Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Skype and email username/password hijacked


  • This topic is locked This topic is locked
15 replies to this topic

#1 siobhain

siobhain

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 09 February 2014 - 08:31 AM

Dear BleepingComputer Technician:

 

My mother-in-law was here recently helping my family with the birth of our new child.  After three weeks of using our computer, she suddenly wasn't able to sign into Skype.  Her password had been changed.  Then as we tried to reset the password we discovered her email address had been deleted.  She had just accessed and used her email the day before.  Her information was definitely stolen and I feel it was probably logged while using our computer.  The reason is that prior to her arrival my wife and I have noticed many pop-ups, especially when using Google Chrome.  Since we are living in China and I tire of being unable to access several websites, I had attempted to download a VPN browser software that a friend was using, and it was free of spyware/malware.  But in my haste, I downloaded and installed the software from a location that I am sure had spyware/malware software attached..  so now, I beg, please, help!

 

We are using Windows XP SP3..

 

Thanks in advance!

 

DDS below

=========================================

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.21364
Run by Administrator at 21:06:02 on 2014-02-09
Microsoft Windows XP Professional  5.1.2600.3.936.86.1033.18.1917.824 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: 电脑管家系统防护 *Enabled/Updated* {9AAC524A-BF34-49b0-91D2-71838CBB8110}
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled*
.
============== Running Processes ================
.
\??\D:\AVG\avgrsx.exe
\??\D:\AVG\avgcsrvx.exe
d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCRtp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\AVG\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
D:\Program Files\Tencent\QQLive\QQLive.exe
D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCTray.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Tencent\QQPCMgr\Plugins\QQPCB1AndroidJmp\QQPMDaemon.exe
C:\Program Files\SogouInput\Components\SGImeGuard\1.0.0.21\SGImeGuard.exe
C:\Program Files\baidu\BaiduPlayer\3.7.0.19\BaiduPlayer.exe
D:\AVG\avgwdsvc.exe
C:\Program Files\SogouWallPaper\1.9.0.1408\SGWallPaper.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\QUALCOMM\QDLService\QDLService.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
D:\AVG\AVGIDSAgent.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
D:\AVG\avgnsx.exe
D:\AVG\avgemcx.exe
C:\Program Files\baidu\BaiduPlayer\3.7.0.19\BaiduMediaService.exe
C:\Program Files\baidu\BaiduPlayer\3.7.0.19\bpls.exe
C:\Program Files\baidu\BaiduPlayer\3.7.0.19\bdbtray.exe
C:\WINDOWS\System32\alg.exe
d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QMUsbGuard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Administrator\Desktop\fg\fg737p.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=C88A799ABDDD9C4CF966B9521FE6903B
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyServer = 127.0.0.1:8580
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\lavasoft\adaware securesearch toolbar\adawareDx.dll
mWinlogon: Userinit = c:\windows\system32\userinit.exe
BHO: QQDownload IE Left Helper: {00000000-12C9-4305-82F9-43058F20E8D2} - d:\program files\tencent\qqdownload\QQIEHelper01.dll
BHO: {2D0F71DA-7E32-A6B7-B962-2C776D30B74B} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - d:\avg\avgssie.dll
BHO: {3E0A4BFB-F10A-5275-7F04-F5FFD51E7346} - <orphaned>
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\lavasoft\adaware securesearch toolbar\adawareDx.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.3.0.49\AVG Secure Search_toolbar.dll
BHO: IE 4.x-6.x BHO for Download Master: {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - d:\program files\download master\dmiehlp.dll
BHO: QMClinicBho Class: {F0BD17A0-E7F3-4EB6-839A-22B96137F10B} - d:\program files\tencent\qqpcmgr\8.7.10529.215\TSClinicWebListener.dll
TB: DM Bar: {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - d:\program files\download master\dmbar.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: DM Bar: {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - d:\program files\download master\dmbar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\17.3.0.49\AVG Secure Search_toolbar.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\lavasoft\adaware securesearch toolbar\adawareDx.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [QQPMDaemon] "d:\program files\tencent\qqpcmgr\plugins\qqpcb1androidjmp\QQPMDaemon.exe"
uRun: [ImeGuardCom] c:\program files\sogouinput\components\sgimeguard\1.0.0.21\SGImeGuard.exe
uRun: [Clownfish] <no file>
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AVG_TRAY] "d:\avg\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [qqlive] "d:\program files\tencent\qqlive\QQLive.exe" -system_startup
mRun: [ QQPCTray] "d:\program files\tencent\qqpcmgr\8.7.10529.215\QQPCTray.exe"  /regrun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:181
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Закачать ВСЕ при помощи Download Master - d:\program files\download master\dmieall.htm
IE: Закачать при помощи Download Master - d:\program files\download master\dmie.htm
IE: Передать на удаленную закачку DM - d:\program files\download master\remdown.htm
IE: 使用旋风下载(&X) - d:\program files\tencent\qqdownload\xfgeturl.htm
IE: 使用旋风下载全部链接(&Q) - d:\program files\tencent\qqdownload\xfgetAllurl.htm
IE: 使用旋风极速下载(会员特权)(&J) - d:\program files\tencent\qqdownload\xftopspeed.htm
IE: 保存到旋风空间(会员特权)(&K) - d:\program files\tencent\qqdownload\xfofflineonly.htm
IE: 添加为阿里旺旺表情 - d:\program files\aliwangwang\7.00.01c\AddNewEmotion.htm
IE: 襄疱溧螯 磬 箐嚯屙眢?玎赅麝?DM - d:\program files\download master\remdown.htm
IE: 青赅鬣螯 卵?镳?镱祛 Download Master - d:\program files\download master\dmieall.htm
IE: 青赅鬣螯 镳?镱祛 Download Master - d:\program files\download master\dmie.htm
IE: {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - d:\program files\download master\dmaster.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: Interfaces\{16B618D4-3424-4702-8107-5F1C5FD24B97} : NameServer = 202.96.69.38
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\avg\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.3.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\b6y4spir.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig|http://www.ighome.com/
FF - plugin: c:\documents and settings\administrator\application data\alipay\cf\npalicdo.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\baidu\baiduplayer\3.7.0.19\npxbdyy.dll
FF - plugin: c:\program files\baidu\baiduplayer\3.7.0.19\npxbdyyreg.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.3.0\npsitesafety.dll
FF - plugin: c:\program files\common files\tencent\npqscall\npqscall.dll
FF - plugin: c:\program files\common files\tencent\qqphonemanager\1.0.301.1305\npQQPhoneManagerExt.dll
FF - plugin: c:\program files\common files\tencent\qqphonemanager\1.8.101.2154\npQQPhoneManagerExt.dll
FF - plugin: c:\program files\common files\tencent\txsso\1.2.2.18\bin\npSSOAxCtrlForPTLogin.dll
FF - plugin: c:\program files\common files\ttkn\bin\npcajax.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\downloaded program files\27363421\npxbdsetup.dll
FF - plugin: c:\windows\system32\aliedit\2.5.0.3\npaliedit.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll
FF - plugin: d:\program files\aliwangwang\8.00.07c\npAliSSOLogin.dll
FF - plugin: d:\program files\aliwangwang\8.00.07c\npwangwang.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\tencent\qqdownload\browser\760\npXFPlugin.dll
FF - plugin: d:\program files\tencent\qqlive\npQQLive.dll
FF - plugin: d:\program files\tencent\qqmusic\npQzoneMusic.dll
FF - plugin: d:\program files\tencent\qqpcmgr\8.7.10529.215\npQMExtensionsIE.dll
FF - plugin: d:\program files\tencent\qqpcmgr\8.7.10529.215\npQMExtensionsMozilla.dll
FF - plugin: d:\program files\videolan\vlc\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 31952]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-8-29 13560]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 302368]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-1-24 37664]
R1 QMIEProtect;QMIEProtect;d:\program files\tencent\qqpcmgr\8.7.10529.215\QMIEProtect.sys [2013-12-13 46776]
R1 QMUdisk;QMUdisk;d:\program files\tencent\qqpcmgr\8.7.10529.215\QMUdisk.sys [2013-12-13 18872]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2013-6-13 1236336]
R2 AVGIDSAgent;AVGIDSAgent;d:\avg\avgidsagent.exe [2013-10-16 5175856]
R2 avgwd;AVG WatchDog;d:\avg\avgwdsvc.exe [2011-8-2 193288]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2009-10-14 345336]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2011-6-5 117584]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2011-6-14 109568]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2011-8-15 22016]
RUnknown QQPCRTP;QQPCRTP; [x]
RUnknown QQSysMon;QQSysMon; [x]
S1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [2011-10-1 22528]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-6-14 1691480]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2011-8-15 22016]
S3 QMInject;QMInject;\??\d:\program files\tencent\qqpcmgr\7.6.8687.221\qminject.sys --> d:\program files\tencent\qqpcmgr\7.6.8687.221\QMInject.sys [?]
S4 ahcix86;ahcix86;c:\windows\system32\drivers\ahci8086.sys [2008-6-3 176136]
S4 iaStor5;Intel RAID Controller;c:\windows\system32\drivers\iastor5.sys [2008-1-23 874624]
S4 iaStor6;Intel AHCI Controller 6;c:\windows\system32\drivers\iastor6.sys [2008-1-23 250368]
S4 iaStor7;Intel AHCI Controller 7;c:\windows\system32\drivers\iastor7.sys [2008-1-23 308248]
S4 m5228;m5228;c:\windows\system32\drivers\m5228.sys [2008-1-23 45069]
S4 m5281;m5281;c:\windows\system32\drivers\m5281.sys [2008-1-23 51072]
S4 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2008-1-23 103680]
S4 m5288;m5288;c:\windows\system32\drivers\m5288.sys [2008-1-23 210304]
S4 m5289;m5289;c:\windows\system32\drivers\m5289.sys [2008-1-23 52480]
UnknownUnknown RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; [x]
UnknownUnknown SBAMSvc;SBAMSvc; [x]
UnknownUnknown sfdrv01a;sfdrv01a; [x]
UnknownUnknown SI3112r;SI3112r; [x]
UnknownUnknown SiSRaid4;SiSRaid4; [x]
UnknownUnknown SkypeUpdate;SkypeUpdate; [x]
UnknownUnknown TFsFlt;TFsFlt; [x]
UnknownUnknown TSCPM;TSCPM; [x]
UnknownUnknown TSDefenseBt;TSDefenseBt; [x]
UnknownUnknown TsFltMgr;TsFltMgr; [x]
UnknownUnknown TSKSP;TSKSP; [x]
UnknownUnknown TsQBDrv;TsQBDrv; [x]
UnknownUnknown TSSysKit;TSSysKit; [x]
UnknownUnknown vmscsi;vmscsi; [x]
UnknownUnknown vToolbarUpdater17.3.0;vToolbarUpdater17.3.0; [x]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\notepad.exe %1
FileExt: .chm: chm.file="hh.exe" %1
.
=============== Created Last 30 ================
.
2014-01-18 09:14:40    --------    d-----w-    c:\documents and settings\administrator\application data\Baidu
2014-01-18 09:14:31    --------    d-----w-    c:\program files\baidu
2014-01-18 09:14:24    --------    d-----w-    c:\documents and settings\all users\application data\Baidu
2014-01-18 09:14:24    --------    d-----w-    C:\baidu download
.
==================== Find3M  ====================
.
2014-02-05 07:16:23    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 07:16:23    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-12 22:09:53    62176    ----a-w-    c:\windows\system32\drivers\TSDefenseBt.sys
2013-12-12 22:09:53    153912    ----a-w-    c:\windows\system32\drivers\TFsFlt.sys
2013-12-12 22:09:53    107608    ----a-w-    c:\windows\system32\drivers\TsFltMgr.sys
2013-12-04 10:30:20    79672    ----a-w-    c:\windows\system32\drivers\TAOKernelXP.sys
2013-12-04 10:29:58    79160    ----a-w-    c:\windows\system32\drivers\TAOKernel.sys
2013-12-04 10:29:18    101688    ----a-w-    c:\windows\system32\drivers\TAOKernel64.sys
2013-12-01 10:24:35    0    ----a-w-    c:\windows\system32\nsf71A.tmp
2013-11-28 12:46:20    133224    ----a-w-    c:\windows\system32\SGWPShe32.dll
2013-11-27 20:21:06    40960    ----a-w-    c:\windows\system32\drivers\ndproxy.sys
2013-11-18 14:09:08    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-11-14 10:20:36    224824    ----a-w-    c:\windows\system32\MMInstaller.dll
2013-11-13 02:59:42    150528    ----a-w-    c:\windows\system32\imagehlp.dll
.
============= FINISH: 21:06:31.35 ===============
 

