drivers\AhnRghNt.sys (AhnLab, Inc.)
    DRV:64bit: - (ISIPSEnt) -- C:\Program Files\AhnLab\V3IS80\ISIPSENt.sys (AhnLab, Inc.)
    DRV:64bit: - (V3Flt2K) -- C:\Program Files\AhnLab\V3IS80\V3Flt2k.sys (AhnLab, Inc.)
    DRV:64bit: - (AhnFlt2K) -- C:\Windows\SysNative\drivers\AhnFlt2K.sys (AhnLab, Inc.)
    DRV:64bit: - (AhnRec2K) -- C:\Windows\SysNative\drivers\AhnRec2K.sys (AhnLab, Inc.)
    DRV:64bit: - (TfFRegNt) -- C:\Program Files\AhnLab\V3IS80\TFFREGNT.SYS (AhnLab, Inc.)
    DRV:64bit: - (TfProcNt) -- C:\Program Files\AhnLab\V3IS80\AHAWKENT.SYS (AhnLab, Inc.)
    DRV:64bit: - (MeDCoreD_V3IS80) -- C:\Program Files\AhnLab\V3IS80\MeDCoreD.sys (AhnLab, Inc.)
    DRV:64bit: - (AMonTDLH) -- C:\Windows\SysNative\Drivers\AMonTDLH.sys (AhnLab, Inc.)
    DRV:64bit: - (AMonLWLH) -- C:\Windows\SysNative\DRIVERS\amonlwlh.sys (AhnLab, Inc.)
    DRV:64bit: - (ncfsecu) -- C:\Windows\SysNative\drivers\ncfsx64.sys ()
    DRV:64bit: - (ncpmdrv) -- C:\Windows\SysNative\drivers\ncpm64.sys ()
    DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys (Kaspersky Lab)
    DRV:64bit: - (V3Flu2k_V3IS80) -- C:\Program Files\AhnLab\V3IS80\V3Flu2k.sys (AhnLab, Inc.)
    DRV:64bit: - (ASZFltNt) -- C:\Program Files\AhnLab\V3IS80\ASZFltNt.sys (AhnLab, Inc.)
    DRV:64bit: - (V3IFt2K) -- C:\Program Files\AhnLab\V3IS80\V3Ift2k.sys (AhnLab, Inc.)
    DRV:64bit: - (ISFWEnt) -- C:\Program Files\AhnLab\V3IS80\ISFWENt.sys (AhnLab, Inc.)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (AhnActNt) -- C:\Program Files\AhnLab\V3IS80\AhnACtNt.sys (AhnLab, Inc.)
    DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications)
    DRV:64bit: - (ggflt) -- C:\Windows\SysNative\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications)
    DRV:64bit: - (ISPrxEnt) -- C:\Program Files\AhnLab\V3IS80\ISPrxENt.sys (AhnLab, Inc.)
    DRV:64bit: - (ISPIBEnt) -- C:\Program Files\AhnLab\V3IS80\ISPIBENt.sys (AhnLab, Inc.)
    DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys (Kaspersky Lab ZAO)
    DRV:64bit: - (kl2) -- C:\Windows\SysNative\DRIVERS\kl2.sys (Kaspersky Lab ZAO)
    DRV:64bit: - (KL1) -- C:\Windows\SysNative\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
    DRV:64bit: - (CdmDrvNt) -- C:\Windows\SysNative\Drivers\CdmDrvNt.sys (AhnLab, Inc.)
    DRV:64bit: - (AnfdIOnt) -- C:\Windows\SysNative\Drivers\AnfdIOnt.sys (AhnLab, Inc.)
    DRV:64bit: - (ncnwdrv) -- C:\Windows\SysNative\drivers\ncnw64.sys ()
    DRV:64bit: - (dsNcAdpt) -- C:\Windows\SysNative\DRIVERS\dsNcAdpt.sys (Juniper Networks)
    DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
    DRV:64bit: - (ISMgr) -- C:\Windows\SysNative\ImageSAFERDrv64.sys ()
    DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\DRIVERS\klmouflt.sys (Kaspersky Lab)
    DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
    DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\DRIVERS\ewusbfake.sys (Huawei Technologies Co., Ltd.)
    DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
    DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
    DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
    DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
    DRV:64bit: - (OA013Vid) -- C:\Windows\SysNative\DRIVERS\OA013Vid.sys (Creative Technology Ltd.)
    DRV:64bit: - (OA013Ufd) -- C:\Windows\SysNative\DRIVERS\OA013Ufd.sys (Creative Technology Ltd.)
    DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys (Creative Technology Ltd.)
    DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.)
    DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys (Broadcom Corporation.)
    DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
    DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
    DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
    DRV:64bit: - (FACAP) -- C:\Windows\SysNative\DRIVERS\facap.sys (Sensible Vision )
    DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
    DRV - (PDNfeNt) -- C:\Program Files (x86)\AhnLab\APC2\Policy Agent\PdNfeNt.sys (AhnLab, Inc.)
    DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell - The Official Site | Dell Singapore
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hao123_
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: OneClickDownload@OneClickDownload.com:1.0
    FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
    FF - prefs.js..extensions.enabledAddons: fassoxpcom@sensiblevision.com:1.29
    FF - prefs.js..extensions.enabledAddons: virtualKeyboard@kaspersky.ru:12.0.1.511
    FF - prefs.js..extensions.enabledAddons: linkfilter@kaspersky.ru:12.0.1.511
    FF - prefs.js..extensions.enabledAddons: KavAntiBanner@Kaspersky.ru:12.0.1.511
    FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:6.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15
    FF - prefs.js..network.proxy.autoconfig_url: "http://127.0.0.1:9415/tudouva.pac"
    FF - prefs.js..network.proxy.type: 2
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: C:\Program Files (x86)\Baidu\BaiduPlayer\1.19.0.57\npxbdyy.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pptv.com/plugin: C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.1717\npplugin2.dll (PPLive Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systmes)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\yuanhan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\yuanhan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/15 22:18:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fassoxpcom@sensiblevision.com: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2012/09/20 22:09:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/29 04:14:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/29 04:14:24 | 000,000,000 | ---D | M]

    [2010/03/02 16:58:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yuanhan\AppData\Roaming\Mozilla\Extensions
    [2010/03/02 16:58:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yuanhan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2012/12/08 12:20:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yuanhan\AppData\Roaming\Mozilla\Firefox\Profiles\gaoovijc.default\extensions
    [2010/06/10 16:01:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\yuanhan\AppData\Roaming\Mozilla\Firefox\Profiles\gaoovijc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/08/05 19:32:18 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\yuanhan\AppData\Roaming\Mozilla\Firefox\Profiles\gaoovijc.default\extensions\OneClickDownload@OneClickDownload.com
    [2012/08/31 14:24:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/08/17 01:06:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2010/04/21 21:59:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/15 10:43:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/12/12 03:25:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/03 23:45:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/27 19:55:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/30 15:34:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2012/08/31 14:24:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/07/16 03:20:57 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
    [2012/07/16 03:20:43 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
    File not found (No name found) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\KAVANTIBANNER@KASPERSKY.RU
    File not found (No name found) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\LINKFILTER@KASPERSKY.RU
    File not found (No name found) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU
    [2012/09/20 22:09:32 | 000,000,000 | ---D | M] (FastAccess Web Login) -- C:\PROGRAM FILES (X86)\SENSIBLE VISION\FAST ACCESS\XPCOM_FASSO
    File not found (No name found) -- C:\USERS\YUANHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GAOOVIJC.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM
    [2011/08/17 01:06:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
    [2011/07/10 22:13:14 | 000,200,834 | ---- | M] (INITECH (C)) -- C:\Program Files (x86)\mozilla firefox\plugins\npINISAFEWeb60.dll
    [2012/07/28 05:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
    [2011/11/04 21:44:15 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
    [2011/11/04 21:44:16 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
    [2011/11/04 21:44:16 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
    [2011/11/04 21:44:16 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
    [2011/11/04 21:44:16 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
    [2011/11/04 21:44:16 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
    [2011/11/04 21:44:16 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
    [2010/01/01 17:00:00 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
    [2010/01/01 17:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2010/01/01 17:00:00 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
    [2010/01/01 17:00:00 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
    [2010/01/01 17:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
    [2010/01/01 17:00:00 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

