ping.exe possible virus?
#1
Posted 14 April 2013 - 01:09 AM
Register to Remove
#2
Posted 17 April 2013 - 04:47 PM
Welcome to WhatTheTech. My name is mowman, and I will be helping you fix your problems.
If you do not make a reply in 3 days, we will have to close your topic.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this topic. The topics you are tracking can be found by clicking on My Topics at the top of any page.
Please take note of some guidelines for this fix:
•Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
•If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
•Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
•Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
Only attach them if requested or if they do not fit into the post
Please download TDSSKiller.zip
- Extract it to your desktop
- Double click TDSSKiller.exe
- Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
If suspicious objects are found select skip - Then click Continue > Reboot now
- Only if Malicious objects are found then ensure Cure is selected
- Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)
Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2
**Note: It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------
Double click on ComboFix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the C:\ComboFix.txt for further review.
#3
Posted 19 April 2013 - 02:21 AM
#4
Posted 19 April 2013 - 09:59 AM
Edited by steph.l, 19 April 2013 - 11:33 PM.
#5
Posted 20 April 2013 - 01:22 PM
- Please open your MalwareBytes AntiMalware Program
- Click the Update Tab and search for updates
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish, so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected. <-- very important
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Next
ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan
Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
- Check
- Click the Start button.
- Accept any security warnings from your browser.
- Check
- Make sure that the option "Remove found threats" is not checked
- Push the Start button.
- ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time. - When the scan completes, push
- Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply. - Push the Back button.
- Push Finish
Also tell me how the computer is running now.
#6
Posted 21 April 2013 - 04:03 AM
#7
Posted 21 April 2013 - 05:49 AM
Download the 32 bit or 64 bit version for your system of FRST and save it to a flash drive.
Plug the flashdrive into the infected PC.
Enter System Recovery Options.
To enter System Recovery Options from the Advanced Boot Options:
- Restart the computer.
- As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
- Use the arrow keys to select the Repair your computer menu item.
- Select US as the keyboard language settings, and then click Next.
- Select the operating system you want to repair, and then click Next.
- Select your user account an click Next.
On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
[/list]----------
#8
Posted 22 April 2013 - 10:11 AM
#9
Posted 22 April 2013 - 02:20 PM
#10
Posted 23 April 2013 - 02:54 AM
Register to Remove
#11
Posted 23 April 2013 - 05:16 AM
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Under Custom Scan paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
CREATERESTOREPOINT
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
- You may need two posts to fit them both in.
- Download aswMBR.exe ( 511KB ) to your desktop.
- Double click the aswMBR.exe to run it
- Click the Scan button to start scan
- On completion of the scan click Save Log, save it to your Desktop and post in your next reply
#12
Posted 24 April 2013 - 12:40 AM
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.47 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 53.32% Memory free
10.62 Gb Paging File | 1.96 Gb Available in Paging File | 18.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.60 Gb Total Space | 185.49 Gb Free Space | 82.59% Space Free | Partition Type: NTFS
Drive D: | 241.16 Gb Total Space | 82.91 Gb Free Space | 34.38% Space Free | Partition Type: NTFS
Computer Name: USERSMI-M4AD7ID | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOptServer.exe ()
PRC - C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe (Alipay Inc. )
PRC - C:\Program Files\alipay\SafeTransaction\Alipaybsm.exe (Alipay Inc. )
PRC - C:\Program Files\alipay\SafeTransaction\AlipaySafeTran.exe (Alipay Inc. )
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOpeServer.exe ()
PRC - C:\ChinaNetSn\bin\NetKeeper.exe (XI AN XINLI SOFTWARE TECHNOLOGY CO.,LTD)
PRC - C:\Program Files\ICBCEbankTools\MingWah\MWREGICBC.exe (ICBC OEM From Mingwah Technologies Co., Ltd)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe ()
PRC - C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PING.EXE (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Program Files\Garena Plus\ggspawn.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\273389de0b6e286cb2bdc83ecb428704\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\22ae167d586450ad3a9b9a9ee43ebc86\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b9f7adbc90a2bcbe8eb9e6e8d2bb975b\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\4cfa42c8b69a64e192f3255ec900457d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\72269ea7cc6281139e4d155e7c57dc67\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll ()
MOD - C:\Users\Public\Thunder Network\KanKan\Pusher\xappdrv.1.0.0.15.dll ()
MOD - C:\ChinaNetSn\bin\xinliPPPoE.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\ChinaNetSn\bin\StringList.dll ()
========== Services (SafeList) ==========
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (SSDPOptService) -- C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOptServer.exe ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ASProxy) -- C:\Program Files\Astrill\ASProxy.exe (Astrill)
SRV - (AlipaySecSvc) -- C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe (Alipay Inc. )
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SSDPOpeService) -- C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOpeServer.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (XLServicePlatform) -- C:\Program Files\Common Files\Thunder Network\ServicePlatform\XLSP.dll (ShenZhen Xunlei Networking Technologies,LTD)