Attached Files


"What you do speaks so loudly that I cannot hear what you say" - Ralph Waldo Emerson

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:33 PM

Posted 13 February 2014 - 07:49 PM

Greetings siobhain and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 siobhain

siobhain
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 13 February 2014 - 08:43 PM

Hey Gary,

 

I am very appreciative of your help!  Some years ago I received help from a gentleman on this website from Bulgaria. He was very good at helping, and had a great personality!  You're welcome to call me Clinton, and you're welcome to ask any questions you want along the process of helping me recover control of this computer!  Here are the logs as asked..

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by Administrator (administrator) on PC-201106141535 on 14-02-2014 08:54:03
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode:

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) D:\AVG\avgrsx.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\avgcsrvx.exe
(Tencent) d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCRtp.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\avgtray.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Lavasoft) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\avgwdsvc.exe
() D:\Program Files\Tencent\QQLive\QQLive.exe
(Tencent) D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCTray.exe
() C:\WINDOWS\system32\PSIService.exe
(腾讯公司) D:\Program Files\Tencent\QQPCMgr\Plugins\QQPCB1AndroidJmp\QQPMDaemon.exe
(Sogou.com Inc.) C:\Program Files\SogouInput\Components\SGImeGuard\1.0.0.21\SGImeGuard.exe
(Lavasoft Limited) C:\Program Files\Ad-Aware Antivirus\AdAware.exe
(QUALCOMM, Inc.) C:\QUALCOMM\QDLService\QDLService.exe
() C:\Program Files\baidu\BaiduPlayer\3.7.0.19\BaiduPlayer.exe
(Sogou.com Inc.) C:\Program Files\SogouWallPaper\1.9.0.1408\SGWallPaper.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(GFI Software) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\AVGIDSAgent.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\avgnsx.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) D:\AVG\avgemcx.exe
(百度在线网线技术(北京)有限公司) C:\Program Files\baidu\BaiduPlayer\3.7.0.19\BaiduMediaService.exe
(Baidu Inc.) C:\Program Files\baidu\BaiduPlayer\3.7.0.19\bpls.exe
(Baidu.com, Inc.) C:\Program Files\baidu\BaiduPlayer\3.7.0.19\bdbtray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Nullsoft, Inc.) D:\Program Files\Winamp\winamp.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files\Mozilla Firefox\plugin-container.exe
(Dynamic Internet Technology, Inc.) C:\Documents and Settings\Administrator\Desktop\fg\fg737p.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVG_TRAY] - D:\AVG\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2552856 2014-02-04] ()
HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-16] (Lavasoft)
HKLM\...\Run: [Ad-Aware Antivirus] - "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM\...\Run: [qqlive] - d:\Program Files\Tencent\QQLive\QQLive.exe [88120 2013-11-14] ()
HKLM\...\Run: [ QQPCTray] - d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCTray.exe [1076920 2013-12-13] (Tencent)
HKU\S-1-5-21-602162358-839522115-1957994488-500\...\Run: [QQPMDaemon] - d:\Program Files\Tencent\QQPCMgr\Plugins\QQPCB1AndroidJmp\QQPMDaemon.exe [48544 2012-11-01] (腾讯公司)
HKU\S-1-5-21-602162358-839522115-1957994488-500\...\Run: [ImeGuardCom] - C:\Program Files\SogouInput\Components\SGImeGuard\1.0.0.21\SGImeGuard.exe [372856 2014-01-19] (Sogou.com Inc.)
HKU\S-1-5-21-602162358-839522115-1957994488-500\...\Run: [Clownfish] - [X]
HKU\S-1-5-21-602162358-839522115-1957994488-500\...\Run: [搜狗壁纸] - C:\Documents and Settings\Administrator\Application Data\SogouWP\Boot\SgWpPC007.exe [52328 2013-11-28] (Sogou.com Inc.)
HKU\S-1-5-21-602162358-839522115-1957994488-500\...\Run: [QQDownload] - d:\Program Files\Tencent\QQDownload\QQDownload.exe [4394552 2014-01-21] (Tencent Technology (Shenzhen) Company Limited)
HKU\S-1-5-21-602162358-839522115-1957994488-500\...\Run: [BaiduMEDIA] - C:\Program Files\baidu\BaiduPlayer\3.7.0.19\BaiduPlayer.exe [827984 2014-01-23] ()
HKU\S-1-5-21-602162358-839522115-1957994488-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: 127.0.0.1:8580
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=C88A799ABDDD9C4CF966B9521FE6903B
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
SearchScopes: HKLM - DefaultScope {ED7959C5-1B1D-4A42-8C9D-75D76890D4C6} URL = http://www.baidu.com/baidu?cl=3&tn=lqowen_5_pg&word={searchTerms}&ie={inputEncoding}
SearchScopes: HKLM - {ED7959C5-1B1D-4A42-8C9D-75D76890D4C6} URL = http://www.baidu.com/baidu?cl=3&tn=lqowen_5_pg&word={searchTerms}&ie={inputEncoding}
SearchScopes: HKCU - {24588FA4-10F1-41D7-B19D-6E22361E47FA} URL = http://www.baidu.com/s?wd={searchTerms}&tn=site888_1_pg&cl=3&ie=utf-8
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={DC7F63C0-F725-408C-B824-2F9ED412A93F}&mid=6c1fa228d13747d196c8c1319423fd27-06050e277f64d1ccca6d2151ed49f9cb1323dc9e&lang=en&ds=AVG&pr=fr&d=2013-01-24 10:15:09&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: QQDownload IE Left Helper - {00000000-12C9-4305-82F9-43058F20E8D2} - D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll (Tencent Technology (Shenzhen) Company Limited)
BHO: No Name - {2D0F71DA-7E32-A6B7-B962-2C776D30B74B} -  No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\AVG\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: No Name - {3E0A4BFB-F10A-5275-7F04-F5FFD51E7346} -  No File
BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: IE 4.x-6.x BHO for Download Master - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - D:\Program Files\Download Master\dmiehlp.dll (WestByte)
BHO: QMClinicBho Class - {F0BD17A0-E7F3-4EB6-839A-22B96137F10B} - d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\TSClinicWebListener.dll (TODO: <Company name>)
Toolbar: HKLM - DM Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - D:\Program Files\Download Master\dmbar.dll (WestByte Software)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - DM Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - D:\Program Files\Download Master\dmbar.dll (WestByte Software)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\AVG\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{16B618D4-3424-4702-8107-5F1C5FD24B97}: [NameServer]202.96.69.38