    ========== Chrome ==========

    CHR - homepage: Dell - The Official Site | Dell Singapore
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: Dell - The Official Site | Dell Singapore
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\yuanhan\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\yuanhan\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\yuanhan\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\yuanhan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\yuanhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: SmoothScroll = C:\Users\yuanhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn\1.0.6_0\
    CHR - Extension: Google Search = C:\Users\yuanhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Kaspersky URL Advisor = C:\Users\yuanhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
    CHR - Extension: Akira Isogawa = C:\Users\yuanhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igmggajponoffjmhekbonemlgidfgdao\3_0\
    CHR - Extension: Virtual Keyboard = C:\Users\yuanhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
    CHR - Extension: Unblock Youku = C:\Users\yuanhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk\2.6.0.8_0\
    CHR - Extension: Gmail = C:\Users\yuanhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
    CHR - Extension: Anti-Banner = C:\Users\yuanhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
    CHR - Extension: OneClickDownload = C:\Users\yuanhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.2_0\

    O1 HOSTS File: ([2011/08/06 03:54:56 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll File not found
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll File not found
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files (x86)\Winferno\PC Confidential\PCCBHO.dll (Capital Intellect Inc)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Face recognition web login for FastAccess) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [New Value #1] ctfmon=CTFMON.EXE File not found
    O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4:64bit: - HKLM..\Run: [V3 Session Process] C:\Program Files\AhnLab\V3IS80\V3SP.exe (AhnLab, Inc.)
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" File not found
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
    O4 - HKLM..\Run: [FAStartup] File not found
    O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
    O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PaTray] C:\Program Files (x86)\AhnLab\APC2\Policy Agent\patray.exe (AhnLab, Inc.)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [PPort11reminder] C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKCU..\Run: [BAIDUMEDIA] C:\Program Files (x86)\Baidu\BaiduPlayer\1.19.0.57\BaiduPlayer.exe ()
    O4 - HKCU..\Run: [Google Update] C:\Users\yuanhan\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    O4 - HKCU..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid File not found
    O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [PPAP] C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
    O4 - HKCU..\Run: [PPLiveVA] C:\Program Files (x86)\PPLive\PPVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0 File not found
    O4 - HKCU..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
    O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
    O4 - HKCU..\Run: [Taskix] "C:\Program Files\Robust IT\Taskix\Taskix64.exe" start File not found
    O4 - HKCU..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe File not found
    O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
    O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O4 - Startup: C:\Users\yuanhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\yuanhan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\yuanhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    O4 - Startup: C:\Users\yuanhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm File not found
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll File not found
    O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll File not found
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files (x86)\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
    O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files (x86)\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/stg_drm.ocx (SpinTop DRM Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary...r.cab56986.cab (Checkers Class)
    O16 - DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} http://mpi.dacom.net/XMPI/js/LGUplus_XMPI_20110503.cab (XacsPop Control)
    O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} http://mpi.dacom.net/XPayMPI/XPayMPI.cab (XPayMPIOCX Control)
    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/Messen....cab109791.cab ()
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/Messen.../GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {7C98E005-7DA3-4C02-8D9F-FAA9C4D1C343} http://203.255.162.146:88/reportx_ew...ictReportX.cab (ReportViewerForm Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} http://ssl.makeshop.co.kr/ssl/MSecure.cab (MakeShop Secure Control)
    O16 - DPF: {B46FA8BD-AE41-4821-AFF4-D4FFE4F3D390} http://presentur.ntu.edu.sg/aculearn.../acuviewer.cab (AcuViewer Control)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.9.2)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Plants%20vs.%20Zombies/Images/armhelper.ocx (ArmHelper Control)
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712/.../installer.exe (Virtools WebPlayer Class)
    O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} http://www.vpay.co.kr/kvpfiles_new/K...LD_VISTA64.cab (KvpIspCtlD Control)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/J...etupClient.cab (JuniperSetupClientControl Class)
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary...r.cab56986.cab (Minesweeper Flags Class)
    O16 - DPF: {FFD77E35-1C34-4EAC-B5A7-414CC5D007DA} https://www.isaackorea.net/update/ansim/ilkactx.cab (AnsimPlugin Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.255.161.103 168.126.63.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98CCABC9-5035-45C9-A88A-18F66D7C088D}: DhcpNameServer = 203.255.161.103 168.126.63.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E369AF36-17F6-4BEC-82C6-50DF823E87EA}: DhcpNameServer = 192.168.42.129
    O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
    O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\KuGoo - No CLSID value found
    O18 - Protocol\Handler\KuGoo3 - No CLSID value found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
    O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
    O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
    O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Tree.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Tree.jpg
    O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{1ce50a63-0183-11df-911e-002556e0b4fa}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Zi Xin.exE
    O33 - MountPoints2\{66d47cfe-1c70-11df-839b-002556e0b4fa}\Shell\AutoRun\command - "" = 8xcrbho6.exe
    O33 - MountPoints2\{66d47cfe-1c70-11df-839b-002556e0b4fa}\Shell\open\Command - "" = 8xcrbho6.exe
    O33 - MountPoints2\{66d47d01-1c70-11df-839b-002556e0b4fa}\Shell - "" = AutoRun
    O33 - MountPoints2\{66d47d01-1c70-11df-839b-002556e0b4fa}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{69ad4cf5-1888-11df-99d7-00256455af38}\Shell - "" = AutoRun
    O33 - MountPoints2\{69ad4cf5-1888-11df-99d7-00256455af38}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{69ad4d03-1888-11df-99d7-00256455af38}\Shell - "" = AutoRun
    O33 - MountPoints2\{69ad4d03-1888-11df-99d7-00256455af38}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{6c0631b6-f8a2-11e0-a8cc-002556e0b4fa}\Shell - "" = AutoRun
    O33 - MountPoints2\{6c0631b6-f8a2-11e0-a8cc-002556e0b4fa}\Shell\AutoRun\command - "" = F:\Startme.exe
    O33 - MountPoints2\{92567ed1-1086-11df-901f-00256455af38}\Shell - "" = AutoRun
    O33 - MountPoints2\{92567ed1-1086-11df-901f-00256455af38}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{92567ee2-1086-11df-901f-00256455af38}\Shell\AutoRun\command - "" = Launcher.exe
    O33 - MountPoints2\{9dc0650f-576e-11e1-acc0-002556e0b4fa}\Shell - "" = AutoRun
    O33 - MountPoints2\{9dc0650f-576e-11e1-acc0-002556e0b4fa}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O33 - MountPoints2\{a0426f4b-cf38-11de-986d-002556e0b4fa}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL zI xIN.EXe
    O33 - MountPoints2\{a474363b-3d30-11df-8ce4-00256455af38}\Shell\AutoRun\command - "" = F:\8xcrbho6.exe
    O33 - MountPoints2\{a474363b-3d30-11df-8ce4-00256455af38}\Shell\open\Command - "" = F:\8xcrbho6.exe
    O33 - MountPoints2\{eb27468f-c8de-11de-a278-00256455af38}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL lAPeG.EXe
    O33 - MountPoints2\I\Shell\AutoRun\command - "" = Launcher.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/08 12:48:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\yuanhan\Desktop\OTL.exe
    [2012/12/08 04:51:56 | 000,000,000 | ---D | C] -- C:\Users\yuanhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2012/12/08 04:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
    [2012/12/07 15:16:46 | 011,563,944 | ---- | C] (OPSWAT, Inc.) -- C:\Users\yuanhan\Desktop\AppRemover.exe
    [2012/12/01 18:19:07 | 000,000,000 | ---D | C] -- C:\Users\yuanhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cook, Serve, Delicious
    [2012/11/29 04:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\NPKI
    [2012/11/29 04:14:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\INITECH
    [2012/11/29 04:14:26 | 000,000,000 | ---D | C] -- C:\Windows\Application Data
    [2012/11/28 17:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/11/28 17:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2012/11/28 17:17:55 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
    [2012/11/20 16:21:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/11/20 16:21:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/11/20 16:21:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/11/20 16:21:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/11/20 16:21:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/11/20 16:21:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/11/20 16:21:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/11/20 16:21:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/11/20 16:21:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/11/20 16:21:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/11/20 16:21:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/11/20 16:21:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012/11/20 16:20:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/11/20 16:20:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2012/11/20 16:20:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/11/20 15:34:45 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
    [2012/11/20 15:34:40 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/12/08 12:49:30 | 000,004,658 | -H-- | M] () -- C:\ncky.bin
    [2012/12/08 12:49:30 | 000,000,054 | -H-- | M] () -- C:\ncky.hsh
    [2012/12/08 12:49:21 | 000,110,644 | ---- | M] () -- C:\Windows\SysWow64\nc5.2.bin
    [2012/12/08 12:48:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\yuanhan\Desktop\OTL.exe
    [2012/12/08 12:28:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/12/08 12:19:58 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/12/08 12:19:58 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/12/08 05:04:33 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/12/08 04:51:56 | 000,001,101 | ---- | M] () -- C:\Users\yuanhan\Desktop\Revo Uninstaller.lnk
    [2012/12/07 15:15:52 | 011,563,944 | ---- | M] (OPSWAT, Inc.) -- C:\Users\yuanhan\Desktop\AppRemover.exe
    [2012/12/07 00:02:51 | 000,000,533 | ---- | M] () -- C:\Users\yuanhan\Desktop\dds.scr - Shortcut.lnk
    [2012/12/06 17:34:53 | 000,000,732 | ---- | M] () -- C:\Users\yuanhan\AppData\Local\d3d9caps64.dat
    [2012/12/06 17:19:29 | 000,007,728 | ---- | M] () -- C:\Users\yuanhan\AppData\Local\d3d9caps.dat
    [2012/12/03 11:40:00 | 003,080,504 | ---- | M] (AhnLab, Inc.) -- C:\Windows\SysNative\drivers\v3engine.sys
    [2012/12/03 11:40:00 | 003,039,032 | ---- | M] (AhnLab, Inc.) -- C:\Windows\SysNative\BTScan.exe
    [2012/12/02 09:35:30 | 000,006,554 | ---- | M] () -- C:\Users\yuanhan\funshion.ini
    [2012/12/01 19:54:58 | 000,001,100 | ---- | M] () -- C:\Users\yuanhan\AppData\Local\d3d8caps.dat
    [2012/12/01 18:19:13 | 000,002,099 | ---- | M] () -- C:\Users\yuanhan\Desktop\Cook, Serve, Delicious.lnk
    [2012/12/01 18:19:10 | 000,002,238 | ---- | M] () -- C:\Users\yuanhan\Desktop\Play Over 11.000 Online Games on The Playing Bay.lnk
    [2012/11/30 16:48:00 | 002,192,696 | ---- | M] (AhnLab, Inc.) -- C:\Windows\SysNative\drivers\ahnsze.sys
    [2012/11/28 17:29:34 | 000,002,054 | ---- | M] () -- C:\Users\yuanhan\Desktop\Google Chrome.lnk
    [2012/11/28 17:29:34 | 000,002,016 | ---- | M] () -- C:\Users\yuanhan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/11/28 17:18:20 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/11/28 17:06:10 | 882,430,225 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/11/21 04:43:34 | 000,305,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/11/20 16:11:50 | 000,709,998 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/11/20 16:11:50 | 000,595,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/11/20 16:11:50 | 000,104,070 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/12/08 04:51:56 | 000,001,101 | ---- | C] () -- C:\Users\yuanhan\Desktop\Revo Uninstaller.lnk
    [2012/12/07 00:02:51 | 000,000,533 | ---- | C] () -- C:\Users\yuanhan\Desktop\dds.scr - Shortcut.lnk
    [2012/12/02 10:22:16 | 000,000,732 | ---- | C] () -- C:\Users\yuanhan\AppData\Local\d3d9caps64.dat
    [2012/12/01 18:19:13 | 000,002,099 | ---- | C] () -- C:\Users\yuanhan\Desktop\Cook, Serve, Delicious.lnk
    [2012/11/28 17:18:20 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/09/24 19:44:46 | 002,480,232 | ---- | C] () -- C:\Windows\SysWow64\ISPPopUpDlg.exe
    [2012/08/29 10:34:10 | 000,110,644 | ---- | C] () -- C:\Windows\SysWow64\nc5.2.bin
    [2012/08/27 15:26:54 | 000,108,528 | ---- | C] () -- C:\Windows\SysWow64\MaCommAPI.dll
    [2012/08/27 15:26:50 | 000,055,280 | ---- | C] () -- C:\Windows\SysWow64\MaMakeUp.dll
    [2012/07/26 13:05:40 | 000,495,616 | ---- | C] () -- C:\Windows\SysWow64\KvpUpCom.dll
    [2012/07/16 03:23:47 | 000,017,408 | ---- | C] () -- C:\Users\yuanhan\AppData\Local\WebpageIcons.db
    [2012/07/01 15:21:49 | 000,001,100 | ---- | C] () -- C:\Users\yuanhan\AppData\Local\d3d8caps.dat
    [2011/10/02 20:20:37 | 000,000,911 | ---- | C] () -- C:\Users\yuanhan\AppData\Roaming\coreavc.ini
    [2011/06/09 12:15:02 | 000,709,992 | ---- | C] () -- C:\Windows\SysWow64\kindling.dll
    [2011/04/23 22:18:10 | 000,100,208 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
    [2011/04/23 22:17:32 | 000,062,136 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
    [2011/04/23 22:16:44 | 000,250,552 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
    [2010/08/25 19:28:06 | 000,006,554 | ---- | C] () -- C:\Users\yuanhan\funshion.ini
    [2009/12/10 00:09:37 | 000,000,947 | ---- | C] () -- C:\Users\yuanhan\AppData\Roaming\DataSafeDotNet.exe
    [2009/11/05 12:59:18 | 000,062,464 | ---- | C] () -- C:\Users\yuanhan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/10/09 20:23:59 | 000,007,728 | ---- | C] () -- C:\Users\yuanhan\AppData\Local\d3d9caps.dat