SRV - (ASOVPNHelper) -- C:\Program Files\Astrill\ASOvpnSvc.exe (Astrill)
SRV - (UNS) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV - (ICBC Daemon Service) -- C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe ()
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (GPU-Z) -- C:\Users\ADMINI~1\AppData\Local\Temp\GPU-Z.sys File not found
DRV - (GGSAFERDriver) -- C:\Program Files\Garena Plus\Room\safedrv.sys File not found
DRV - (catchme) -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys File not found
DRV - (netpackets) -- C:\Windows\System32\drivers\netpackets.sys (Blues (18390160))
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (asvpndrv) -- C:\Windows\System32\drivers\asvpndrv.sys (Astrill)
DRV - (iusb3xhc) -- C:\Windows\System32\drivers\iusb3xhc.sys (Intel Corporation)
DRV - (iusb3hub) -- C:\Windows\System32\drivers\iusb3hub.sys (Intel Corporation)
DRV - (iusb3hcs) -- C:\Windows\System32\drivers\iusb3hcs.sys (Intel Corporation)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (XLPPoEPC) -- C:\Windows\System32\drivers\XLPPoEPC.sys (西安信利软件系统公司)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.tao678.com
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...;ctid=CT3220468
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hao.kankan.com/?id=660115
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8DDFFFA8-1C3F-454c-B7BC-6D6CBBA86EC7}: "URL" = http://www.soso.com/...;cid=union.s.wh
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...;ctid=CT3220468
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com...tn=09030047_adr
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: addon@astrill.com:1.6.2
FF - prefs.js..extensions.enabledAddons: {d12b4ac5-7cfd-4189-9422-6a44f564d17c}:1.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@alipay.com/npaliedit: C:\Windows\system32\aliedit\3.3.0.0\npaliedit.dll (Alipay.com co.,ltd)
FF - HKLM\Software\MozillaPlugins\@alipay.com/npAliSecCtrl: C:\Windows\system32\aliedit\3.3.0.0\npAliSecCtrl.dll (Alipay.com Inc. )
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.37\Bin\npSSOAxCtrlForPTLogin.dll ()
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\ProgramData\Thunder Network\Thunder\data\npxunlei1.0.0.2.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\ProgramData\Thunder Network\Thunder\data\npxunlei1.0.0.2.dll ( )
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/01 00:27:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/16 19:05:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/04 00:33:08 | 000,000,000 | ---D | M]
[2012/10/16 19:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/12/29 14:32:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zel2y528.default\extensions
[2012/12/23 19:05:39 | 000,000,000 | ---D | M] (Coupon Matcher) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zel2y528.default\extensions\{d12b4ac5-7cfd-4189-9422-6a44f564d17c}
[2012/11/30 20:49:37 | 000,000,000 | ---D | M] ("Astrill Proxy Switcher") -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zel2y528.default\extensions\addon@astrill.com
[2012/10/16 19:05:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/11 09:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/11 09:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/11 09:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2013/04/20 13:22:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ѸÀ×ÏÂÔØÖ§³Ö) - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.2.10.3694.dll (深圳市迅雷网络技术有限公司)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ICBC Anti-Phishing class) - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll (中国工商银行)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (CouponMatcher) - {E155F23C-9931-47c6-A619-20E6FCA86D75} - C:\Program Files\CouponMatcher\CouponMatcher.dll (CouponMatcher)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MWREGICBC.exe] C:\Program Files\ICBCEbankTools\MingWah\MWREGICBC.exe (ICBC OEM From Mingwah Technologies Co., Ltd)
O4 - HKLM..\Run: [Netkeeper1.0] C:\ChinaNetSn\bin\loader.exe ()
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [GarenaPlus] C:\Program Files\Garena Plus\GarenaMessenger.exe ()
O4 - HKCU..\Run: [Spotify] C:\Users\Administrator\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÀëÏßÏÂÔØ - C:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm ()
O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÏÂÔØ - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm ()
O8 - Extra context menu item: &ʹÓÃ&ѸÀ×ÏÂÔØÈ«²¿Á´½Ó - C:\Program Files\Thunder Network\Thunder\BHO\getAllurl.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\ASProxy.dll (Astrill)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: icbc.com.cn ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {3B3FE354-548D-4DA2-BEC2-52960C31F8E7} https://b2c.icbc.com...bc_mwusbkey.cab (icbc_mwusbkeyCtl Class)
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} https://b2c.icbc.com...afeControls.cab (AxSubmitControl Class)
O16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} https://b2c.icbc.com...CBC_NetSign.dll (InfoSecICBCNetSign Class)
O16 - DPF: {E6C2DD02-CD38-41A1-9B69-3D7E3B64AF9A} https://b2c.icbc.com...c/icbc_mwdv.cab (icbc_mwdvctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54D978D0-1554-4883-BFB2-FF4150B2E601}: DhcpNameServer = 198.18.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EFA8360-8903-4550-8B53-0FD96BF628A9}: NameServer = 202.96.104.17 202.96.104.27
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/04/24 08:42:14 | 000,000,000 | ---D | C] -- C:\FRST
[2013/04/23 17:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/23 16:59:48 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/04/23 16:59:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/04/23 16:59:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/04/23 16:49:15 | 000,051,552 | ---- | C] (Blues (18390160)) -- C:\Windows\System32\drivers\netpackets.sys
[2013/04/22 23:38:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\leo
[2013/04/22 18:18:21 | 001,147,723 | ---- | C] (Farbar) -- C:\Users\Administrator\Desktop\FRST.exe
[2013/04/21 15:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/04/21 14:59:45 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