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b6y4spir.default
FF Homepage: hxxp://www.google.ca/ig|hxxp://www.ighome.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @alibaba.com/npwangwang;version=1.0 - D:\Program Files\AliWangWang\npwangwang.dll No File
FF Plugin: @alipay.com/npaliedit - C:\WINDOWS\system32\aliedit\2.5.0.3\npaliedit.dll (Alipay.com co.,ltd)
FF Plugin: @Apple.com/iTunes,version=1.0 - D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @baidu.com/npxbdsetup - C:\WINDOWS\Downloaded Program Files\27363421\npxbdsetup.dll ()
FF Plugin: @baidu.com/npxbdyy - C:\Program Files\baidu\BaiduPlayer\3.7.0.19\npxbdyy.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @qq.com/npAndroidAssistant - C:\Program Files\Common Files\Tencent\QQPhoneManager\\1.8.101.2154\npQQPhoneManagerExt.dll (腾讯公司)
FF Plugin: @qq.com/npQQPhoneManager - C:\Program Files\Common Files\Tencent\QQPhoneManager\1.0.301.1305\npQQPhoneManagerExt.dll (腾讯公司)
FF Plugin: @qq.com/npqscall - C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF Plugin: @qq.com/npqscall,version=1.0.0 - %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll No File
FF Plugin: @qq.com/QQDownloadPlugin - D:\Program Files\Tencent\QQDownload\Browser\760\npXFPlugin.dll (Tencent Technology (Shenzhen) Company Limited)
FF Plugin: @qq.com/QQlive - d:\Program Files\Tencent\QQLive\npQQLive.dll (Tencent)
FF Plugin: @qq.com/QQPCMgr - d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\npQMExtensionsMozilla.dll (Tencent Technology (Shenzhen) Company Limited)
FF Plugin: @qq.com/QzoneMusic - d:\Program Files\Tencent\QQMusic\npQzoneMusic.dll (Tencent)
FF Plugin: @qq.com/TXSSO - C:\Program Files\Common Files\Tencent\TXSSO\1.2.2.18\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @videolan.org/vlc,version=2.0.7 - D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: CAJAX - C:\Program Files\Common Files\TTKN\Bin\npcajax.dll (Tongfang Knowledge Network Technology Co., Ltd (Beijing))
FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - D:\Program Files\AliWangWang\8.00.07C\npAliSSOLogin.dll (ÌÔ±¦£¨Öйú£©Èí¼þÓÐÏÞ¹«Ë¾)
FF Plugin HKCU: @alibaba.com/npwangwang;version=1.0 - D:\Program Files\AliWangWang\8.00.07C\npwangwang.dll ( )
FF Plugin HKCU: @alipay.com/npalicert - C:\Documents and Settings\Administrator\Application Data\alipay\cf\npalicdo.dll (alipay.com)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b6y4spir.default\searchplugins\ecosia.xml
FF Extension: SearchNewTab - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b6y4spir.default\Extensions\envftrvs@eojcb.org [2013-11-02]
FF Extension: Dooownload keeper - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b6y4spir.default\Extensions\zieyoi@jch-ehd.org [2013-11-02]
FF Extension: Ad-Aware Security Add-on - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b6y4spir.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2013-08-30]
FF Extension: Ecosia - The search engine that plants trees - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b6y4spir.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2013-09-13]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - D:\AVG\Firefox4\
FF Extension: AVG Safe Search - D:\AVG\Firefox4\ []
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.3.0.49
FF Extension: AVG Security Toolbar - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.3.0.49 [2014-01-13]
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-04-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=C88A799ABDDD9C4CF966B9521FE6903B
CHR RestoreOnStartup: "hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=C88A799ABDDD9C4CF966B9521FE6903B"
CHR DefaultSearchKeyword: securesearch
CHR DefaultSearchProvider: SecureSearch
CHR DefaultSearchURL: http://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_4&hsimp=yhs-lavasoft&ent=ch&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - D:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - D:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (Winamp Application Detector) - D:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (npalicdo plugin) - C:\Documents and Settings\Administrator\Application Data\alipay\cf\npalicdo.dll (alipay.com)
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (CNKI CAJAX Plugin) - C:\Program Files\Common Files\TTKN\Bin\npcajax.dll (Tongfang Knowledge Network Technology Co., Ltd (Beijing))
CHR Plugin: (腾讯手机管家 for Android) - C:\Program Files\Common Files\Tencent\QQPhoneManager\1.0.301.1305\npQQPhoneManagerExt.dll (腾讯公司)
CHR Plugin: (NPTXSSO Dynamic Link Library) - C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.37\Bin\npSSOAxCtrlForPTLogin.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Alipay security control) - C:\WINDOWS\system32\aliedit\2.5.0.3\npaliedit.dll (Alipay.com co.,ltd)
CHR Plugin: (AliSSOLogin plugin) - D:\Program Files\AliWangWang\7.21.02C\npAliSSOLogin.dll No File
CHR Plugin: (AliWangWang Plug-In For Firefox and Netscape) - D:\Program Files\AliWangWang\7.21.02C\npwangwang.dll No File
CHR Plugin: (VLC Web Plugin) - D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (QQMusic) - d:\Program Files\Tencent\QQMusic\npQzoneMusic.dll (Tencent)
CHR Plugin: (QQPCMgr Detector) - d:\Program Files\Tencent\QQPCMgr\7.6.8687.221\npQMExtensionsMozilla.dll No File
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-14]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-14]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-14]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-14]
CHR Extension: (Download Master) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehfanjejklfmnldbbclpocdbceaeemkn [2013-07-14]
CHR Extension: (SearchNewTab) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejggjndlakdjhgdepkplkolggljahbgi [2013-11-02]
CHR Extension: (RealDownloader) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-14]
CHR Extension: (Dooownload keeper) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lgbnobcciceeknbkjamlphdelekociba [2013-11-02]
CHR Extension: (AVG Security Toolbar) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-07-14]
CHR Extension: (QQDownload) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nobfdmmammchijbkljbjkalkjjbhcgdp [2013-12-04]
CHR Extension: (Lavasoft NewTab) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-08-30]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-14]
CHR HKLM\...\Chrome\Extension: [ehfanjejklfmnldbbclpocdbceaeemkn] - D:\Program Files\Download Master\dm_chrome.crx [2012-02-24]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - D:\AVG\Chrome\safesearch.crx [2012-07-26]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-01-13]
CHR HKLM\...\Chrome\Extension: [nobfdmmammchijbkljbjkalkjjbhcgdp] - d:\Program Files\Tencent\QQDownload\Browser\Chrome\QQDownload_Chrome_Extension.crx [2013-11-15]
CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-08-09]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-06-13] (Lavasoft Limited)
R2 AVGIDSAgent; D:\AVG\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; D:\AVG\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] ()
R2 QDLService; C:\QUALCOMM\QDLService\QDLService.exe [345336 2009-10-14] (QUALCOMM, Inc.)
R2 QQPCRTP; d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCRtp.exe [829088 2013-12-13] (Tencent)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 SBAMSvc; C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
R2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-13] (AVG Secure Search)
S2 srservice; %SystemRoot%\system32\srsvc.dll [X]

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
S4 ahcix86; C:\WINDOWS\system32\DRIVERS\ahci8086.sys [176136 2008-03-08] (AMD Technologies Inc.)
S1 aiptektp; C:\WINDOWS\System32\DRIVERS\aiptektp.sys [22528 2006-06-06] (WALTOP International Corp.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R3 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\WINDOWS\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-18] (AVG Technologies)
R3 BazisVirtualCDBus; C:\WINDOWS\System32\DRIVERS\BazisVirtualCDBus.sys [117584 2011-08-09] (SysProgs.org)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [12160 2008-04-14] (Microsoft Corporation)
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-08-29] (GFI Software)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2008-04-13] (Intel® Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2008-04-13] (Intel® Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2008-04-13] (Intel® Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2008-04-13] (Intel® Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2008-04-13] (Intel® Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2008-04-13] (Intel® Corporation)
S3 iAimFP5; C:\WINDOWS\System32\DRIVERS\wADV07nt.sys [11807 2008-04-13] (Intel® Corporation)
S3 iAimFP6; C:\WINDOWS\System32\DRIVERS\wADV08nt.sys [11295 2008-04-13] (Intel® Corporation)
S3 iAimFP7; C:\WINDOWS\System32\DRIVERS\wADV09nt.sys [11871 2008-04-13] (Intel® Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2008-04-13] (Intel® Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2008-04-13] (Intel® Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2008-04-13] (Intel® Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2008-04-13] (Intel® Corporation)
S3 iAimTV5; C:\WINDOWS\System32\DRIVERS\wATV10nt.sys [25471 2008-04-13] (Intel® Corporation)
S3 iAimTV6; C:\WINDOWS\System32\DRIVERS\wATV06nt.sys [22271 2008-04-13] (Intel® Corporation)
S4 iaStor5; C:\WINDOWS\system32\drivers\iastor5.sys [874624 2006-09-07] (Intel Corporation)
S4 iaStor6; C:\WINDOWS\system32\drivers\iastor6.sys [250368 2006-10-31] (Intel Corporation)
S4 iaStor7; C:\WINDOWS\system32\drivers\iastor7.sys [308248 2007-09-29] (Intel Corporation)
S4 JRAID; C:\WINDOWS\system32\DRIVERS\jraid.sys [77200 2008-05-08] (JMicron Technology Corp.)
S4 m5228; C:\WINDOWS\system32\DRIVERS\m5228.sys [45069 2004-09-14] (ALi Corporation.)
S4 m5281; C:\WINDOWS\system32\DRIVERS\m5281.sys [51072 2005-03-07] (ALi Corporation)
S4 m5287; C:\WINDOWS\system32\DRIVERS\m5287.sys [103680 2005-09-23] (ULi Electronics Inc.)
S4 m5288; C:\WINDOWS\system32\DRIVERS\m5288.sys [210304 2005-12-23] (ULi Electronics Inc.)
S4 m5289; C:\WINDOWS\system32\DRIVERS\m5289.sys [52480 2005-07-04] (ULi Electronics Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 Ndisrd; C:\WINDOWS\System32\DRIVERS\ndisrd.sys [22016 2011-08-15] (NT Kernel Resources)
R3 NdisrdMP; C:\WINDOWS\System32\DRIVERS\ndisrd.sys [22016 2011-08-15] (NT Kernel Resources)
S4 nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [100736 2007-10-27] (NVIDIA Corporation)
S4 nvgts; C:\WINDOWS\system32\DRIVERS\nvgts.sys [132096 2008-01-25] (NVIDIA Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-14] (Microsoft Corporation)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2012-05-09] (Padus, Inc.)
R1 QMIEProtect; d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QMIEProtect.sys [46776 2013-12-13] ()
R1 QMUdisk; d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QMUdisk.sys [18872 2013-12-13] (Tencent)
S1 QQPCHelper; d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCHelper.sys [22360 2013-12-13] (Tencent)
R2 QQSysMon; d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQSysMon.sys [104248 2013-12-13] (电脑管家)
R0 sfdrv01a; C:\WINDOWS\System32\drivers\sfdrv01a.sys [63352 2006-07-05] (Protection Technology (StarForce))
R0 sfsync04; C:\WINDOWS\System32\drivers\sfsync04.sys [59776 2006-08-11] (Protection Technology (StarForce))
S4 SI3112r; C:\WINDOWS\system32\DRIVERS\SI3112r.sys [102528 2006-08-08] (Silicon Image, Inc)
S4 SiFilter; C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys [10368 2006-08-08] (Silicon Image, Inc.)
S4 SiSRaid; C:\WINDOWS\system32\DRIVERS\SiSRaid.sys [48128 2005-05-06] (Silicon Integrated Systems)
R1 TFsFlt; C:\WINDOWS\System32\Drivers\TFsFlt.sys [153912 2013-12-13] (电脑管家)
R1 TSCPM; d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\tscpm.sys [43448 2013-12-13] (电脑管家)
R1 TSDefenseBt; C:\WINDOWS\System32\DRIVERS\TSDefenseBt.sys [62176 2013-12-13] (Tencent)
R0 TsFltMgr; C:\WINDOWS\System32\drivers\TsFltMgr.sys [107608 2013-12-13] (电脑管家)
R1 TSKSP; d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\TSKsp.sys [199032 2013-12-13] (电脑管家)
R2 TsQBDrv; C:\WINDOWS\system32\drivers\TsQBDrv.sys [58136 2013-11-01] (Tencent Inc.)
R1 TSSysKit; d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\TSSysKit.sys [100280 2013-12-13] (电脑管家)
S0 viamraid; C:\WINDOWS\System32\DRIVERS\viamraid.sys [117248 2008-01-22] (VIA Technologies inc,.ltd)
S4 vmscsi; C:\WINDOWS\system32\DRIVERS\vmscsi.sys [17968 2007-05-02] (VMware, Inc.)
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
S3 QMInject; \??\d:\Program Files\Tencent\QQPCMgr\7.6.8687.221\QMInject.sys [X]
S0 sr; system32\DRIVERS\sr.sys [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-14 08:53 - 2014-02-14 08:54 - 00000000 ____D () C:\FRST
2014-02-12 09:01 - 2014-02-12 09:02 - 00076447 _____ () C:\WINDOWS\KB2909921-IE7.log
2014-02-12 08:57 - 2014-02-12 08:57 - 00006300 _____ () C:\WINDOWS\KB2916036.log
2014-02-12 08:57 - 2014-02-12 08:57 - 00004550 _____ () C:\WINDOWS\KB2909212.log
2014-02-12 08:57 - 2014-02-12 08:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 08:57 - 2014-02-12 08:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2909212$
2014-02-09 21:06 - 2014-02-09 21:28 - 00019353 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-02-09 21:06 - 2014-02-09 21:28 - 00016889 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2014-02-09 15:48 - 2014-02-09 19:53 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\idei dlia tvorchestva s detmi
2014-02-04 11:30 - 2014-02-04 11:31 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\photo
2014-01-31 18:44 - 2014-01-31 19:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\2013.10_Darren chaoyang
2014-01-31 09:43 - 2014-01-31 09:43 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\programmi
2014-01-31 09:42 - 2014-01-31 09:43 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\documenti
2014-01-26 17:16 - 2014-01-26 17:16 - 00000911 _____ () C:\Documents and Settings\All Users\Desktop\BaiduPlayer.lnk
2014-01-26 17:16 - 2014-01-26 17:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\BaiduPlayer
2014-01-26 17:15 - 2014-01-26 17:15 - 00000305 _____ () C:\WINDOWS\system32\bdsecushr.dat
2014-01-22 16:43 - 2014-01-31 09:39 - 00026456 _____ () C:\WINDOWS\DPINST.LOG
2014-01-22 16:43 - 2014-01-22 16:43 - 00000000 ____D () C:\Program Files\DIFX
2014-01-19 14:35 - 2014-02-13 20:19 - 00001042 _____ () C:\Documents and Settings\Administrator\Application Data\coreavc.ini
2014-01-18 17:14 - 2014-01-18 17:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Baidu
2014-01-18 17:14 - 2014-01-18 17:14 - 00000000 ____D () C:\Program Files\baidu
2014-01-18 17:14 - 2014-01-18 17:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Baidu
2014-01-18 17:14 - 2014-01-18 17:14 - 00000000 ____D () C:\baidu download
2014-01-15 09:25 - 2014-01-15 09:25 - 00007869 _____ () C:\WINDOWS\KB2914368.log
2014-01-15 09:25 - 2014-01-15 09:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$