    ========== ZeroAccess Check ==========

    [2006/11/03 00:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 02:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 02:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 16:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 15:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 11:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/10/26 12:56:14 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\Baidu
    [2012/08/04 11:11:31 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\DivoGames
    [2012/12/01 18:12:44 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\Dropbox
    [2010/10/02 16:35:32 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\Gamelab
    [2009/11/10 15:21:44 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\iWin_generic
    [2011/08/06 00:59:19 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\Juniper Networks
    [2010/11/19 22:33:20 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\KuGou
    [2012/11/03 15:45:26 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\Ladia Group
    [2009/12/27 01:17:29 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\Ludia
    [2009/11/19 19:05:12 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\MysteryStudio
    [2012/09/24 11:07:51 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\PCDr
    [2011/03/22 23:32:52 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\PlayFirst
    [2012/08/04 15:13:30 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\Playrix Entertainment
    [2010/06/20 16:46:22 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\PPLive
    [2010/01/12 21:50:47 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\PPLiveVA
    [2011/12/08 15:35:32 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\ScanSoft
    [2011/11/07 00:24:35 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\Stand O'Food 3
    [2011/10/25 20:43:43 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\SystemRequirementsLab
    [2011/01/03 23:30:15 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\Uniblue
    [2011/09/24 20:33:16 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\Unified Remote
    [2011/09/19 01:46:25 | 000,000,000 | ---D | M] -- C:\Users\yuanhan\AppData\Roaming\YoudaGames

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2010/11/29 16:21:49 | 000,000,972 | ---- | M] ()(C:\Users\yuanhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\???ˉ??1.lnk) -- C:\Users\yuanhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.lnk
    [2010/01/16 22:10:18 | 000,000,972 | ---- | C] ()(C:\Users\yuanhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\???ˉ??1.lnk) -- C:\Users\yuanhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.lnk

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2AEB42F1
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP20FFA63
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:48A80ACF
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:32A82570
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EA701346
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C611D6C8
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7D6EC5BE
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B1FBBD09
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP1B5B4F1

    < End of report >


    Extras.txt:

    OTL Extras logfile created on: 08/12/2012 12:50:32 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\yuanhan\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 72.27% Memory free
    6.19 Gb Paging File | 5.44 Gb Available in Paging File | 87.86% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.07 Gb Total Space | 273.92 Gb Free Space | 60.73% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 5.20 Gb Free Space | 35.47% Space Free | Partition Type: NTFS