[2013/04/20 13:22:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/04/20 13:20:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/20 13:15:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/20 13:15:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/20 13:15:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/20 13:15:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/20 13:15:37 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/04/20 13:13:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/20 01:15:01 | 005,057,575 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2013/04/20 01:13:18 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
[2013/04/17 00:14:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2013/04/17 00:14:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013/04/17 00:14:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\TeamSpeak 3 Client
[2013/04/14 14:28:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/04/14 14:04:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2013/04/14 14:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/14 14:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/14 14:03:23 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/14 14:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/14 14:03:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Programs
[2013/04/14 14:01:02 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/08 02:24:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\NetworkTunnel
[2013/04/08 02:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BattlePing
[2013/04/07 15:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snail Games USA
[2013/04/07 00:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WuShu_0.0.1.034
[2013/04/07 00:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AgeofWushu_download
[2013/04/05 19:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/04/05 19:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/04/05 19:34:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Skype
[2013/04/05 19:05:23 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/04/05 19:05:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2013/03/31 01:12:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\thunder network
========== Files - Modified Within 30 Days ==========
[2013/04/24 14:22:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/24 13:22:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/23 22:40:14 | 000,003,582 | ---- | M] () -- C:\Windows\System32\ASProxy.ini
[2013/04/23 22:40:14 | 000,001,976 | ---- | M] () -- C:\Windows\System32\ASProxyOff.ini
[2013/04/23 16:53:39 | 000,021,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/23 16:53:39 | 000,021,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/23 16:50:27 | 000,664,560 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/23 16:50:27 | 000,122,368 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/23 16:49:15 | 000,051,552 | ---- | M] (Blues (18390160)) -- C:\Windows\System32\drivers\netpackets.sys
[2013/04/23 16:46:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/23 16:46:11 | 2793,250,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/22 18:52:15 | 000,000,600 | ---- | M] () -- C:\Users\Administrator\AppData\Local\PUTTY.RND
[2013/04/22 18:18:23 | 001,147,723 | ---- | M] (Farbar) -- C:\Users\Administrator\Desktop\FRST.exe
[2013/04/21 14:59:55 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
[2013/04/20 13:22:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/20 13:13:46 | 005,057,575 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2013/04/20 01:13:05 | 002,218,636 | ---- | M] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2013/04/17 00:14:30 | 000,001,238 | ---- | M] () -- C:\Users\Administrator\Desktop\TeamSpeak 3 Client.lnk
[2013/04/14 14:28:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/04/14 14:27:56 | 000,625,664 | ---- | M] () -- C:\Users\Administrator\Desktop\dds.scr
[2013/04/14 14:03:25 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/14 14:01:50 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.75.0.1300.exe
[2013/04/12 02:54:26 | 000,106,496 | ---- | M] () -- C:\Users\Administrator\Desktop\image.png
[2013/04/11 13:45:33 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/04/11 13:45:33 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/04/08 02:09:24 | 000,000,998 | ---- | M] () -- C:\Users\Public\Desktop\BattlePing.lnk
[2013/04/07 15:01:26 | 000,000,665 | ---- | M] () -- C:\Users\Public\Desktop\Age of Wushu.lnk
[2013/04/05 19:36:43 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/04/05 02:48:29 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Astrill.lnk
[2013/04/05 00:07:19 | 001,355,547 | ---- | M] () -- C:\Users\Administrator\Desktop\IMG-20130404-00492.jpg
[2013/04/04 23:35:27 | 000,045,804 | ---- | M] () -- C:\Users\Administrator\Desktop\IMG-20130404-00913.jpg
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/04 05:35:08 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/04/04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/04/04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/04/01 12:24:33 | 000,399,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/01 00:27:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
========== Files Created - No Company Name ==========
[2013/04/20 13:15:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/20 13:15:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/20 13:15:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/20 13:15:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/20 13:15:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/20 01:12:41 | 002,218,636 | ---- | C] () -- C:\Users\Administrator\Desktop\tdsskiller.zip
[2013/04/17 00:14:30 | 000,001,238 | ---- | C] () -- C:\Users\Administrator\Desktop\TeamSpeak 3 Client.lnk
[2013/04/14 14:27:47 | 000,625,664 | ---- | C] () -- C:\Users\Administrator\Desktop\dds.scr
[2013/04/14 14:03:25 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/12 02:54:20 | 000,106,496 | ---- | C] () -- C:\Users\Administrator\Desktop\image.png
[2013/04/07 15:01:26 | 000,000,665 | ---- | C] () -- C:\Users\Public\Desktop\Age of Wushu.lnk
[2013/04/05 19:36:43 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/04/04 23:35:22 | 001,355,547 | ---- | C] () -- C:\Users\Administrator\Desktop\IMG-20130404-00492.jpg