==================== One Month Modified Files and Folders =======

2014-02-14 08:54 - 2014-02-14 08:53 - 00000000 ____D () C:\FRST
2014-02-14 08:39 - 2011-06-14 15:59 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Skype
2014-02-14 08:38 - 2011-06-14 15:59 - 00002255 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-02-14 08:38 - 2009-09-19 21:44 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-02-14 08:38 - 2009-09-19 21:44 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-02-14 08:37 - 2013-12-13 06:10 - 00000920 _____ () C:\Documents and Settings\All Users\Desktop\软件管理.lnk
2014-02-14 08:36 - 2011-06-14 15:39 - 01584937 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-14 08:34 - 2013-12-03 10:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SogouWP
2014-02-14 08:34 - 2013-08-30 08:29 - 00001615 _____ () C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
2014-02-14 08:34 - 2013-04-22 12:38 - 00000294 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-602162358-839522115-1957994488-500.job
2014-02-14 08:34 - 2011-06-14 15:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SogouPY
2014-02-14 08:34 - 2008-04-14 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-02-14 08:33 - 2013-04-22 12:52 - 00000316 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-602162358-839522115-1957994488-500.job
2014-02-14 08:33 - 2008-11-24 19:34 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-14 00:35 - 2013-07-21 12:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-14 00:35 - 2008-11-24 19:34 - 00032534 _____ () C:\WINDOWS\SchedLgU.Txt
2014-02-14 00:31 - 2008-11-24 20:01 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-14 00:31 - 2008-11-24 19:35 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-02-14 00:31 - 2008-11-24 19:35 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-02-14 00:15 - 2014-01-13 08:52 - 00000536 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-13 23:36 - 2011-06-14 16:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\uTorrent
2014-02-13 22:33 - 2008-11-25 20:12 - 00179712 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-13 20:19 - 2014-01-19 14:35 - 00001042 _____ () C:\Documents and Settings\Administrator\Application Data\coreavc.ini
2014-02-13 11:47 - 2013-01-06 18:04 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2014-02-13 11:37 - 2013-04-22 12:52 - 00000324 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-602162358-839522115-1957994488-500.job
2014-02-13 10:00 - 2011-09-15 07:56 - 00000000 ____D () C:\WINDOWS\system32\Drivers\AVG
2014-02-12 09:14 - 2013-10-21 03:01 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-02-12 09:09 - 2008-11-24 19:13 - 00488808 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-12 09:02 - 2014-02-12 09:01 - 00076447 _____ () C:\WINDOWS\KB2909921-IE7.log
2014-02-12 09:02 - 2011-07-01 03:00 - 01450113 _____ () C:\WINDOWS\FaxSetup.log
2014-02-12 09:02 - 2011-07-01 03:00 - 00699972 _____ () C:\WINDOWS\ocgen.log
2014-02-12 09:02 - 2011-07-01 03:00 - 00478607 _____ () C:\WINDOWS\comsetup.log
2014-02-12 09:02 - 2011-07-01 03:00 - 00441110 _____ () C:\WINDOWS\msmqinst.log
2014-02-12 09:02 - 2011-07-01 03:00 - 00291384 _____ () C:\WINDOWS\ntdtcsetup.log
2014-02-12 09:02 - 2011-07-01 03:00 - 00254207 _____ () C:\WINDOWS\netfxocm.log
2014-02-12 09:02 - 2011-07-01 03:00 - 00160689 _____ () C:\WINDOWS\updspapi.log
2014-02-12 09:02 - 2011-07-01 03:00 - 00100086 _____ () C:\WINDOWS\MedCtrOC.log
2014-02-12 09:02 - 2011-07-01 03:00 - 00080431 _____ () C:\WINDOWS\ocmsn.log
2014-02-12 09:02 - 2011-07-01 03:00 - 00072774 _____ () C:\WINDOWS\tabletoc.log
2014-02-12 09:02 - 2011-07-01 03:00 - 00071336 _____ () C:\WINDOWS\msgsocm.log
2014-02-12 09:02 - 2011-07-01 03:00 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-02-12 09:02 - 2011-06-14 15:37 - 01564940 _____ () C:\WINDOWS\iis6.log
2014-02-12 09:02 - 2011-06-14 15:37 - 00665188 _____ () C:\WINDOWS\tsoc.log
2014-02-12 09:01 - 2011-07-01 03:04 - 00000000 ____D () C:\WINDOWS\ie7updates
2014-02-12 08:57 - 2014-02-12 08:57 - 00006300 _____ () C:\WINDOWS\KB2916036.log
2014-02-12 08:57 - 2014-02-12 08:57 - 00004550 _____ () C:\WINDOWS\KB2909212.log
2014-02-12 08:57 - 2014-02-12 08:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-02-12 08:57 - 2014-02-12 08:57 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2909212$
2014-02-12 08:57 - 2011-07-01 03:00 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-02-12 08:41 - 2013-10-22 21:19 - 00000058 _____ () C:\Documents and Settings\All Users\Application Data\Update.ini
2014-02-11 21:06 - 2013-09-14 10:44 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-02-09 21:28 - 2014-02-09 21:06 - 00019353 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt
2014-02-09 21:28 - 2014-02-09 21:06 - 00016889 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt
2014-02-09 19:53 - 2014-02-09 15:48 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\idei dlia tvorchestva s detmi
2014-02-09 19:44 - 2011-07-03 15:06 - 02126848 ___SH () C:\Documents and Settings\Administrator\My Documents\Thumbs.db
2014-02-09 12:00 - 2013-08-30 08:30 - 00000960 _____ () C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2014-02-09 08:01 - 2013-04-22 12:37 - 00000302 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-602162358-839522115-1957994488-500.job
2014-02-08 15:27 - 2012-04-17 17:23 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\SimCity 4
2014-02-07 19:47 - 2013-10-13 11:04 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\china
2014-02-07 12:05 - 2013-01-25 20:50 - 00003259 ____H () C:\Documents and Settings\Administrator\My Documents\fssort.ini
2014-02-06 13:38 - 2012-05-08 03:19 - 00726352 _____ () C:\WINDOWS\setupapi.log
2014-02-06 12:52 - 2013-04-22 12:52 - 00000342 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-602162358-839522115-1957994488-500.job
2014-02-06 10:49 - 2011-06-30 19:46 - 00766976 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-06 10:49 - 2011-04-25 23:51 - 01172992 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-06 10:49 - 2011-04-25 23:51 - 00841216 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-06 10:49 - 2011-04-25 23:51 - 00233472 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\webcheck.dll
2014-02-06 10:49 - 2011-04-25 23:51 - 00106496 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-06 10:49 - 2011-04-25 23:51 - 00102912 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-06 10:49 - 2011-04-25 23:51 - 00044544 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\pngfilt.dll
2014-02-06 10:49 - 2008-04-14 12:00 - 01172992 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-06 10:49 - 2008-04-14 12:00 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-06 10:49 - 2008-04-14 12:00 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-02-06 10:49 - 2008-04-14 12:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-06 10:49 - 2008-04-14 12:00 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-06 10:49 - 2008-04-14 12:00 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-02-06 10:48 - 2011-04-25 23:51 - 06108672 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-06 10:48 - 2011-04-25 23:51 - 03627520 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-06 10:48 - 2011-04-25 23:51 - 00671232 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-06 10:48 - 2011-04-25 23:51 - 00496128 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-06 10:48 - 2011-04-25 23:51 - 00480768 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-06 10:48 - 2011-04-25 23:51 - 00268288 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-06 10:48 - 2011-04-25 23:51 - 00193024 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msrating.dll
2014-02-06 10:48 - 2011-04-25 23:51 - 00193024 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-06 10:48 - 2011-04-25 23:51 - 00052224 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-06 10:48 - 2011-04-25 23:51 - 00044544 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iernonce.dll
2014-02-06 10:48 - 2011-04-25 23:51 - 00028160 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-06 10:48 - 2008-04-14 12:00 - 03627520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-06 10:48 - 2008-04-14 12:00 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-06 10:48 - 2008-04-14 12:00 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-06 10:48 - 2008-04-14 12:00 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-06 10:48 - 2008-04-14 12:00 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-06 10:48 - 2008-04-14 12:00 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-06 10:48 - 2008-04-14 12:00 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-06 10:48 - 2007-08-13 18:54 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-06 10:48 - 2007-08-13 18:54 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-06 10:48 - 2007-08-13 18:54 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-06 10:48 - 2007-08-13 18:34 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-06 10:47 - 2011-04-25 23:51 - 00388608 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-06 10:47 - 2011-04-25 23:51 - 00380928 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieapfltr.dll
2014-02-06 10:47 - 2011-04-25 23:51 - 00347136 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dxtmsft.dll
2014-02-06 10:47 - 2011-04-25 23:51 - 00230400 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieaksie.dll
2014-02-06 10:47 - 2011-04-25 23:51 - 00214528 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dxtrans.dll
2014-02-06 10:47 - 2011-04-25 23:51 - 00153088 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieakeng.dll
2014-02-06 10:47 - 2011-04-25 23:51 - 00132608 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\extmgr.dll
2014-02-06 10:47 - 2011-04-25 23:51 - 00124928 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\advpack.dll
2014-02-06 10:47 - 2011-04-25 23:51 - 00078336 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieencode.dll
2014-02-06 10:47 - 2011-04-25 23:51 - 00063488 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\icardie.dll
2014-02-06 10:47 - 2011-04-25 23:51 - 00017408 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-06 10:47 - 2008-04-14 12:00 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-06 10:47 - 2008-04-14 12:00 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-02-06 10:47 - 2008-04-14 12:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieaksie.dll
2014-02-06 10:47 - 2008-04-14 12:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-02-06 10:47 - 2008-04-14 12:00 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieakeng.dll
2014-02-06 10:47 - 2008-04-14 12:00 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\extmgr.dll
2014-02-06 10:47 - 2008-04-14 12:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\advpack.dll
2014-02-06 10:47 - 2008-04-14 12:00 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieencode.dll
2014-02-06 10:47 - 2008-04-14 12:00 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-06 10:47 - 2007-08-13 18:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\icardie.dll
2014-02-06 10:47 - 2007-07-11 12:27 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-06 09:47 - 2011-04-25 20:00 - 00070656 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-06 09:47 - 2011-04-25 20:00 - 00013824 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieudinit.exe
2014-02-06 09:47 - 2008-04-14 12:00 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 09:47 - 2007-08-13 18:39 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieudinit.exe
2014-02-06 09:43 - 2011-04-21 18:58 - 00643312 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iexplore.exe
2014-02-06 09:41 - 2011-04-21 18:56 - 00161792 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieakui.dll
2014-02-06 09:41 - 2008-04-14 12:00 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieakui.dll
2014-02-06 08:18 - 2011-04-25 23:51 - 01830912 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-06 08:18 - 2008-04-14 12:00 - 01830912 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 15:16 - 2013-04-15 16:31 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-05 15:16 - 2011-06-16 16:20 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-02-05 14:40 - 2013-09-10 12:28 - 00002179 _____ () C:\Documents and Settings\All Users\Desktop\Angry Birds Seasons.lnk
2014-02-05 14:01 - 2011-06-30 13:45 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\study
2014-02-05 09:56 - 2013-01-24 10:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Secure Search
2014-02-04 19:19 - 2013-01-24 10:15 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-02-04 11:31 - 2014-02-04 11:30 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\photo
2014-02-04 11:16 - 2012-05-19 06:43 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\katini iz neta
2014-02-01 14:37 - 2012-12-01 09:54 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\book
2014-01-31 19:14 - 2014-01-31 18:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\2013.10_Darren chaoyang
2014-01-31 14:39 - 2013-11-05 11:21 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\WWApk
2014-01-31 09:43 - 2014-01-31 09:43 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\programmi
2014-01-31 09:43 - 2014-01-31 09:42 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\documenti
2014-01-31 09:40 - 2011-08-09 16:21 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\腾讯游戏
2014-01-31 09:39 - 2014-01-22 16:43 - 00026456 _____ () C:\WINDOWS\DPINST.LOG
2014-01-31 09:39 - 2011-06-15 19:10 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-01-30 20:26 - 2011-06-21 18:38 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\dvdcss
2014-01-30 18:27 - 2013-12-04 10:56 - 00000688 _____ () C:\Documents and Settings\Administrator\Desktop\QQ旋风.lnk
2014-01-30 18:23 - 2011-06-14 15:45 - 00000000 ____D () C:\Documents and Settings\Administrator\Start Menu\Programs\腾讯软件
2014-01-30 09:03 - 2013-08-09 11:22 - 00000380 _____ () C:\WINDOWS\system32\client.log
2014-01-30 00:53 - 2013-07-27 09:13 - 00000392 _____ () C:\Documents and Settings\Administrator\client.log
2014-01-26 17:16 - 2014-01-26 17:16 - 00000911 _____ () C:\Documents and Settings\All Users\Desktop\BaiduPlayer.lnk
2014-01-26 17:16 - 2014-01-26 17:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\BaiduPlayer
2014-01-26 17:15 - 2014-01-26 17:15 - 00000305 _____ () C:\WINDOWS\system32\bdsecushr.dat
2014-01-22 16:43 - 2014-01-22 16:43 - 00000000 ____D () C:\Program Files\DIFX
2014-01-22 13:30 - 2011-11-16 17:06 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\цапля
2014-01-18 17:15 - 2014-01-18 17:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Baidu
2014-01-18 17:14 - 2014-01-18 17:14 - 00000000 ____D () C:\Program Files\baidu
2014-01-18 17:14 - 2014-01-18 17:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Baidu
2014-01-18 17:14 - 2014-01-18 17:14 - 00000000 ____D () C:\baidu download
2014-01-17 19:27 - 2011-06-14 15:36 - 00008534 _____ () C:\WINDOWS\setupact.log
2014-01-15 22:49 - 2011-09-04 13:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-01-15 11:32 - 2008-11-24 19:08 - 00000327 __RSH () C:\boot.ini
2014-01-15 09:25 - 2014-01-15 09:25 - 00007869 _____ () C:\WINDOWS\KB2914368.log
2014-01-15 09:25 - 2014-01-15 09:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$

Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\bzup0922.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HWSignature.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\PCMgr_Setup_87_10529_215.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sogou_pinyin_6.7.0.0747.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sogou_pinyin_6.8.0.1170_m_2.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sogou_wallpaper_19_2004.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sogou_wallpaper_guide_2004.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2008-04-14 12:00] - [2008-04-14 12:00] - 1033728 ____A (Microsoft Corporation)

C:\WINDOWS\system32\winlogon.exe
[2008-04-14 12:00] - [2008-04-14 12:00] - 0507904 ____A (Microsoft Corporation)

C:\WINDOWS\system32\svchost.exe
[2008-04-14 12:00] - [2008-04-14 12:00] - 0014336 ____A (Microsoft Corporation)

C:\WINDOWS\system32\services.exe
[2008-04-14 12:00] - [2009-02-06 19:11] - 0110592 ____A (Microsoft Corporation)

C:\WINDOWS\system32\User32.dll
[2008-04-14 12:00] - [2008-04-14 12:00] - 0578560 ____A (Microsoft Corporation)

C:\WINDOWS\system32\userinit.exe
[2008-04-14 12:00] - [2013-03-29 07:45] - 0026112 ____A (Microsoft Corporation)

C:\WINDOWS\system32\rpcss.dll
[2008-04-14 12:00] - [2009-02-09 20:10] - 0401408 ____A (Microsoft Corporation)

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-04-14 12:00] - [2008-04-14 12:00] - 0052352 ____A (Microsoft Corporation)


==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01
Ran by Administrator at 2014-02-14 08:54:55
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Boot Mode:
==========================================================


==================== Security Center ========================

AV: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: 电脑管家系统防护 (Disabled - Up to date) {9AAC524A-BF34-49b0-91D2-71838CBB8110}
AV: Lavasoft Ad-Aware (Disabled - Up to date) {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware (Disabled) {FF1CD5B7-1553-4625-A258-1775385CED33}