    Computer Name: ANDREWGOH-PC | User Name: yuanhan | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 71 CC EB 2E AF D0 CA 01 [binary data]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{097BB2C5-9A3F-4B36-85B4-9FB9C150BF4A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{0E3936BF-470F-4A2A-A1A2-446EE959DC2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{11E03804-6F90-463D-966C-39BB5788B053}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{1488E48F-2E8C-465C-A969-8A022AAC901F}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{1629BE82-6DC2-4F9D-8B48-8546D3CAAABB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{17AE6EB5-38BB-485A-BEA7-E0DCC705E380}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{1923757B-F537-44EC-8631-FFF3C41A3223}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{22552A02-975D-46E9-8D8C-7DA8576DC18C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4082B7C5-1589-4088-8BFC-C01D37D43C2D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{4CC86526-6F0D-4923-AAEC-5E1EC8CF1D3F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{64C95EAE-56CB-45CA-87EB-6F4B312E8A72}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{6840A89D-7073-49F7-B1B2-502ECA8488C3}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{6964EC72-5E2C-4300-8E79-7A0BC99AEC97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{796B426A-061E-47DA-B29F-76E1F487CA7C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{7B9A533C-FD1F-46EA-917D-FC794D7A1873}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{97395FA4-8EE8-4B51-ADF4-0A574DF9F978}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9B9F26D1-BF2A-4EF8-AB98-FA14172A7BB2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{9CD0399F-467F-45C7-B5D4-7A5F8E36AF99}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{A78380C0-BF55-4FE6-A515-389360207237}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{A8B1A8A6-BB53-47FE-B4E2-14A6A809EC83}" = lport=2191 | protocol=17 | dir=in | name=apclog |
    "{B570D755-FDF7-4135-A957-C90BC02D8872}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{B5AE71E9-F59F-4EA0-AC3C-8BD7082F213E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BE515656-21E5-41C7-BFA0-232F4B6E7797}" = lport=6178 | protocol=6 | dir=in | name=apc6178 |
    "{D31ACFCA-312E-4E3E-97B7-538F5EB5F428}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{DB58005F-F616-4E64-8F46-51507649DB9D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DDAF65AD-300C-41E1-BFE5-E1E530F3C527}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EB1CF335-AF3D-421E-BBA6-8EC3EE25EC2A}" = lport=6063 | protocol=6 | dir=in | name=apc6063 |
    "{F03B10DD-7FA0-4E07-B82E-16E752AA5427}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F912400B-B177-47F1-9E9F-D8D2F110A2F5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{F9E58B2B-E0C8-40F6-926C-0A88129E03D3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00F00185-B9E0-4824-AD76-68BCD31FA9EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0130DF16-3439-4DFA-9812-33B5B1E7AF54}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva.exe |
    "{025A3605-22DC-4FB5-8E20-639294FC44B1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{061C55E2-CB2C-498D-9002-6D6B604E3629}" = protocol=6 | dir=in | app=c:\program files (x86)\ppliveva\downloadprogress.exe |
    "{06A775ED-0AD1-4C86-9F81-37D90A49B250}" = protocol=17 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionupgrade.exe |
    "{06C38C37-1693-4C4F-A5F4-975D1BAA583A}" = protocol=17 | dir=in | app=c:\users\yuanhan\appdata\roaming\dropbox\bin\dropbox.exe |
    "{0712D841-8332-4B77-A89A-D90C0F9120A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{0BBA56AB-DCBC-4809-B5B0-5379FA03755B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{0C43E85C-67C6-48EC-BA95-9A994C92F879}" = protocol=6 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.19.0.57\statreport.exe |
    "{0EE638F1-0B82-473B-8D1C-38DFE7DEA120}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{118694EE-55E9-4E0E-B63B-F7353374CABC}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\flvpick.exe |
    "{124F1D61-B706-4C64-9164-920E6FBEC612}" = protocol=17 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.19.0.57\baidup2pservice.exe |
    "{135E4AB3-0819-44D5-8AC0-6AC388C0DED1}" = protocol=6 | dir=in | app=c:\program files (x86)\ppliveva\flvpick.exe |
    "{137870B7-154C-4C09-B9D2-53E6F2A1D2A5}" = protocol=6 | dir=in | app=c:\windows\syswow64\netclient5\n5client.exe |
    "{15A7C306-1D39-4E18-985E-E5978A0743F8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{175B2F34-D6EA-4D14-BE84-BFDCEB8D6DD3}" = protocol=6 | dir=in | app=c:\program files (x86)\ppliveva\ppliveva.exe |
    "{178DCF54-4AC0-4C53-B85C-96E2CA03F4AB}" = protocol=17 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.19.0.57\baidusetupax_0.exe |
    "{17DD10C3-E9E7-4BB6-9E5B-F1F615815C82}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\3.1.8.0039\ppliveu.exe |
    "{1C7BC7E2-02D1-427E-936E-8033F8B31300}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\ppvadownload.exe |
    "{1CC2000F-EB95-4ED2-957F-BBED4B83E853}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva.exe |
    "{1D54EEAE-CCCF-4E4E-ACF1-D5C2984DF975}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\ppvadownload.exe |
    "{1E7A4E03-F8A6-4134-BF11-59B7C99A2AF9}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\crashreporter.exe |
    "{200A2714-49CA-42C0-8738-A3EA2AF47A1D}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\crashreporter.exe |
    "{21747C0E-6DCC-48C0-80BF-BDEF4630A0AB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2357751F-C0F4-49B8-9362-814E366AED19}" = protocol=17 | dir=in | app=c:\windows\system32\pptvlauncher.exe |
    "{24A591CD-2880-4F8E-8A85-60E480F30D75}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{3462EE3A-2E1F-4F61-A624-D06FBA38A307}" = protocol=6 | dir=in | app=c:\program files (x86)\kwmusic\bin\kwmv.exe |
    "{35946390-F1A1-4D87-9459-58E2E308C481}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{37EDC97A-8990-4F44-B88F-0FD9BC3F34DA}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\3.1.8.0039\repairsetup.exe |
    "{3807CF38-F36C-48D1-8286-2E41CB8D9560}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\pplive.exe |
    "{395742B1-F9D2-4D6A-8A83-02886299ABB6}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\flvpick.exe |
    "{397F9C79-17F2-49E2-B1DA-571E52E949FB}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppliveu.exe |
    "{3ADD1665-17A1-44DB-9231-6CA570B242E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3E19623E-D448-4E84-9986-1219A3A0D2D6}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.1717\plugininstaller.exe |
    "{3F707021-CF57-4117-BFAB-35C6EE141F0A}" = protocol=17 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionupgrade.exe |
    "{40056135-66E9-4CF2-93DF-7F1DE9EABC3F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{405C55E9-5618-472A-A182-F11DF877EF17}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{4554CE0D-0F02-40D1-AA66-5CE336518C2F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{47978365-21DC-4FAF-86DC-5A955890E91D}" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectifyd.exe |
    "{4DDA76FE-E805-4806-A70A-6A4ACC9A4E01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4F66787F-81BA-4F64-BCFF-D89354094769}" = protocol=17 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.19.0.57\baiduplayer.exe |
    "{5495BA6A-8B7B-431B-A57C-2782F7C7A94C}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\downloadprogress.exe |
    "{55EA5FA0-468B-42C5-95BD-D8CE540ECC26}" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifyd.exe |
    "{5A6F20F9-BDB6-4E6F-BB43-C264B9638B24}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\crashreporter.exe |
    "{5A7E3DDB-BF4D-4A46-8FAB-815227EBE068}" = protocol=17 | dir=in | app=c:\windows\syswow64\netclient5\n5client.exe |
    "{5B9C29B9-D960-4501-B502-677BCA6E163F}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
    "{5C008030-3FD1-43DC-8260-728F607FAA17}" = protocol=17 | dir=in | app=c:\program files (x86)\ppliveva\ppliveva.exe |
    "{5C496E08-4DE6-477A-B59A-174D165A7446}" = protocol=6 | dir=in | app=c:\program files (x86)\garena messenger\apps\blackshot\blackshot\system\blackshot.exe |
    "{5C6F6376-827C-4F56-BCF3-74F058744B02}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{62BC6B8D-5689-4A3B-902B-29AEE895A3FC}" = protocol=17 | dir=in | app=c:\program files (x86)\ppliveva\downloadprogress.exe |
    "{6370774F-213A-4A02-AAD4-FE86D69B6037}" = protocol=17 | dir=in | app=c:\program files (x86)\ppliveva\flvpick.exe |
    "{6372E438-11B4-40CD-9A2C-543C5D619E73}" = protocol=17 | dir=in | app=c:\blackshot\blackshot\system\blackshot.exe |
    "{63F608C0-4B93-4297-AFE1-4AAC57C7B681}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\3.1.8.0039\crashreporter.exe |
    "{689B4B59-8613-44F0-A88C-208C9632941E}" = protocol=17 | dir=in | app=c:\program files (x86)\garena messenger\apps\blackshot\blackshot\system\blackshot.exe |
    "{6973399C-B4EF-4EB7-B6F5-A9406A3EFAF7}" = protocol=17 | dir=in | app=c:\programdata\ppliveva\application\ppap.exe |
    "{6A446EF1-778D-41CB-B0A1-CFFAD878EA67}" = protocol=6 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionupgrade.exe |
    "{6B6099DA-AB41-4F4A-95AA-9CCA479A2A9B}" = protocol=17 | dir=in | app=c:\program files (x86)\ppliveva\crashupload.exe |
    "{6E9557EC-9B06-4742-832F-215F1F1F9C08}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppliveu.exe |
    "{710B715A-6E24-408A-B235-F514CABD3033}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\3.1.8.0039\repairsetup.exe |
    "{716B133E-0070-4B57-8322-849CFCE8F948}" = protocol=6 | dir=in | app=c:\program files (x86)\ppliveva\crashupload.exe |
    "{717641A1-61AC-4965-816C-1288397D5CAE}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\3.1.8.0039\crashreporter.exe |