[2013/04/04 22:56:09 | 000,045,804 | ---- | C] () -- C:\Users\Administrator\Desktop\IMG-20130404-00913.jpg
[2013/04/01 00:27:05 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/04/01 00:27:04 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/03/03 18:05:08 | 002,210,832 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\ssdp_21352594.exe
[2012/12/15 19:25:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2012/12/13 16:19:56 | 000,000,400 | ---- | C] () -- C:\ProgramData\TestPreferences
[2012/12/10 21:54:27 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
[2012/12/05 13:37:32 | 002,177,624 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\ssdp_42902701.exe
[2012/12/01 16:50:07 | 000,003,582 | ---- | C] () -- C:\Windows\System32\ASProxy.ini
[2012/12/01 16:50:07 | 000,001,976 | ---- | C] () -- C:\Windows\System32\ASProxyOff.ini
[2012/11/24 21:52:16 | 000,001,078 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\base64.cer
[2012/11/24 21:31:52 | 000,174,208 | ---- | C] () -- C:\Windows\System32\icbcclean.dll
[2012/11/24 21:31:52 | 000,113,792 | ---- | C] () -- C:\Windows\System32\EditControl.dll
[2012/11/24 21:31:52 | 000,072,832 | ---- | C] () -- C:\Windows\System32\UploadControl.dll
[2012/10/10 22:23:59 | 000,000,600 | ---- | C] () -- C:\Users\Administrator\AppData\Local\PUTTY.RND
[2012/10/09 00:24:30 | 000,007,603 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2012/10/09 00:09:19 | 000,000,037 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\1754111884ee9ab5277ca00.95260103
[2012/10/02 21:47:21 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2012/10/02 09:08:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/02 09:07:04 | 000,015,128 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2012/10/02 09:04:55 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/10/02 09:04:21 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012/10/02 09:03:29 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/10/02 09:03:25 | 000,034,575 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/10/02 09:01:37 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/10/02 09:01:37 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/10/02 09:01:36 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2012/10/01 21:48:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2012/10/01 21:48:34 | 000,593,920 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/10/01 21:48:34 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/10/01 21:48:34 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/09/28 15:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/07/13 10:39:42 | 001,636,560 | ---- | C] () -- C:\Windows\System32\SubmitControl.dll
[2012/07/13 10:39:42 | 000,308,432 | ---- | C] () -- C:\Windows\System32\InputControl.dll
[2012/05/23 23:31:02 | 000,632,252 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/03/05 20:59:04 | 003,737,794 | ---- | C] () -- C:\Windows\WindowsLoader.exe
[2012/03/03 23:39:52 | 000,001,062 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll
[2012/02/03 13:08:06 | 000,001,536 | ---- | C] () -- C:\Windows\System32\IusEventLog.dll
========== ZeroAccess Check ==========
[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 05:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/04/05 19:10:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Astrill
[2012/12/23 19:05:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Coupon Matcher
[2012/10/04 20:55:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Garena
[2013/04/23 16:51:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GarenaPlus
[2012/12/23 19:06:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Go PDF Reader
[2013/04/08 02:24:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NetworkTunnel
[2013/04/05 19:35:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Old_Skype
[2012/11/01 19:57:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Origin
[2012/10/25 13:16:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PunkBuster
[2012/11/05 17:40:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Rockstar Games
[2012/11/08 14:39:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sports Interactive
[2013/04/23 21:27:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spotify
[2013/04/23 16:49:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SSDPOpt
[2012/11/24 00:17:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2012/11/23 01:32:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tencent
[2013/04/20 14:40:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2012/12/08 02:52:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tunngle
[2013/04/23 16:38:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2012/10/09 00:26:50 | 000,000,000 | -HSD | M] -- C:\Users\Administrator\AppData\Roaming\wyUpdate AU
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2010/11/21 05:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\erdnt\cache\explorer.exe
[2010/11/21 05:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/21 05:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/21 05:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/21 05:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/21 05:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/21 05:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/21 05:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/21 05:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
< C:\Windows\assembly\tmp\U\*.* /s >
[2009/07/14 12:53:46 | 000,032,656 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 12:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012/10/03 00:11:01 | 000,000,896 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/10/03 00:11:02 | 000,000,900 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
========== Files - Unicode (All) ==========
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
< End of report >
--------------------------------------------------------------------------------------------------------------------------
extras:
OTL Extras logfile created on: 4/24/2013 2:29:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.47 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 53.32% Memory free