==================== Installed Programs ======================

??填徼朦睇?桡瘥?(翌朦觐 愉嚯屙桢) (Version: 1.0 - 澡痨?"1?)
µTorrent (HKCU Version: 3.3.1.30017 - BitTorrent Inc.)
Ad-Aware Antivirus (Version: 10.5.3.4405 - Lavasoft)
Ad-Aware Security Add-on (Version: 3.4.0.1 - Lavasoft)
Adobe AIR (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Audition CS5.5 (Version: 4.0 - Adobe Systems Incorporated)
Adobe Bridge 1.0 (Version: 001.000.004 - Adobe Systems)
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Common File Installer (Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Center 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Chinese Simplified (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Alipay Cert Component 2.0.0.1 (HKCU Version: 2.0.0.1 - Alipay.com Co., Ltd.)
Alipay security control 2.5.0.3 (Version: 2.5.0.3 - Alipay.com Co., Ltd.)
Amazon Kindle (Version:  - Amazon)
Angry Birds RePack (HKCU Version: 2.3.0.0 - KloneB@DGuY)
Angry Birds Seasons (Version: 1.0.0 - Rovio)
Angry Birds Seasons (Version: 3.3.0 - Rovio Entertainment Ltd.)
Angry Birds Space (Version: 1.4.1 - Rovio)
Angry Birds: Seasons RePack (HKCU Version: 3.0 - KloneB@DGuY)
Apple Application Support (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
AVG 2012 (Version: 12.0.3697 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden
AVG 2012 (Version: 2012.1.2247 - AVG Technologies)
Bad Piggies RePack (HKCU Version: 1.1 - KloneB@DGuY)
BaiduPlayer3.7.0.19 (Version: 3.7.0 - Baidu Online Network Technology (Beijing) Co., Ltd.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CAJViewer (Version: 7.2 - TTKN)
calibre (Version: 0.9.31 - Kovid Goyal)
Chinese Simplified Fonts Support For Adobe Reader X (Version: 10.0.0 - Adobe Systems Incorporated)
Clownfish for Skype (Version:  - )
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Painter X (Version:  - Corel Corporation)
Corel Painter X (Version: 10.00 - Corel Corporation) Hidden
Dooownload keeper (Version: 3.0.0.1547 - DuOwnlOad keepere)
Download Master version 5.12.4.1297 (Version: 5.12.4.1297 - WestByte)
ESET Online Scanner v3 (Version:  - )
FastStone Image Viewer 4.6 (Version: 4.6 - FastStone Soft)
Google Chrome (HKCU Version: 28.0.1500.95 - Google Inc.)
Google Talk (remove only) (Version:  - )
HiJackThis (Version: 1.0.0 - Trend Micro)
iTunes (Version: 10.6.0.40 - Apple Inc.)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Lite Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Russian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Ukrainian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Russian) 2007 (Version: 12.0.4518.1022 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (Russian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Russian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (Russian) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WinUsb 2.0 (Version:  - Microsoft Corporation)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSN (Version:  - )
Neat Image v6.0 Pro+ (Version:  - Neat Image team, ABSoft)
NWZ-B160 WALKMAN Guide (Version: 2.1.0.24141 - Sony Corporation)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Pidgin (Version: 2.10.7 - )
QQ旋风4.5 (Version: 4.5.760.400 - 腾讯科技(深圳)有限公司)
QQ浏览器7.4 (Version: 7.4.14019.400 - 腾讯科技(深圳)有限公司)
QQ音乐8.3 (Version: 8.3 - 腾讯科技(深圳)有限公司)
Qualcomm Gobi Driver Package (Version: 1.1.00 - QUALCOMM)
Qualcomm Gobi Images (Version: 1.0.28 - QUALCOMM)
QuickTime (Version: 7.72.80.56 - Apple Inc.)
RealDownloader (Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (Version: 5.10.0.6383 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SearchNewTab (Version: 2.1.0.1662 - SearchNewTab) <==== ATTENTION
SimCity 4 Deluxe (Version:  - )
SketchUp 8 (Version: 3.0.16846 - Trimble Navigation Limited)
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
ss helper 1.74 (Version:  - ) <==== ATTENTION
Tencent QQ (Version: 1.75.2871.0 - Tencent Technology (Shenzhen) Company Limited)
The Complete Guide to the TOEFL® Test V2 (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
USB Tablet Manager (Version:  - )
virtualPhotographer 1.5.6 (Version:  - optikVerve Labs)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
WinCDEmu (Version: 3.6 - Bazis)
WinDjView 1.0 (Version: 1.0 - Andrew Zhezherun)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
WinRAR 4.01 (32-bit) (Version: 4.01.0 - win.rar GmbH)
Zoodles (Version: 3.0.4 - Inquisitive Minds, Inc)
Zoodles (Version: 3.0.4 - Inquisitive Minds, Inc) Hidden
万能五笔内置版 (Version:  - 深圳世强电脑科技开发有限公司)
搜狗壁纸 1.9b正式版 (Version: 1.9.0.1408 - Sogou.com)
搜狗拼音输入法 6.7正式版 (Version: 6.7.0.0747 - Sogou.com)
电脑管家8.7 (Version: 8.7.10529.215 - 腾讯科技(深圳)有限公司)
系统补充驱动包 (Version:  - )
腾讯手机管家 1.8.2 for Android (Version: 1.8.2 - 腾讯公司)
腾讯视频 (Version: 8.53.7339.0 - 腾讯科技(深圳)有限公司)
金山快快打字通 2011 SP3 (Version: 1.0.2.0 - Kingsoft Corporation.)
箜蜩?篦栩 狍赈 (Version:  - Pipestudio)
阿里旺旺2011正式版 (Version:  - 阿里巴巴(中国)有限公司)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2008-04-14 12:00 - 2011-01-27 15:00 - 00001211 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Ad-Aware Antivirus Scheduled Scan.job => C:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-602162358-839522115-1957994488-500.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-602162358-839522115-1957994488-500.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-602162358-839522115-1957994488-500.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-602162358-839522115-1957994488-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-602162358-839522115-1957994488-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2013-12-13 06:09 - 2013-12-13 06:09 - 00482872 _____ () d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\sqlite.dll
2013-12-13 06:09 - 2013-12-13 06:09 - 00100376 _____ () d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\tinyxml.dll
2013-12-13 06:09 - 2013-12-13 06:09 - 00087896 _____ () d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\zlib.dll
2013-12-13 06:09 - 2013-12-13 06:09 - 00155192 _____ () d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQFileFlt.dll
2013-12-13 06:09 - 2013-12-13 06:09 - 00073272 _____ () d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
2013-12-13 06:09 - 2013-12-13 06:09 - 00052792 _____ () d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
2013-12-13 06:09 - 2013-12-13 06:09 - 00137048 _____ () d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\libexpatw.dll
2013-01-24 10:15 - 2014-02-04 19:19 - 02552856 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2014-01-13 20:04 - 2014-01-13 20:04 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2013-11-14 18:20 - 2013-11-14 18:20 - 00088120 _____ () D:\Program Files\Tencent\QQLive\QQLive.exe
2013-11-14 18:20 - 2013-11-14 18:20 - 01982008 _____ () D:\Program Files\Tencent\QQLive\Common.dll
2013-11-14 18:21 - 2013-11-14 18:21 - 00089656 _____ () D:\Program Files\Tencent\QQLive\zlib.dll
2013-11-14 18:21 - 2013-11-14 18:21 - 00138808 _____ () D:\Program Files\Tencent\QQLive\libexpatw.dll
2013-11-14 18:21 - 2013-11-14 18:21 - 00101944 _____ () D:\Program Files\Tencent\QQLive\tinyxml.dll
2013-11-14 18:20 - 2013-11-14 18:20 - 02305592 _____ () D:\Program Files\Tencent\QQLive\GF.dll
2013-11-14 18:21 - 2013-11-14 18:21 - 00130616 _____ () D:\Program Files\Tencent\QQLive\xGraphic32.dll
2013-11-14 18:20 - 2013-11-14 18:20 - 00343608 _____ () D:\Program Files\Tencent\QQLive\arkGraphic.dll
2013-11-14 18:20 - 2013-11-14 18:20 - 00059960 _____ () D:\Program Files\Tencent\QQLive\arkImage.dll
2013-11-14 18:21 - 2013-11-14 18:21 - 00175672 _____ () D:\Program Files\Tencent\QQLive\libpng.dll
2013-11-14 18:21 - 2013-11-14 18:21 - 00286264 _____ () D:\Program Files\Tencent\QQLive\libjpegturbo.dll
2013-11-14 18:20 - 2013-11-14 18:20 - 00015416 _____ () D:\Program Files\Tencent\QQLive\arkIOStub.dll
2013-11-14 18:21 - 2013-11-14 18:21 - 00155192 _____ () D:\Program Files\Tencent\QQLive\lua.dll
2013-11-14 18:21 - 2013-11-14 18:21 - 00192056 _____ () D:\Program Files\Tencent\QQLive\xImage.dll
2013-11-14 18:20 - 2013-11-14 18:20 - 00253496 _____ () D:\Program Files\Tencent\QQLive\LiveLog.DLL
2013-11-14 18:20 - 2013-11-14 18:20 - 00073272 _____ () D:\Program Files\Tencent\QQLive\HttpDownload.dll
2013-12-13 06:09 - 2013-12-13 06:09 - 00087896 _____ () D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\zlib.dll
2013-12-13 06:09 - 2013-12-13 06:09 - 00137048 _____ () D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\libexpatw.dll
2013-12-13 06:09 - 2013-12-13 06:09 - 00100376 _____ () D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\tinyxml.dll
2013-12-13 06:09 - 2013-12-13 06:09 - 00092184 _____ () D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\xGraphic32.dll
2013-12-13 06:09 - 2013-12-13 06:09 - 00342040 _____ () D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\arkGraphic.dll
2013-12-13 06:09 - 2013-12-13 06:09 - 00045592 _____ () D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\jgImage.dll
2013-12-13 06:09 - 2013-12-13 06:09 - 00157528 _____ () D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\libpng.dll
2013-12-13 06:09 - 2013-12-13 06:09 - 00284504 _____ () D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\libjpegturbo.dll
2013-12-13 06:09 - 2013-12-13 06:09 - 00013848 _____ () D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\jgIOStub.dll
2013-12-13 06:09 - 2013-12-13 06:09 - 00482872 _____ () D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\sqlite.dll
2013-12-13 06:09 - 2013-12-13 06:09 - 00261688 _____ () D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\plugins\StartupMgr\SoftMon.dll
2006-11-02 20:40 - 2006-11-02 20:40 - 00174656 _____ () C:\WINDOWS\system32\PSIService.exe
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-23 18:55 - 2014-01-23 18:55 - 00827984 _____ () C:\Program Files\baidu\BaiduPlayer\3.7.0.19\BaiduPlayer.exe
2014-01-23 18:55 - 2014-01-23 18:55 - 00581712 _____ () C:\Program Files\baidu\BaiduPlayer\3.7.0.19\lu.dll
2014-01-23 18:55 - 2014-01-23 18:55 - 01691216 _____ () C:\Program Files\baidu\BaiduPlayer\3.7.0.19\BDPlayerEx.dll
2008-04-14 12:00 - 2008-04-14 12:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 12:00 - 2008-04-14 12:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-03-06 02:21 - 2013-03-06 02:21 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-10-13 11:28 - 2014-02-03 11:44 - 00190752 _____ () C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
2013-10-13 11:28 - 2014-02-03 11:44 - 00178464 _____ () C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
2014-01-13 20:04 - 2014-01-13 20:04 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
2014-01-23 18:55 - 2014-01-23 18:55 - 00290384 _____ () C:\Program Files\baidu\BaiduPlayer\3.7.0.19\libupnp.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00417280 _____ () D:\Program Files\Winamp\nsutil.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00078848 _____ () D:\Program Files\Winamp\nde.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00023552 _____ () D:\Program Files\Winamp\System\albumart.w5s
2012-06-28 23:42 - 2013-01-17 12:02 - 00174080 _____ () D:\Program Files\Winamp\System\auth.w5s
2012-06-28 23:42 - 2013-01-17 12:02 - 00019456 _____ () D:\Program Files\Winamp\System\bmp.w5s
2012-06-28 23:42 - 2013-01-17 12:02 - 00064512 _____ () D:\Program Files\Winamp\zlib.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00044544 _____ () D:\Program Files\Winamp\System\devices.w5s
2012-06-28 23:42 - 2013-01-17 12:02 - 00016896 _____ () D:\Program Files\Winamp\System\dlmgr.w5s
2012-06-28 23:42 - 2013-01-17 12:02 - 00014336 _____ () D:\Program Files\Winamp\System\filereader.w5s
2012-06-28 23:42 - 2013-01-17 12:02 - 00019456 _____ () D:\Program Files\Winamp\System\gif.w5s
2012-06-28 23:42 - 2013-01-17 12:02 - 00016384 _____ () D:\Program Files\Winamp\System\gracenote.w5s
2012-06-28 23:42 - 2013-01-17 12:02 - 00623616 _____ () D:\Program Files\Winamp\System\jnetlib.w5s
2012-06-28 23:42 - 2013-01-17 12:02 - 00154624 _____ () D:\Program Files\Winamp\System\jpeg.w5s
2012-06-28 23:42 - 2013-01-17 12:02 - 00084480 _____ () D:\Program Files\Winamp\System\playlist.w5s
2012-06-28 23:42 - 2013-01-17 12:02 - 00087552 _____ () D:\Program Files\Winamp\System\png.w5s
2012-06-28 23:42 - 2013-01-17 12:02 - 00013824 _____ () D:\Program Files\Winamp\System\primo.w5s
2012-06-28 23:42 - 2013-01-17 12:02 - 00021504 _____ () D:\Program Files\Winamp\System\tagz.w5s
2012-06-28 23:42 - 2013-01-17 12:02 - 00035328 _____ () D:\Program Files\Winamp\System\timer.w5s
2012-06-28 23:42 - 2013-01-17 12:02 - 00091136 _____ () D:\Program Files\Winamp\System\xml.w5s
2012-06-28 23:42 - 2013-01-17 12:02 - 00068608 _____ () D:\Program Files\Winamp\Plugins\in_avi.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00102400 _____ () D:\Program Files\Winamp\Plugins\in_cdda.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00072192 _____ () D:\Program Files\Winamp\Plugins\in_dshow.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00061440 _____ () D:\Program Files\Winamp\Plugins\in_flac.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00043008 _____ () D:\Program Files\Winamp\Plugins\in_flv.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00007168 _____ () D:\Program Files\Winamp\Plugins\in_linein.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00109568 _____ () D:\Program Files\Winamp\Plugins\in_midi.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00049152 _____ () D:\Program Files\Winamp\Plugins\in_mkv.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00164864 _____ () D:\Program Files\Winamp\Plugins\in_mod.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00290816 _____ () D:\Program Files\Winamp\Plugins\in_mp3.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00052736 _____ () D:\Program Files\Winamp\Plugins\in_mp4.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00075264 _____ () D:\Program Files\Winamp\Plugins\in_nsv.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00023552 _____ () D:\Program Files\Winamp\Plugins\in_swf.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00253440 _____ () D:\Program Files\Winamp\Plugins\in_vorbis.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00016896 _____ () D:\Program Files\Winamp\Plugins\in_wave.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00253440 _____ () D:\Program Files\Winamp\libsndfile.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00313344 _____ () D:\Program Files\Winamp\Plugins\in_wm.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00022528 _____ () D:\Program Files\Winamp\Plugins\out_disk.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00052224 _____ () D:\Program Files\Winamp\Plugins\out_ds.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00018432 _____ () D:\Program Files\Winamp\Plugins\out_wave.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 01737728 _____ () D:\Program Files\Winamp\Plugins\gen_ff.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00083968 _____ () D:\Program Files\Winamp\tataki.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00340992 _____ () D:\Program Files\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2012-06-28 23:42 - 2013-01-17 12:02 - 00028160 _____ () D:\Program Files\Winamp\Plugins\gen_hotkeys.dll
2011-11-11 06:10 - 2013-01-17 12:02 - 00185344 _____ () D:\Program Files\Winamp\Plugins\gen_jumpex.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00318976 _____ () D:\Program Files\Winamp\Plugins\gen_ml.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00294912 _____ () D:\Program Files\Winamp\Plugins\ml_local.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00084480 _____ () D:\Program Files\Winamp\Plugins\ml_playlists.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00124928 _____ () D:\Program Files\Winamp\Plugins\ml_online.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00249856 _____ () D:\Program Files\Winamp\Plugins\ml_devices.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00201728 _____ () D:\Program Files\Winamp\Plugins\ml_disc.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00240640 _____ () D:\Program Files\Winamp\Plugins\ml_pmp.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00060928 _____ () D:\Program Files\Winamp\Plugins\pmp_android.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00170496 _____ () D:\Program Files\Winamp\Plugins\pmp_ipod.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00020480 _____ () D:\Program Files\Winamp\Plugins\pmp_njb.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00118272 _____ () D:\Program Files\Winamp\Plugins\pmp_p4s.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00053760 _____ () D:\Program Files\Winamp\Plugins\pmp_usb.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00113664 _____ () D:\Program Files\Winamp\Plugins\pmp_wifi.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00028672 _____ () D:\Program Files\Winamp\Plugins\ml_bookmarks.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00052224 _____ () D:\Program Files\Winamp\Plugins\ml_history.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00028672 _____ () D:\Program Files\Winamp\Plugins\ml_autotag.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00057344 _____ () D:\Program Files\Winamp\Plugins\ml_impex.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00083456 _____ () D:\Program Files\Winamp\Plugins\ml_plg.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00033792 _____ () D:\Program Files\Winamp\Plugins\ml_rg.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00032256 _____ () D:\Program Files\Winamp\Plugins\ml_transcode.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00057344 _____ () D:\Program Files\Winamp\Plugins\gen_orgler.dll
2012-06-28 23:42 - 2013-01-17 12:02 - 00025600 _____ () D:\Program Files\Winamp\Plugins\gen_tray.dll
2013-12-10 23:15 - 2013-12-10 23:15 - 03559024 _____ () D:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-05 15:16 - 2014-02-05 15:16 - 16287624 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "AlternateShell"="cmd.exe"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2014 08:54:31 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (02/11/2014 08:54:31 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (01/29/2014 10:01:34 PM) (Source: MsiInstaller) (User: PC-201106141535)
Description: Product: Adobe Reader XI (11.0.06) - Chinese Simplified - Update 'Adobe Reader XI (11.0.06)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (01/29/2014 10:01:27 PM) (Source: MsiInstaller) (User: PC-201106141535)
Description: 产品: Adobe Reader XI (11.0.06) - Chinese Simplified -- 错误 1406。无法将数值 Adobe ARM 写入键 \SOFTWARE\Microsoft\Windows\CurrentVersion\Run。 系统错误 。 请验证您对该键拥有足够的访问权限,或者与您的技术支持人员联系。