    "{7505B8EA-4352-4BFB-917F-A4C6ECE79F8C}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
    "{76904777-1B60-466E-B84E-9DDBAFC32D47}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{779B681D-E490-4073-84C2-51288DED8139}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\ppvadownload.exe |
    "{792E183C-EF77-4097-8937-1ACE461A62B6}" = protocol=17 | dir=in | app=c:\program files (x86)\ppliveva\download.exe |
    "{796D0A09-280A-499E-96A1-793F37BED7D8}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\flvpick.exe |
    "{7AF03980-A017-46B3-BA23-11CBFF43924D}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
    "{7EDD452B-05D5-4026-9079-4479F83102E1}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\pplite\plugin\1.0.1.1717\plugininstaller.exe |
    "{7F6D90DE-644B-430E-ADDB-6668FA9AACEF}" = protocol=6 | dir=out | app=system |
    "{803C31C9-61B8-47A0-A520-E52BDF545655}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{82600560-3DB7-40A0-9522-762D5E666C9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8430994C-2E86-4776-B77B-09B6F5A97832}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\ppvadownload.exe |
    "{8492FC19-5CB2-489C-9D2B-36F9916BF015}" = protocol=17 | dir=in | app=c:\program files (x86)\kwmusic\bin\kwmv.exe |
    "{88B28FFE-9C85-46C7-9DBF-25FE5219B500}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\downloadprogress.exe |
    "{89E616BD-FC0A-42E5-AFCA-6EC7D5E44A63}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{8FCE2703-08BE-4BD7-997D-1178591A6C19}" = protocol=17 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionservice.exe |
    "{917A3FD6-C883-4EE8-B0DA-F753347FFD9F}" = protocol=17 | dir=in | app=c:\program files (x86)\kwmusic\bin\kwmusic.exe |
    "{91AD2682-194F-462C-B4AE-51A69703F780}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva_u.exe |
    "{92AE591C-B6C2-482B-8ED0-9F808EB6B566}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{940B16EB-30AA-490C-98DC-6CCCFF04A98B}" = protocol=6 | dir=in | app=c:\windows\system32\pptvlauncher.exe |
    "{95DDE2A6-534B-4B4F-A6E2-F0C83D80AC13}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{9DDFEA73-92D8-4D2D-8A21-5CCD87DCE808}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
    "{A0BA0BA3-29BF-4A2F-836F-3CC53E7FF03F}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
    "{A51B7B6C-BABF-490B-B276-86B02FDE3281}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
    "{A7EB9AC8-A61A-4854-A5F5-0076BF970170}" = protocol=6 | dir=in | app=c:\program files (x86)\kwmusic\bin\kwmusic.exe |
    "{A8CFCE43-FA76-40DD-A985-E84CF1CDBCD0}" = protocol=6 | dir=in | app=c:\blackshot\blackshot\system\blackshot.exe |
    "{A998786D-57E0-409C-9FC5-B24FEE9E032C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AAC2AFC4-0440-4C44-95FF-9F1D5A512244}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
    "{AC7956DD-2213-4D4C-BDD3-DF0FB51629A3}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
    "{ACE4DB28-9264-486D-8B51-349618040FD8}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{ADF5BED4-4D4D-4431-8962-05723CE192C1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AEAB4A65-D456-458F-A251-7983FE197441}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\downloadprogress.exe |
    "{AFCD23FC-222C-41BE-A364-92773C8F97CD}" = protocol=17 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionservice.exe |
    "{B0239127-37CC-4A10-9A2D-07905916607A}" = protocol=6 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionservice.exe |
    "{B12D8493-FDCC-4A70-AAFE-BAC03A8AAA53}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B2FCBA47-0850-405A-9114-7CACE3327898}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
    "{B409C13C-478E-40EA-AF0D-F4FE7F2E7D8E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{B60A64A8-6473-4D0C-B9A0-E705CE5702AA}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{B7174B57-3C76-409A-A5A8-EB2B1C405073}" = protocol=6 | dir=in | app=c:\program files (x86)\kuwo\kwmusic\bin\kwservice.exe |
    "{B75B2631-51D2-469D-AA31-EFFB7D47BD73}" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
    "{B9D24391-4096-4CE2-A10E-CA6295B9745D}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\flvpick.exe |
    "{BB346EF7-BD6A-479D-B051-6FAA6ADD5742}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
    "{BFB7E296-D5F4-47B6-A668-632FFFFBB599}" = protocol=6 | dir=in | app=c:\users\yuanhan\appdata\roaming\dropbox\bin\dropbox.exe |
    "{C229761D-5C41-4AE6-A290-EC832647E981}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pptv\pplive.exe |
    "{C2C69233-8792-4632-88D3-2E34A988E9C3}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva.exe |
    "{C3D130A5-22CF-4466-9DB5-E2239B6223EE}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{CBE668E9-9C1B-4274-8E74-FE11E3017ED0}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
    "{CC0B7D2C-E29D-4828-AC99-167FFF50A8AE}" = protocol=17 | dir=in | app=c:\program files (x86)\kuwo\kwmusic\bin\kwmusic.exe |
    "{CE84E368-BD2C-4925-9DFB-9582893594C5}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
    "{D13B9F80-F295-4D05-952A-84EFB08DC7E9}" = protocol=6 | dir=in | app=c:\program files (x86)\ppliveva\download.exe |
    "{D9E66833-6430-44B2-8452-D72C987F885F}" = protocol=6 | dir=in | app=c:\windows\syswow64\netclient5\n5client.exe |
    "{DAC266BB-2E57-4BF4-B315-67D0797143CE}" = protocol=17 | dir=in | app=c:\windows\syswow64\netclient5\n5client.exe |
    "{DB251C24-5C85-4B87-9A54-A3EAEF3CAD93}" = protocol=6 | dir=in | app=c:\programdata\ppliveva\application\ppap.exe |
    "{DB60C5D7-5B06-4E65-8BD9-7D9E8BCC18B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{DD0861E3-C023-48B9-A578-3A72A5EE5FDB}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{E2279064-78B3-4BDC-86CF-09FA618EA6AB}" = protocol=17 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.19.0.57\statreport.exe |
    "{E5ABF468-2203-4F41-80CE-3D954FF802D2}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pptv\3.1.8.0039\ppliveu.exe |
    "{E937BCB4-0A9F-4BA0-87DB-A104BCCDDF7B}" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
    "{E992213B-D4C9-4C88-933E-E3A90C4827FC}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\crashreporter.exe |
    "{EBEDDAE0-6458-4E30-B52F-D14C34D825B1}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva.exe |
    "{ED032DAE-E0E9-4BE4-AFDA-240F5FB45ECB}" = protocol=6 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionupgrade.exe |
    "{ED03C223-46FC-4A30-A55E-11A7A8F1F9C8}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
    "{ED94A0EE-BA2A-4BF5-B5D9-1BCBAB580873}" = protocol=6 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.19.0.57\baiduplayer.exe |
    "{EE5A4C64-C309-4CC4-8717-8C52A78035D1}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva_u.exe |
    "{EE9CDD11-7AFD-4FA8-8531-C1741CC1183B}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
    "{EFA81B58-E768-4598-8880-BEA9CAB8577A}" = protocol=6 | dir=in | app=c:\program files (x86)\kuwo\kwmusic\bin\kwmusic.exe |
    "{F1846DE5-D884-410B-8D44-ECF7D523B11D}" = protocol=6 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.19.0.57\baidusetupax_0.exe |
    "{F1BA2AB8-04F7-4A85-8A7A-42880AD55A54}" = protocol=6 | dir=in | app=c:\program files (x86)\baidu\baiduplayer\1.19.0.57\baidup2pservice.exe |
    "{F1DEFD64-5897-49F1-A0C8-4140BEDABD73}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\downloadprogress.exe |
    "{F1F4F7DD-60A3-47A1-8236-BBAC63BD7E6A}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
    "{F2E861A7-621B-48CB-9BBD-9FA1127026EC}" = protocol=17 | dir=in | app=c:\program files (x86)\kuwo\kwmusic\bin\kwservice.exe |
    "{F83B9DB1-339A-484D-B653-FC766923C79F}" = protocol=6 | dir=in | app=c:\program files (x86)\funshion online\funshion\funshionservice.exe |
    "{F96BF311-9624-450F-B91E-E1FCC7206AA3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{F97B821C-3D3A-4322-A285-C3472A70C1FD}" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva_u.exe |
    "{FE0565DD-95A3-4971-A601-91F2A5B74C4F}" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\ppva\ppliveva_u.exe |
    "{FE5CCCD7-3498-4F82-A529-7D333B374EE9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "TCP Query User{74745EBF-01DC-4B67-93FC-9276BA05D611}C:\program files (x86)\pplive\pplive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
    "TCP Query User{C0016157-B98F-4E7F-BBE9-9B5AA2ACA15B}C:\program files (x86)\tudou\tudou\tudouva.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tudou\tudou\tudouva.exe |
    "TCP Query User{E363A7D0-9383-4223-A1B8-E5BD78B5F0B3}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |
    "UDP Query User{8CCE7515-9448-4D55-B78F-CBEE3784E833}C:\program files (x86)\tudou\tudou\tudouva.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tudou\tudou\tudouva.exe |
    "UDP Query User{CB83BBF2-0448-4C44-9D1E-0F51A0487A1B}C:\program files (x86)\pplive\pplive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pplive\pplive.exe |
    "UDP Query User{E6AD1E3B-884B-4069-8371-D9C61BB066D8}C:\program files (x86)\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pplivenetwork\ppap.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{AF8267C6_8886_4cfd_AAC7_48BCB879743F}" = AhnLab V3 Internet Security 8.0
    "{C7663280-83B4-4E21-838C-ACEEB4C61FA2}" = FastAccess
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer
    "{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.6600
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F687C93C-65B4-87B8-69AF-68E541BB2879}" = ccc-utility64
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "CCleaner" = CCleaner
    "Creative OA013" = Integrated Webcam Driver (1.00.04.0310)
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "PC-Doctor for Windows" = Dell Support Center