10.62 Gb Paging File | 1.96 Gb Available in Paging File | 18.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.60 Gb Total Space | 185.49 Gb Free Space | 82.59% Space Free | Partition Type: NTFS
Drive D: | 241.16 Gb Total Space | 82.91 Gb Free Space | 34.38% Space Free | Partition Type: NTFS
Computer Name: USERSMI-M4AD7ID | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{45367419-8C77-4026-A2A7-E88702161608}" = lport=50000 | protocol=17 | dir=in | name=sina_live |
"{B2767314-FF66-4FA2-906C-995B9A8A8786}" = lport=6002 | protocol=6 | dir=in | name=sina_live |
"{C0AD885D-C92D-431D-98CE-D0F1A00895E2}" = lport=6001 | protocol=6 | dir=in | name=sina_live |
"{E0446D69-542B-46BF-AEC4-E069B3336052}" = lport=33674 | protocol=17 | dir=in | name=thunderlan(udp) |
"{E5359070-BC42-490D-A083-5E9890C87248}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{E9AAB652-C7EB-4FD6-A593-34DE934E4978}" = lport=33673 | protocol=6 | dir=in | name=thunderlan(tcp) |
"{ED0EFC71-C6E0-48A0-A3E3-37CA702DF9FD}" = lport=50001 | protocol=17 | dir=in | name=sina_live |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01321D75-B837-432F-9055-16FD3FD7BAF2}" = protocol=6 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\fc3editor.exe |
"{03098914-16A6-4FA5-946C-189FE9B0565A}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderliveud.exe |
"{0334425D-D30B-4112-A1C4-25ABE097DE29}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\spotify\spotify.exe |
"{05407371-3486-452D-9C73-C681C44BEDDF}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.139_1111\xlbugreport.exe |
"{062EE273-6C72-42F1-9808-44E9155587D2}" = protocol=17 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{0D65CD37-CFAA-4C3C-AD1B-D00F614A9827}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\xbrowser.exe |
"{0E5FDA82-0AEE-4F98-94E7-196CB9EDD389}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\thunder.exe |
"{0FC3CAED-B6D5-48AE-B88A-A0BF9818A5E7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\planetside 2\awesomium_process.exe |
"{111E5E5E-4404-49B8-A17B-6AD44B81028E}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{135F29D4-538D-4E8A-B67C-CA432E980B1C}" = protocol=17 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\fc3updater.exe |
"{1381D1E9-4398-4AE1-8FF6-B79BA5AB86A4}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{18A3D59A-7C4E-472F-891D-B497A53BD691}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\xbrowser.exe |
"{1A697D2F-6FC7-463E-9E14-9953318C9364}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\bindkw49.exe |
"{1E792421-C76D-4442-9BD1-C7E3B1B23C33}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{20D08D4C-D4FF-4A6D-B554-6D288287BE9A}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\thunderbhostat.exe |
"{2333DA44-7954-4BF1-9063-64EAADD1ADF5}" = protocol=6 | dir=in | app=d:\program files\pro evolution soccer 2013\pes2013.exe |
"{24808B09-8A72-4A1A-BCA0-E910891F4E0B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{27D9291B-CD78-4A81-A8A9-AAFA1445A226}" = protocol=17 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\farcry3.exe |
"{290B21D1-C885-47E6-84DB-E8647B0A2B65}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderliveud.exe |
"{2A4CF271-6CBE-4BDC-9D77-C46CDEB9BCFD}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\nspcc87.tmp\qqpcdetector.exe |
"{2D3F9066-98DF-41B1-98E2-689F871D1E0E}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{2DA8D9DF-3556-4BC3-B729-E3B86E82CA13}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\bindkw49.exe |
"{2ECA49FA-9FAE-4510-9FBF-E66B58D12070}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\xldoctor\7.2.10.3694_1\program\xldoctorui.exe |
"{2FC63273-7CC0-47FA-85A9-99F2066593A7}" = protocol=6 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderplatform.exe |
"{317101A3-5E7F-47E9-A14C-7A87A7D26FBA}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\xmpboot.exe |
"{31887C24-0B50-49B7-99DA-C963AFA1D2EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{31C9C9AC-A689-442C-8C18-F70E1812A80F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{3440E4E5-2467-41A3-B397-323EA6A48915}" = protocol=6 | dir=in | app=c:\chinanetsn\bin\stupdate.exe |
"{3669FB98-A8D2-4B79-AB71-3D61922FA852}" = protocol=6 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\fc3updater.exe |
"{3FED8F96-D69D-4FF7-BBAD-DAAEE297F885}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\planetside 2\planetside2.exe |
"{40A71359-7454-4E5A-9A2E-A15E124F5955}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\recinstalldl\recinst.exe |
"{410DD72D-DF00-4B3D-89C6-F9F0FDF7334E}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\thunderliveud.exe |
"{4E443B7D-4D51-4C43-AF54-AF2834A28BD6}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\nspcc87.tmp\qqpcdetector.exe |
"{4E93160B-CCE2-4CDD-BA7A-F791F94E93AD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{50E1EAAD-379D-4D88-B9A6-753573F0E2C5}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{521255FC-2660-4259-BDFC-56ADEA5289E9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5825C4EB-B227-4847-AA51-CAC98E74745F}" = protocol=17 | dir=in | app=d:\program files\fifa 13\game\fifa13.exe |
"{58D9B614-1A50-4428-9385-27A8E662B907}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\recinstalldl\recinst.exe |
"{5A34637C-1895-4025-BA54-68B2C574D757}" = protocol=6 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{5F28F860-38F1-4149-86AB-9661F718C720}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\thunderliveud.exe |
"{61444B02-F38F-4C94-8FA5-496B542E6EC5}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\thunderexternal\thunderplatform.exe |
"{6859473F-BCA3-4C43-A50B-3721215EE069}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\planetside 2\planetside2.exe |
"{685BA929-1B27-479F-9D5F-26D6E9DD2D90}" = protocol=6 | dir=in | app=d:\program files\pro evolution soccer 2013\pes2013.exe |
"{6B03833E-D822-4711-AA85-1183AF066AFC}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\lanspeedviewer\speed_viewer_i.exe |
"{6C2D0673-9DFC-4D30-AADD-0D8A2FCCBD71}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.139_1111\xlbugreport.exe |
"{6CFCDF3C-9892-4282-9042-C0EF3B62F58B}" = protocol=17 | dir=in | app=d:\program files\ubisoft\assassin's creed revelations\acrmp.exe |