Error: (01/25/2014 08:47:08 PM) (Source: MsiInstaller) (User: PC-201106141535)
Description: Product: Adobe Reader XI (11.0.06) - Chinese Simplified - Update 'Adobe Reader XI (11.0.06)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (01/25/2014 08:46:59 PM) (Source: MsiInstaller) (User: PC-201106141535)
Description: 产品: Adobe Reader XI (11.0.06) - Chinese Simplified -- 错误 1406。无法将数值 Adobe ARM 写入键 \SOFTWARE\Microsoft\Windows\CurrentVersion\Run。 系统错误 。 请验证您对该键拥有足够的访问权限,或者与您的技术支持人员联系。

Error: (01/21/2014 11:15:19 AM) (Source: MsiInstaller) (User: PC-201106141535)
Description: Product: Adobe Reader XI (11.0.06) - Chinese Simplified - Update 'Adobe Reader XI (11.0.06)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (01/21/2014 11:15:12 AM) (Source: MsiInstaller) (User: PC-201106141535)
Description: 产品: Adobe Reader XI (11.0.06) - Chinese Simplified -- 错误 1406。无法将数值 Adobe ARM 写入键 \SOFTWARE\Microsoft\Windows\CurrentVersion\Run。 系统错误 。 请验证您对该键拥有足够的访问权限,或者与您的技术支持人员联系。

Error: (01/19/2014 08:36:31 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (01/19/2014 08:36:31 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


System errors:
=============
Error: (02/14/2014 08:34:51 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sr

Error: (02/14/2014 08:34:29 AM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%126

Error: (02/13/2014 09:25:33 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sr

Error: (02/13/2014 09:25:09 AM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%126

Error: (02/13/2014 00:36:22 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sr

Error: (02/13/2014 00:35:59 AM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%126

Error: (02/12/2014 08:12:23 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sr

Error: (02/12/2014 08:12:03 AM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%126

Error: (02/11/2014 08:32:44 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sr

Error: (02/11/2014 08:32:13 AM) (Source: Service Control Manager) (User: )
Description: The System Restore Service service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 58%
Total physical RAM: 1917.17 MB
Available physical RAM: 795.09 MB
Total Pagefile: 3813.69 MB
Available Pagefile: 2500.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:48.83 GB) (Free:18.56 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Applications) (Fixed) (Total:136.72 GB) (Free:15.91 GB) NTFS
Drive e: () (Fixed) (Total:136.72 GB) (Free:0.24 GB) NTFS
Drive f: (Media) (Fixed) (Total:143.47 GB) (Free:3.95 GB) NTFS
Drive g: (DVD (14.04.2013)) (CDROM) (Total:4.35 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: EF08263A)
Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=417 GB) - (Type=OF Extended)

==================== End Of Log ============================


"What you do speaks so loudly that I cannot hear what you say" - Ralph Waldo Emerson

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:33 PM

Posted 13 February 2014 - 09:37 PM

Greetings Clinton,

Nice to meet you. I appreciate your offer to answer questions as I may need your help to work through some of the entries we don't normally see.

----------

Can you tell me if you set this ProxyServer?
 

ProxyServer: 127.0.0.1:8580


----------

Please consider and perform the following for me.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but AVG on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Cracking Software Warning

--------------------
 

Post by quietman7, on 02 October 2009 - 05:16 AM, said:


A Keygen is a program which is used to illegally bypass copy protection on games and commercial software by generating a random serial number, or "cd key", that matches the software it is intended to be used with.

A Cracking tool is used to copy commercial software illegally by breaking the various copy-protection and registration techniques being used.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Quote
Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

Quote
...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

Quote
...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

Quote
...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

Some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.


===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-602162358-839522115-1957994488-500\...\Run: [Clownfish] - [X]
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
BHO: No Name - {2D0F71DA-7E32-A6B7-B962-2C776D30B74B} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
C:\Documents and Settings\Administrator\Local Settings\Temp\bzup0922.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HWSignature.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\PCMgr_Setup_87_10529_215.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sogou_pinyin_6.7.0.0747.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sogou_pinyin_6.8.0.1170_m_2.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sogou_wallpaper_19_2004.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sogou_wallpaper_guide_2004.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\vlc-2.1.2-win32.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Copy/paste the following in the Search Field
rpcss.dll
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaneer log
  • Junkware log
  • Fixlog
  • Search log
  • How is your computer running

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 siobhain

siobhain
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 14 February 2014 - 09:26 AM

Thanks Gary!