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02CE757B-C57F-79CE-17C9-F3723AC7FE0A}" = Catalyst Control Center Core Implementation
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{07795B13-99F4-8136-37B0-E515B97CB82B}" = Catalyst Control Center Graphics Full New
    "{0808ADD1-43B3-CFB0-509F-2D72C12F553F}" = CCC Help Swedish
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{1120E4B1-E470-00F9-F4CF-8B34EE071FD2}" = CCC Help Danish
    "{1176DB1D-F475-9256-D967-F349B0FD470F}" = Catalyst Control Center Localization All
    "{12B2EF6A-85A5-40EB-A873-365C6D866E63}" = CCC Help German
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{150031AD-307E-4FF9-3EC3-0EFEA3E17814}" = CCC Help Korean
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20D8E6B9-5E1A-4CE5-83D8-EF3626B6CEF9}" = Catalyst Control Center - Branding
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
    "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
    "{2D91BA8C-FB6F-C423-C833-37A34D4E5C13}" = CCC Help Portuguese
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{321DA430-766C-6365-4A46-91C3634B9436}" = CCC Help Norwegian
    "{37DB6384-A515-5069-7F6E-BEF3F9CDF578}" = Catalyst Control Center Graphics Previews Common
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45473392-C85B-441A-5463-EA9B5BE7B1AE}" = CCC Help Finnish
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
    "{5473F403-460D-46FE-86C7-6F7C7937D439}" = Hells Kitchen
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{600C7626-F316-02E8-37D4-A2C1F36387F0}" = Catalyst Control Center Graphics Full Existing
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{7100A468-2ACA-391A-4452-131E8C178A2B}" = ccc-core-static
    "{7233E76F-4D28-B1A7-2DB1-18F976ACA36E}" = CCC Help Chinese Traditional
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BC71E45-6B3F-D3B8-33BF-04F19F89FFED}" = CCC Help Italian
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A2713510-1932-40C8-A8C4-B9B4CF9CFEE4}" = AhnLab Policy Agent 4.5
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC64B069-151A-4E5B-9274-DF7ABD779578}" = Top Chef Demo
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B080BABD-D859-1662-B740-7ACAF0237995}" = CCC Help Russian
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
    "{B6D8F293-D3AF-6FB2-AF63-B4ADEBD48BAA}" = Skins
    "{B772977D-650A-72C5-C252-AEC44BE0BFD0}" = CCC Help French
    "{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
    "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
    "{CE1A0640-DABD-87BD-8134-F24C7A625D8B}" = CCC Help Japanese
    "{D3EBCC6C-A272-9372-974F-899CF1CD0BBC}" = CCC Help Dutch
    "{DE5F5A4D-DB48-F806-D4F2-9F58795B40FA}" = CCC Help Spanish
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E8F6BF50-6013-13F8-ADFD-5784C057829A}" = Catalyst Control Center Graphics Light
    "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype 6.0
    "{EA60D57B-7C71-F06C-78BF-C1B68F40047E}" = Catalyst Control Center InstallProxy
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0538CEC-BEF3-D3AB-92FA-946A1453D11A}" = CCC Help English
    "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F245BC39-04CB-EEF6-E1CA-965317AA7C29}" = CCC Help Chinese Standard
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{FA5F4B6E-E185-EEF1-AB5F-867A9CF40B84}" = Catalyst Control Center Graphics Previews Vista
    "1ClickDownload" = 1ClickDownloader
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Ancient Rome_is1" = Ancient Rome 1.0
    "Avenue Flo1.0.1.276" = Avenue Flo
    "BaiduPlayer" = BaiduPlayer1.19.0.57
    "BFG-Hotel Dash - Suite Success" = Hotel Dash: Suite Success
    "BFG-Kelly Green Garden Queen" = Kelly Green Garden Queen
    "BlackShot" = Garena - BlackShot
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Cook, Serve, Delicious1.0" = Cook, Serve, Delicious
    "Dell Video Chat" = Dell Video Chat
    "Dell Webcam Central" = Dell Webcam Central
    "Gardenscapes - Mansion Makeover Collectors Edition1.0" = Gardenscapes - Mansion Makeover Collectors Edition
    "Gardenscapes 1.00" = Gardenscapes 1.00
    "GoToAssist" = GoToAssist 8.0.0.514
    "Hisoutensoku English" = NSIS Hisoutensoku English
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Jojo's Fashion Show: World Tour" = Jojo's Fashion Show: World Tour (remove only)
    "Jojos Fashion Show_is1" = Jojos Fashion Show
    "Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
    "Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
    "Kelly Green Garden Queen_is1" = Kelly Green Garden Queen
    "Mobile Broadband Modem" = Mobile Broadband Modem
    "Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
    "PCConfidential_is1" = PC Confidential 2008
    "Quick Search Box" = Google Quick Search Box
    "RaySource" = RaySource 2.2.0.1
    "Revo Uninstaller" = Revo Uninstaller 1.94
    "RSD" = Rising Software Deployment System
    "UnINISafeWeb64" = INISafeWeb 6.4
    "Update Engine" = Sony Ericsson Update Engine
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "Juniper_Setup_Client" = Juniper Networks Setup Client