"{6EB08F06-EEF3-4DEC-B7FA-97E293261A83}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6F7C506C-67E5-4694-A8EB-9B65CF735D50}" = protocol=17 | dir=in | app=c:\program files\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderplatform.exe |
"{6FF82E48-C5D6-4EFA-89D2-54D49CDB2EE1}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{70F57DC0-1E88-4AE4-8C58-35C4E85668E4}" = protocol=17 | dir=in | app=d:\program files\pro evolution soccer 2013\pes2013.exe |
"{741D3BA5-7896-4F02-9982-4C7A0C8135A2}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8059FE55-3C86-4BA1-8631-4FF33571AEB4}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\thunder.exe |
"{93BAEE1D-F511-470B-8AE8-224650A849B3}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\lanspeedviewer\lsp_check.exe |
"{981AD97B-B7FD-480F-BDC3-1E4E5F3CA1A8}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\filelink\xlfilelink.exe |
"{9A29668E-74BE-4ECB-8310-C76D3768C2EF}" = protocol=6 | dir=in | app=c:\program files\thunder network\xmp\program\xmp.exe |
"{9C48C16C-0DE0-42B0-8F6F-E88FB47CDA1C}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\netmon\net_monitor_i.exe |
"{9FC2FFD7-A184-458E-AA20-6BFFB0AE17DE}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\bbinside\baidu-tb-asbar.exe |
"{A0963212-AD15-4DA4-BAFA-E89EE28784E2}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A3403F7B-D1BB-452B-8297-EEA046717629}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\lanspeedviewer\speed_viewer_i.exe |
"{A3D043D9-9F3A-4724-9BC7-8392D4DC785A}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\netmon\lsp_check.exe |
"{AA425C54-E885-48C3-9409-8014132E9F1B}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{B14BB00A-F3FB-4BC5-897D-ED62AB6666AB}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{BAC9BA4E-690B-4A62-84DB-E8E1E40D1F98}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\planetside 2\awesomium_process.exe |
"{BC3B46B9-AC8E-476C-8A78-2427BD6D4B8C}" = protocol=17 | dir=in | app=d:\program files\pro evolution soccer 2013\pes2013.exe |
"{BCF70033-A61C-4EEE-9FB1-19670E71EDA8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C2989693-5EED-47B3-8455-E24A3EE8E6F9}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\thunderexternal\thunderplatform.exe |
"{C738786E-E4F6-43E4-8AF5-985B275BFBC8}" = protocol=6 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\farcry3.exe |
"{C95CE6BF-8365-44B3-8B8D-19017C4E46F6}" = protocol=6 | dir=in | app=d:\program files\ubisoft\assassin's creed revelations\acrmp.exe |
"{CC357405-2527-4EA2-91CC-7E8E0DB7D706}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{CD58B15B-E406-4621-A526-30AB49F98655}" = protocol=17 | dir=in | app=d:\program files\ubisoft\farcry 3\bin\fc3editor.exe |
"{CD98C46D-4ADE-4D39-975D-E6279E349896}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\lanspeedviewer\lsp_check.exe |
"{CDD91512-45F2-4742-9664-F606E5740B7D}" = protocol=17 | dir=in | app=c:\program files\thunder network\xmp\program\xmp.exe |
"{D0C6F552-DB2C-4175-88D1-9076A407ADC1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D2C51A7D-014C-4D23-A8DC-2CB9B5F9C297}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{D841CF2B-40FD-4FEC-9983-C31048566EBB}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\bbinside\baidu-tb-asbar.exe |
"{DB1B2B66-A5F4-4C0A-A697-6104FF4C0CA1}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{DB9FE7C8-931E-4170-A8F1-367866CB79C5}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\program\filelink\xlfilelink.exe |
"{E3351D7F-9C30-4AB0-A74C-7B40934D53E6}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\xmpboot.exe |
"{E6415863-71E3-436E-BCB3-B87F98121BBE}" = protocol=17 | dir=in | app=c:\chinanetsn\bin\stupdate.exe |
"{EC8944FF-5F6A-4C13-907E-E222E505C637}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\spotify\spotify.exe |
"{EF36052B-E977-4E44-B615-2B0405404D9A}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\netmon\lsp_check.exe |
"{F123608F-C005-4F7C-881A-1383159CDBDA}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\xldoctor\7.2.10.3694_1\program\xldoctorui.exe |
"{F17CB571-EE91-402A-9575-EA378E1863CD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F575D12B-A2AB-4A6E-8AEC-D3B7C2BE77AC}" = protocol=17 | dir=in | app=c:\program files\thunder network\thunder\netmon\net_monitor_i.exe |
"{F6A09686-B7D4-4424-8C50-8C972495E6F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F791E6D2-92AC-4B76-93D5-03E68EBD1B23}" = protocol=6 | dir=in | app=c:\program files\thunder network\thunder\program\thunderbhostat.exe |
"{F87EA511-79BD-4337-8499-A2E4C8ED1144}" = protocol=6 | dir=in | app=d:\program files\fifa 13\game\fifa13.exe |
"TCP Query User{1441724C-013D-4622-A1D0-F3522F10A33A}D:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\guild wars 2\gw2.exe |
"TCP Query User{14EF886B-CF51-4F09-8894-15A4727DE71B}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{19865F4D-17C3-47A0-8EDB-B501160335B2}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{27D3C05E-18DA-47B9-BEE4-55485D1C7A28}D:\program files\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=d:\program files\max payne 3\maxpayne3.exe |
"TCP Query User{2B7F3FDC-EC04-4B3F-A3E7-14029B859DC5}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"TCP Query User{345085FC-4658-4C86-B4C2-8A9CBC856359}D:\program files\garenahon\gamedata\apps\hon\hon.exe" = protocol=6 | dir=in | app=d:\program files\garenahon\gamedata\apps\hon\hon.exe |
"TCP Query User{492028F3-F330-445F-9760-7453774321F3}D:\program files\call of duty modern warfare 3\call of duty modern warfare 3\iw5mp.exe" = protocol=6 | dir=in | app=d:\program files\call of duty modern warfare 3\call of duty modern warfare 3\iw5mp.exe |
"TCP Query User{57DECCE3-970F-45FD-A2EB-F3AEDD7E3FC5}D:\download\honinstaller.exe" = protocol=6 | dir=in | app=d:\download\honinstaller.exe |
"TCP Query User{5F18A758-ED0B-4A05-AEAD-FEBDDE17E877}C:\program files\battleping\battleping.exe" = protocol=6 | dir=in | app=c:\program files\battleping\battleping.exe |
"TCP Query User{649CC5D8-A9A1-422E-B047-D5D262BF63F2}D:\program files\bioware\mass effect 3\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=d:\program files\bioware\mass effect 3\binaries\win32\masseffect3.exe |
"TCP Query User{76EBB2DC-D829-4BDB-BA0D-9DCA33033E4D}D:\program files\r.g. mechanics\call of duty black ops 2\t6sp.exe" = protocol=6 | dir=in | app=d:\program files\r.g. mechanics\call of duty black ops 2\t6sp.exe |