 

I'll be really busy the next two days and won't have time to complete all the steps until Sunday evening.. I hope that won't be a big problem.  You may be able to help some other person or people!  I'll post the proper logs as soon as all the steps have been completed.

 

Sincerely,

Clinton


"What you do speaks so loudly that I cannot hear what you say" - Ralph Waldo Emerson

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:33 PM

Posted 14 February 2014 - 10:15 AM

Hi Clinton,

Absolutely no problem, I have lots to do! :)

Thanks for letting me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 siobhain

siobhain
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 19 February 2014 - 12:57 PM

Gary,

 

Sorry for the delay!  I was unable to access the website for some days when I finally had time to perform all the troubleshooting/removal.  I was able to complete the tasks as directed.  About the how the computer is running, I will have to get back to you on that.  I haven't used it much since removing things, but it does appear cleaner, and thus faster.  Since I was so long in responding I do understand if you'll take some time to reply.  The logs are as follows:

 

# AdwCleaner v3.019 - Report created 20/02/2014 at 01:16:28
# Updated 17/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - PC-201106141535
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater17.3.0

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\baidu
[!] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tencent
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WinterSoft
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Dooownload keeper
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SearchNewTab
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\baidu
Folder Deleted : C:\Program Files\ss helper
Folder Deleted : C:\Program Files\Tencent
Folder Deleted : C:\Program Files\Dooownload keeper
Folder Deleted : C:\Program Files\SearchNewTab
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Program Files\Common Files\Tencent
Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\baidu
Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tencent
Folder Deleted : C:\Documents and Settings\LocalService\Application Data\Tencent
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Tencent
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\baidu
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\SogouExplorer
[!] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Tencent
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\thinstall
Folder Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\Tencent
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b6y4spir.default\Extensions\envftrvs@eojcb.org
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b6y4spir.default\Extensions\zieyoi@jch-ehd.org
[!] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\搜狗拼音输入法\皮肤小盒子.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_360582d7
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCmgrInstallGuide.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCTray.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCMgr.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCRTP.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\bugreport.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCFileOpen.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCLeakScan.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCLoader.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPConfig.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCSoftMgr.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\plugins\QMNetMon\QQPCNetFlow.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QDeskSetup.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCBTU.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCClinic.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCLaunch.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QMUpdate\QQPCMgrUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCProtect.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCSoftGame.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCSysOptimize.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCUpdateAVLib.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQRepair.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\Uninst.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCPatch.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\TpkUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QMDL.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\Common Files\Tencent\QQDownload\125\Tencentdl.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\Administrator\Application Data\Tencent\QQ\STemp\SetupEx~0\QQSetupEx.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQ\Bin\QQ.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQ\Bin\auclt.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQ\Bin\SetupEx\QQSetupEx.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQMusic\QQMusicUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQMusic\QQMusicIE.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQMusic\QzoneMusic.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQMusic\QQMusic.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQIntl\Bin\QQ.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQIntl\Bin\auclt.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQIntl\Bin\txupd.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQDownload\bugreport.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\Administrator\Application Data\Tencent\QQPCMgr\Download\QQPCDownload.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQBrowser\QQBrowser.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Tencent\QQBrowser\BugReport.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\Administrator\Application Data\Tencent\QQBrowser\Liveup\Temp\QQBrowserLiveup.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQLive\QQLive.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQLive\QQLiveUp.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQLive\QQLiveExternal.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQLive\Statistics.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCmgrInstallGuide.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCTray.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCMgr.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCRTP.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\bugreport.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCFileOpen.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCLeakScan.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCLoader.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPConfig.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCSoftMgr.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\plugins\QMNetMon\QQPCNetFlow.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QDeskSetup.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCBTU.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCClinic.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCLaunch.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QMUpdate\QQPCMgrUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCProtect.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCSoftGame.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCSysOptimize.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCUpdateAVLib.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQRepair.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\Uninst.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QQPCPatch.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQPCMgr\8.7.10529.215\TpkUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [d:\Program Files\Tencent\QQPCMgr\8.7.10529.215\QMDL.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Common Files\Tencent\QQDownload\125\Tencentdl.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\Administrator\Local Settings\Temp\BaiduPlayerContentUI.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\baidu\BaiduPlayer\3.6.1.27\StatReport.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\baidu\BaiduPlayer\3.6.1.27\BaiduPlayer.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\All Users\Application Data\Baidu\BaiduPlayer\bdupdate3.6.1.27.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\baidu\BaiduPlayer\3.6.1.27\BaiduMediaService.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\baidu\BaiduPlayer\3.6.1.27\BaiduSetupAx_0.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\baidu\BaiduPlayer\3.7.0.19\StatReport.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\baidu\BaiduPlayer\3.7.0.19\BaiduPlayer.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\All Users\Application Data\Baidu\BaiduPlayer\bdupdate3.7.0.19.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\baidu\BaiduPlayer\3.7.0.19\BaiduMediaService.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\baidu\BaiduPlayer\3.7.0.19\BaiduSetupAx_0.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQDownload\QQDownload.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [D:\Program Files\Tencent\QQDownload\QDAutoUpdate.exe]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\caphyon
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.21366


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b6y4spir.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [26178 octets] - [20/02/2014 01:12:08]
AdwCleaner[S0].txt - [25762 octets] - [20/02/2014 01:16:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25823 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on 02/20/2014 Thu at  1:42:08.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-602162358-839522115-1957994488-500\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{24588FA4-10F1-41D7-B19D-6E22361E47FA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{ED7959C5-1B1D-4A42-8C9D-75D76890D4C6}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\tencent"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Application Data\tencent"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\adawarebp"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/20/2014 Thu at  1:44:42.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2014 01
Ran by Administrator at 2014-02-20 01:49:19 Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode:

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-602162358-839522115-1957994488-500\...\Run: [Clownfish] - [X]
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
BHO: No Name - {2D0F71DA-7E32-A6B7-B962-2C776D30B74B} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
C:\Documents and Settings\Administrator\Local Settings\Temp\bzup0922.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HWSignature.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\PCMgr_Setup_87_10529_215.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sogou_pinyin_6.7.0.0747.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sogou_pinyin_6.8.0.1170_m_2.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sogou_wallpaper_19_2004.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sogou_wallpaper_guide_2004.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\vlc-2.1.2-win32.exe

*****************

HKU\S-1-5-21-602162358-839522115-1957994488-500\Software\Microsoft\Windows\CurrentVersion\Run\\Clownfish => Value deleted successfully.
Default URLSearchHook was restored successfully .
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D0F71DA-7E32-A6B7-B962-2C776D30B74B} => Key deleted successfully.
HKCR\CLSID\{2D0F71DA-7E32-A6B7-B962-2C776D30B74B} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Unable to delete value
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
C:\Documents and Settings\Administrator\Local Settings\Temp\bzup0922.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\HWSignature.dll => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\PCMgr_Setup_87_10529_215.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\sogou_pinyin_6.7.0.0747.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\sogou_pinyin_6.8.0.1170_m_2.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\sogou_wallpaper_19_2004.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\sogou_wallpaper_guide_2004.exe => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\vlc-2.1.2-win32.exe => Moved successfully.

==== End of Fixlog ====

 

Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01
Ran by Administrator at 2014-02-20 01:50:19
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode:

================== Search: "rpcss.dll" ===================

C:\WINDOWS\system32\rpcss.dll
[2008-04-14 12:00] - [2009-02-09 20:10] - 0401408 ____A (Microsoft Corporation) 6b27a5c03dfb94b4245739065431322c

C:\WINDOWS\system32\dllcache\rpcss.dll
[2011-06-30 13:04] - [2009-02-09 20:10] - 0401408 ____N (Microsoft Corporation) 6b27a5c03dfb94b4245739065431322c

C:\WINDOWS\ERDNT\cache\rpcss.dll
[2011-06-29 01:30] - [2008-04-14 12:00] - 0399360 ____A (Microsoft Corporation) 2589fe6015a316c0f5d5112b4da7b509

=== End Of Search ===


"What you do speaks so loudly that I cannot hear what you say" - Ralph Waldo Emerson

#8 siobhain

siobhain
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 19 February 2014 - 01:01 PM

Oh, and on a final note, I often have to use a VPN/proxy server to get past the Great Firewall.. in the log file, that ProxyServer was something I allowed.


"What you do speaks so loudly that I cannot hear what you say" - Ralph Waldo Emerson

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:33 PM

Posted 19 February 2014 - 01:08 PM

Hi Clinton and welcome back.

Took care of a lot of stuff. While you spend a little bit of time evaluating your computer's performance let's see if we can delete a registry key that doesn't want to budge. Please do this.

===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • When you run the tool this is what you will see

MiniReg.gif

  • Copy and paste the following into the edit box:

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

  • Check the Delete Keys/Values including Locked/Null embedded radio button.
  • Press the Go button and post the result.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniRegTool report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 siobhain

siobhain
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 19 February 2014 - 08:45 PM

Hey Gary,

 

Thanks for your patience, and glad you were able to accomplish many other things!

The key seems rather pesky..

 

MiniRegTool by Farbar Version:29-11-2012
Ran by Administrator (administrator) on 2014-02-20 09:43:27

====================================
"HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" not found.


"What you do speaks so loudly that I cannot hear what you say" - Ralph Waldo Emerson

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:33 PM

Posted 19 February 2014 - 09:27 PM

Very good. We just needed to make sure it wasn't present. Test out your computer for a bit and let me know how it goes.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 siobhain

siobhain
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 19 February 2014 - 10:21 PM

Great!  I'll get back with you within a couple of days to evaluate the computer and let you know how it's running.  Have a great day!!

 

Thanks Gary,

Clinton


"What you do speaks so loudly that I cannot hear what you say" - Ralph Waldo Emerson

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:33 PM

Posted 19 February 2014 - 10:44 PM

Thanks Clinton, you too (or is it night?) :)
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 siobhain

siobhain
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:33 PM

Posted 22 February 2014 - 08:35 AM

After rigirous testing, all seems well!  i am a bit worried still though and wondering if you could offer some advice on protecting the computer?

 

Thanks Gary!

 

BTW, it was morning.  China is 15 hours ahead of California right now


"What you do speaks so loudly that I cannot hear what you say" - Ralph Waldo Emerson

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:33 PM

Posted 22 February 2014 - 01:51 PM

Excellent report. :)

Well I was anticipating it would be morning when you read it!

I will certainly provide you with some things to consider going forward.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean

--------------

Your machine appears to be clean. You can remove any of the programs or logs on your system as a result of our efforts together. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a couple of days in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users