    Error encountered while reading event logs.

    < End of report >


    Thanks so much for your time!!

  6. #16
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    6,187
    Points
    1099

    Default

    Speaking of time, I need some to look this over. Would you answer a few questions & post the answers .

    How long has the freezing been going on?

    Ever hear any noises from the Hard drive?

    Please answer questions, I'll get back to you after work tomorrow about current log report.

    Thanks,

    Joe




    Optimism is the faith that leads to achievement. Nothing can be done without hope and confidence.

  7. #17
    Member
    Join Date
    Dec 2012
    Posts
    30
    Points
    0

    Default

    How long has the freezing been going on?
    Around 1-2 weeks ago. Before that the system has also been kind of slow. When I was using Google Chrome, Shockwave Flash will have the Not Responding alert, but will return to normal if I leave it alone for a while. Also Blue Screens are pretty often, about 1-2 times a month.

    Ever hear any noises from the Hard drive?
    No, other than the usual kind which I assume all laptops have when the system is switched on and working.

    Thanks so much for your help.

  8. #18
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    6,187
    Points
    1099

    Default

    Please download Malwarebytes' Anti-Malware to your desktop from here--> http://www.malwarebytes.org/products/malwarebytes_free/
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




    Optimism is the faith that leads to achievement. Nothing can be done without hope and confidence.