"TCP Query User{7901FA78-0962-4C83-BAC8-5C79205272F3}D:\download\fifa.13-3dm\fifa 13\game\fifa13.exe" = protocol=6 | dir=in | app=d:\download\fifa.13-3dm\fifa 13\game\fifa13.exe |
"TCP Query User{A325E1C6-0EC6-42C7-8048-A116F520210B}D:\program files\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=d:\program files\ccp\eve\bin\exefile.exe |
"TCP Query User{A7BA0000-05D8-4CDF-AC39-93F0AC9A6E0A}D:\program files\call of duty modern warfare 3\call of duty modern warfare 3\iw5sp.exe" = protocol=6 | dir=in | app=d:\program files\call of duty modern warfare 3\call of duty modern warfare 3\iw5sp.exe |
"TCP Query User{AEE20B31-5DDC-4CA4-8326-99C0AF932A9F}D:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=6 | dir=in | app=d:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"TCP Query User{B157E334-9200-4B13-BE00-DBFA2194D66F}D:\program files\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=d:\program files\2k games\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{B20D63D7-3053-4E78-B03B-A23DE04DCC16}D:\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=d:\sony online entertainment\installed games\planetside 2\planetside2.exe |
"TCP Query User{EAF6E626-FD20-45B0-BF57-F36D06A833BA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F36D9A46-ABE7-421A-84AF-37CD0C68E1D0}C:\program files\garena plus\garenamessenger.exe" = protocol=6 | dir=in | app=c:\program files\garena plus\garenamessenger.exe |
"TCP Query User{F80F1A71-D2E3-459A-963E-DF681056FB6A}D:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=d:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{2224086F-0671-45E2-9FFF-A0DCEAE546BE}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{25303401-20EE-40AD-AFD8-2ABC6540DA87}D:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=17 | dir=in | app=d:\program files\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"UDP Query User{265653D1-3B32-4C27-B813-C978D99AD4B5}D:\program files\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=d:\program files\ccp\eve\bin\exefile.exe |
"UDP Query User{326792CC-410E-44A0-BCF6-BD281C644DAA}D:\program files\bioware\mass effect 3\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=d:\program files\bioware\mass effect 3\binaries\win32\masseffect3.exe |
"UDP Query User{34DD6A67-E931-4BB9-8716-B98B6C32231D}C:\program files\battleping\battleping.exe" = protocol=17 | dir=in | app=c:\program files\battleping\battleping.exe |
"UDP Query User{381528F8-67DA-46D0-B0BA-6351ADD92AF7}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{4C4BC5DE-65FD-4184-86F4-4E5228577507}D:\program files\call of duty modern warfare 3\call of duty modern warfare 3\iw5mp.exe" = protocol=17 | dir=in | app=d:\program files\call of duty modern warfare 3\call of duty modern warfare 3\iw5mp.exe |
"UDP Query User{64C76B1C-1545-4E16-9E1A-1FF7A7F0E8BC}D:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\guild wars 2\gw2.exe |
"UDP Query User{701DA910-04C2-47A1-A581-C5EAC9D585E9}D:\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=d:\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{91506DB6-FE80-4AE0-A3EC-3A043B8896E8}D:\download\fifa.13-3dm\fifa 13\game\fifa13.exe" = protocol=17 | dir=in | app=d:\download\fifa.13-3dm\fifa 13\game\fifa13.exe |
"UDP Query User{997A0D4E-1675-4845-9A39-55F8730A97BA}C:\program files\garena plus\garenamessenger.exe" = protocol=17 | dir=in | app=c:\program files\garena plus\garenamessenger.exe |
"UDP Query User{A0AC446E-47B1-4624-9649-A6AC9E1042BC}D:\program files\garenahon\gamedata\apps\hon\hon.exe" = protocol=17 | dir=in | app=d:\program files\garenahon\gamedata\apps\hon\hon.exe |
"UDP Query User{B4730E12-085C-430E-AED7-71B2D3D5FA84}D:\program files\call of duty modern warfare 3\call of duty modern warfare 3\iw5sp.exe" = protocol=17 | dir=in | app=d:\program files\call of duty modern warfare 3\call of duty modern warfare 3\iw5sp.exe |
"UDP Query User{B9994AFC-CE94-450A-8179-E1BA37D99863}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C211F5BF-7E7F-4AF1-B2CC-BB2CE8A91BF8}D:\program files\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=d:\program files\max payne 3\maxpayne3.exe |
"UDP Query User{C41B9A3F-ECE3-4B2C-8931-662D375E6AA5}D:\program files\r.g. mechanics\call of duty black ops 2\t6sp.exe" = protocol=17 | dir=in | app=d:\program files\r.g. mechanics\call of duty black ops 2\t6sp.exe |
"UDP Query User{C9CB9876-86C6-4D2D-BFCD-0B794394C170}D:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=d:\program files\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{D0469653-5098-4520-AF15-6454BEB9AD00}D:\download\honinstaller.exe" = protocol=17 | dir=in | app=d:\download\honinstaller.exe |
"UDP Query User{DCDF4759-3F6B-44D8-9CBA-6B705FE6274D}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{DF8A1DC2-3761-47DF-AF4E-FCE7CD2B3438}D:\program files\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=d:\program files\2k games\borderlands 2\binaries\win32\borderlands2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard
"{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052
"{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French
"{3561742A-2478-4FAB-A44B-38A26E1FE14F}" = ICBCChromeExtension
"{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian
"{3E7D839E-A6E7-B6F8-F855-CF69756E6331}" = AMD Media Foundation Decoders
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5180FB30-2AC7-1627-9856-AA0AE6ACB7E7}" = ccc-utility
"{51A66ED3-200E-4147-8D1E-E8D30936FD26}" = Intel® Trusted Connect Service Client
"{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish
"{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish
"{876B50AF-D46A-ED35-C625-20F326FE0C49}" = AMD Accelerated Video Transcoding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = Catalyst Control Center
"{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{949AF9A1-772E-4D93-96B7-0AC18648C3F3}" = ICBCEBankAssist
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch
"{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A0AFB64E-79E1-45BF-BA6C-18C21E007D8E}" = Age of Wushu
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish
"{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1" = Astrill
"{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean
"{D137E548-E288-46E8-BAC7-D232F77766F5}" = 中国工商银行防钓鱼软件
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D5068813-9F8D-9F7A-92C0-A3EECBA2D82B}" = AMD Catalyst Install Manager
"{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All
"{D9941688-1BEF-79EF-0FD9-E0A67E2CFE0F}" = AMD Drag and Drop Transcoding
"{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech
"{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese
"{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"alieditplus" = Ö§¸¶±¦°²È«¿Ø¼þ 3.7.0.0
"AlipayDHC" = AlipayDHC 1.0.0.0
"AlipaySafeTransaction" = SafeTransaction 5.3.0.0
"AlipaySecControl" = Alipay security control 3.3.0.0
"avast" = avast! Free Antivirus
"BattlePing" = BattlePing 1.3.2.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Matcher" = Coupon Matcher
"CouponMatcher" = CouponMatcher
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HoN" = Garena - Heroes of Newerth
"ICBC_MW_UShield2" = Guide to ICBC USB-Shield program (Minghua) Uninstall
"im" = Garena Plus
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.1.0 Full
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Netkeeper" = Netkeeper 1.0(Only use remove)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"Pro Evolution Soccer 2013_is1" = Pro Evolution Soccer 2013
"Steam App 570" = Dota 2
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"thunder_is1" = ѸÀ×7
"uTorrent" = µTorrent
"uTorrentControl_v2 Toolbar" = uTorrentControl_v2 Toolbar
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR archiver
"新浪Live" = 新浪Live
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CCTVPlayer" = CCTV Player Uninstall
"SOE-C:/Users/Administrator/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/22/2013 3:53:23 AM | Computer Name = USERSMI-M4AD7ID | Source = WinMgmt | ID = 10
Description =
Error - 4/22/2013 6:52:14 AM | Computer Name = USERSMI-M4AD7ID | Source = Application Error | ID = 1000
Description = Faulting application name: SSDPOptServer.exe, version: 3.0.6.9, time
stamp: 0x51306620 Faulting module name: SSDPOptServer.exe, version: 3.0.6.9, time
stamp: 0x51306620 Exception code: 0xc0000005 Fault offset: 0x00004667 Faulting process
id: 0x8dc Faulting application start time: 0x01ce3f2e3b7bb7e9 Faulting application
path: C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOptServer.exe Faulting
module path: C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOptServer.exe Report
Id: b0f0a5c4-ab3a-11e2-80f5-10bf48b899de
Error - 4/22/2013 12:01:22 PM | Computer Name = USERSMI-M4AD7ID | Source = SSDPOptService | ID = 0
Description =
Error - 4/22/2013 12:04:14 PM | Computer Name = USERSMI-M4AD7ID | Source = WinMgmt | ID = 10
Description =
Error - 4/22/2013 12:06:50 PM | Computer Name = USERSMI-M4AD7ID | Source = SSDPOptService | ID = 0
Description =
Error - 4/22/2013 12:09:50 PM | Computer Name = USERSMI-M4AD7ID | Source = Application Hang | ID = 1002
Description = The program spotify.exe version 0.9.0.117 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1268 Start
Time: 01ce3f73c7a4599d Termination Time: 16 Application Path: C:\Users\Administrator\AppData\Roaming\Spotify\spotify.exe
Report
Id: 0b5e8451-ab67-11e2-80f2-10bf48b899de
Error - 4/22/2013 12:10:46 PM | Computer Name = USERSMI-M4AD7ID | Source = WinMgmt | ID = 10
Description =
Error - 4/22/2013 1:26:10 PM | Computer Name = USERSMI-M4AD7ID | Source = WinMgmt | ID = 10
Description =
Error - 4/23/2013 4:48:04 AM | Computer Name = USERSMI-M4AD7ID | Source = WinMgmt | ID = 10
Description =
Error - 4/23/2013 5:17:16 AM | Computer Name = USERSMI-M4AD7ID | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.
[ System Events ]
Error - 4/22/2013 6:52:15 AM | Computer Name = USERSMI-M4AD7ID | Source = Service Control Manager | ID = 7031
Description = The SSDP OptService service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.
Error - 4/22/2013 12:01:26 PM | Computer Name = USERSMI-M4AD7ID | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%13
Error - 4/22/2013 12:06:54 PM | Computer Name = USERSMI-M4AD7ID | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%13
Error - 4/22/2013 12:06:54 PM | Computer Name = USERSMI-M4AD7ID | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = The BITS service failed to start. Error 2147943515.
Error - 4/22/2013 12:06:54 PM | Computer Name = USERSMI-M4AD7ID | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error %%-2147023781.
Error - 4/22/2013 12:08:04 PM | Computer Name = USERSMI-M4AD7ID | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = The BITS service failed to start. Error 2147943515.
Error - 4/22/2013 12:08:04 PM | Computer Name = USERSMI-M4AD7ID | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error %%-2147023781.
Error - 4/22/2013 12:08:04 PM | Computer Name = USERSMI-M4AD7ID | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%1115
Error - 4/23/2013 4:39:23 AM | Computer Name = USERSMI-M4AD7ID | Source = Service Control Manager | ID = 7000
Description = The SSDP OpeServer service failed to start due to the following error:
%%109
Error - 4/23/2013 4:39:23 AM | Computer Name = USERSMI-M4AD7ID | Source = Service Control Manager | ID = 7000
Description = The SSDP OpeServer service failed to start due to the following error:
%%109
< End of report >
#13
Posted 24 April 2013 - 01:02 AM
#14
Posted 24 April 2013 - 04:04 AM
Please scan the following files
- Please visit Virus Total by clicking here.
- Click the Browse button and search for the following file: c:\windows\system32\drivers\netpackets.sys
- Click Open.
- Then click Send File.
- Please be patient while the file is scanned.
- If Virus Total tells you that the file has already been scanned, click "reanalyse now".
- Once the scan results appear, copy and paste them into Notepad and repeat the procedure for the following file(s):
- c:\users\Administrator\AppData\Roaming\ssdp_21352594.exe
- C:\Users\Administrator\AppData\Roaming\ssdp_42902701.exe
- C:\Users\Administrator\AppData\Roaming\SSDPOpt\SSDPOptServer.exe
- Please provide the results from the scans in your next reply.
Download CKScanner by askey127 from here & save it to your Desktop.
Right-click and Run as Administrator CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
#15
Posted 24 April 2013 - 11:15 AM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users