  9. #19
    Member
    Join Date
    Dec 2012
    Posts
    30
    Points
    0

    Default

    Malwarebytes Anti-Malware 1.65.1.1000
    Malwarebytes : Free anti-malware download

    Database version: v2012.12.08.03

    Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 9.0.8112.16421
    yuanhan :: ANDREWGOH-PC [administrator]

    08/12/2012 16:31:35
    mbam-log-2012-12-08 (16-31-35).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 273915
    Time elapsed: 10 minute(s), 31 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 6
    HKCR\CLSID\{18689D3E-CF06-482F-AEB1-0880F859F0AA} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{5165BFF4-4E35-446F-B00E-EA4185B64F76} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\Interface\{332C1DFF-B83D-40E3-968F-F85E20BF0CFB} (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\Fun.OnlineInstallCtrl.1 (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCR\Fun.OnlineInstallCtrl (PUP.Funshion) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18689D3E-CF06-482F-AEB1-0880F859F0AA} (PUP.Funshion) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 22
    C:\Program Files (x86)\Funshion Online (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\control (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\icon (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\skin (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\backup (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\Baiduflash (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\Baiduflash\subflash (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\Cacheflash (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flash (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashStamp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\download (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\historyTorrent (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\ini (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\screensave (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\Seed (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\serv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\Shortcut (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\update (PUP.Funshion) -> Quarantined and deleted successfully.

    Files Detected: 103
    C:\Users\yuanhan\AppData\Local\Temp\sogouloader.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\Downloads\FunshionInstall2.3.0.21.exe (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\Downloads\SoftonicDownloader_for_remotedroid.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
    C:\Windows\System32\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\---\AppData\Local\Temp\2F88.tmp (Exploit.Drop.GS) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\fpsrv.dll (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\funoictl.dll (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\FunshionGame2.ico (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\FunshionGame3.ico (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\FunshionService.diagnose (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\FunshionService.log (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\Funshop2.ico (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\Funshop3.ico (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\control\1317554397_24570037_1315902892_500.dat (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\control\1317554397_24570037_1315902892_500.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\control\1344134973_1344134973_142440_macross_1342173192_11.dat (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\control\1344134973_1344134973_142440_macross_1342173192_11.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\skin\Default.fskin (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\skin\Family.fskin (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Funshion Online\Funshion\skin\Popular.fskin (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\1346436181_47739080_macross_1343636166_967.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\1346469722_81279385_macross_1343978310_203.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\1348055657_1372267_macross_1342836810_805.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\1348055665_1380096_macross_1342836810_805.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\1348055667_1381797_macross_1342836810_805.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\1348055670_1384795_macross_1342836810_805.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\1348055675_1390234_macross_1342836810_805.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\1348055677_1392369_macross_1342836810_805.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\1348055679_1393772_macross_1342836810_805.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\1350824936_184209278_macross_1340941528_848.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\1350824962_184235426_macross_1340941528_848.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\history.txt (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\Cacheflash\blankFs.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\Cacheflash\donghuanew_18.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flash\B0553E07_BC99_DCE3_5689_BA5484C2B68F.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20120831210409-14310786.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20120831210611-10985874.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20120831210714-2099485.date1352432842.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20120831210803-7430155.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20120831211342-9585360.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20120920154404-115501.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20120920175644-8907006.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20120921162007-4891502.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121024112924-8460944.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121024113141-6086085.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121024114821-4181015.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121025095854-9428468.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121025100150-16620565.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121025150415-7012773.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121025155510-127352.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121031142705-6731510.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121101130500-9712468.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121106110452-13755859.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121106173509-18581171.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121107100237-2389967.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121107110428-15469200.date1352611765.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121109110408-4135885.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121109163655-4706115.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121109202401-9462408.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121109205112-644888.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121110091335-18614040.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121110091709-1938412.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121112183624-5808617.date1353294308.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121114164807-4775264.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121114170256-10652658.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121115134609-3122159.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121116094016-722475.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121116160715-8023715.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121116162930-8326402.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121116164159-14469796.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121116171316-392941.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121119134652-18167241.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121119145329-10035885.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121120173302-7911686.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121121132524-3159960.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121121173305-4047012.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121122175551-2564810.flv (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121122190654-16395819.date1354090295.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121123150137-6542001.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121123172621-1999725.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashNew\20121128183502-3339371.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\cache\flashStamp\F3CB59C3_C881_7F59_8467_F9EC5038DF4A.swf (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\ini\httpfile.ini (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\ini\temp_config.ini (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\Seed\24570037_1315902892_500.fsp (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\Seed\f28b7d9f4bd13c5.json (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\Shortcut\FunShortcut.ini (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\update\AdLinkParamFile.fax (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\update\ad_define.fai (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\update\ad_define.fai.bak (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\update\ad_material.fax (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\update\dlpopwind.json (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\update\flashParam.txt (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\update\flashParam.txt.bak (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\update\popwind.json (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\update\StampPolicy.txt (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\update\updatexmlfile.txt (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\update\热门游戏.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\update\购物网站大全.lnk (PUP.Funshion) -> Quarantined and deleted successfully.
    C:\Users\yuanhan\funshion\update\风行游戏.lnk (PUP.Funshion) -> Quarantined and deleted successfully.

    (end)

  10. #20
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    6,187
    Points
    1099

    Default

    Hi,

    Run OTL again
    Under the Custom Scans/Fixes box at the bottom, copy / and paste in the following text below. Just whats in the code box, not the word code.

    Code:
    :otl
    O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll File not found
    O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [New Value #1] “ctfmon”=”CTFMON.EXE” File not found
    O4 - HKLM..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" File not found
    O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
    O4 - HKLM..\Run: [FAStartup] File not found
    O4 - HKCU..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid File not found
    O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
    O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O4 - Startup: C:\Users\yuanhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.lnk = File not found
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
    O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
    O33 - MountPoints2\{66d47cfe-1c70-11df-839b-002556e0b4fa}\Shell\AutoRun\command - "" = 8xcrbho6.exe
    O33 - MountPoints2\{66d47cfe-1c70-11df-839b-002556e0b4fa}\Shell\open\Command - "" = 8xcrbho6.exe
    O33 - MountPoints2\{a474363b-3d30-11df-8ce4-00256455af38}\Shell\AutoRun\command - "" = F:\8xcrbho6.exe
    O33 - MountPoints2\{a474363b-3d30-11df-8ce4-00256455af38}\Shell\open\Command - "" = F:\8xcrbho6.exe
    [2010/11/29 16:21:49 | 000,000,972 | ---- | M] ()(C:\Users\yuanhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\???ˉ??1.lnk) -- C:\Users\yuanhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.lnk
    [2010/01/16 22:10:18 | 000,000,972 | ---- | C] ()(C:\Users\yuanhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\???ˉ??1.lnk) -- C:\Users\yuanhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.lnk
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:2AEB42F1
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP20FFA63
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:48A80ACF
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:32A82570
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EA701346
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C611D6C8
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7D6EC5BE
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B1FBBD09
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP1B5B4F1
    
    :services
    klif.sys
    klim6.sys
    kl2.sys 
    kl1.sys
    klmouflt.sys
    
    :files 
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    Then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
    Let the program run unhindered, OTL will reboot the PC when it is done.


    In your Next reply:

    1. Post the log it produces.
    2. Let me know how things are.
    3. We can run a scan for Blue screen issue later.

    Note
    :services
    klif.sys
    klim6.sys
    kl2.sys
    kl1.sys
    klmouflt.sys

    Those are left over drivers from Kaspersky Internet Security, that appeared not to be removed. The fix will remove them, drivers can cause a lot of issues including blue screens an more.
    Last edited by zep516; 12-08-2012 at 10:29 AM.




    Optimism is the faith that leads to achievement. Nothing can be done without hope and confidence.

Page 2 of 6 FirstFirst 1234 ... LastLast