Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted sounds play and unwanted web pages open - computer slow


  • This topic is locked This topic is locked
16 replies to this topic

#1 clinysy

clinysy

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 24 January 2015 - 01:08 PM

When I am using my web browser (chrome and Internet explorer) unrequested new tabs open with content I did not request. Also when I am browsing the internet or watching a video on a web page unwanted sounds and other audio play in the background without being requested.
 
Also google chrome frequently crashes when unused for a period time or when another tab is being used. 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Chinese (administrator) on HPI3 on 24-01-2015 12:27:23
Running from C:\Users\Chinese\Desktop
Loaded Profiles: Chinese (Available profiles: Chinese & English)
Platform: Windows 8 (X64) OS Language: 英语(美国)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\BaiduAnSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(360.cn) C:\Program Files (x86)\360\360sd\360rps.exe
(360.cn) C:\Program Files (x86)\360\360safe\deepscan\ZhuDongFangYu.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\BaiduAnTray.exe
(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\BDALeakfixer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(360.cn) C:\Program Files (x86)\360\360sd\360sd.exe
(360.cn) C:\Program Files (x86)\360\360sd\360rp.exe
(Dropbox, Inc.) C:\Users\Chinese\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(360.cn) C:\Program Files (x86)\360\360safe\safemon\360tray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(360.cn) C:\Program Files (x86)\360\360safe\SoftMgr\SML\SoftMgrLite.exe
(Google Inc.) C:\Users\Chinese\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Chinese\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Chinese\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Chinese\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1431056 2010-10-19] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [ACPW05EN] => C:\Program Files (x86)\ACDSee Pro\ACDSeeProInTouch2.exe [822384 2011-11-16] (ACD Systems)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2711576 2014-10-03] (Sony Corporation)
HKLM-x32\...\Run: [360Safetray] => C:\Program Files (x86)\360\360safe\safemon\360Tray.exe [379720 2014-12-30] (360.cn)
HKLM-x32\...\Run: [BaiduAnTray] => C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\BaiduAnTray.exe [2091528 2014-12-17] (百度在线网络技术(北京)有限公司)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Run: [NextLive] => C:\windows\SysWOW64\rundll32.exe "C:\Users\Chinese\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Run: [ctfmon] => C:\windows\system32\ctfmon.exe [10240 2012-07-25] (Microsoft Corporation)
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Run: [360sd] => C:\Program Files (x86)\360\360sd\360sdrun.exe [833352 2014-11-16] (360.cn)
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\MountPoints2: {dfe50474-966c-11e4-814a-b4b52faf5a10} - "G:\VerizonSWUpgradeAssistantLauncher.exe" 
Startup: C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Chinese\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [360FileGuardAntiDel] -> {130DA40A-D640-44D7-9CC6-FAA1CD6B3DEA} => C:\Program Files (x86)\360\360sd\ShellIco.dll (360.cn)
ShellIconOverlayIdentifiers: [360UDiskGuard Icon Overlay] -> {CC00F81D-5262-450A-B1FA-D6BEE3406263} => C:\Program Files (x86)\360\360safe\safemon\360UDiskGuard64.dll (360.cn)
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\FunSeed64V951.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao.360.cn/?360safe
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://hao.360.cn/?360safe
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao.360.cn/?360safe
URLSearchHook: [S-1-5-21-1048203749-4246072601-2371806179-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3279418&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=&UM=2&UP=SP6B4B9C1D-EDE4-4900-ABBA-92A1A7C04E2E&q=UCM_SEARCH_TERM&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=
SearchScopes: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3279418&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=&UM=2&UP=SP6B4B9C1D-EDE4-4900-ABBA-92A1A7C04E2E&q=UCM_SEARCH_TERM&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=&SSPV=
SearchScopes: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001 -> {4F278F78-EBA9-4035-8A4F-D59977696F15} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001 -> {505976C2-62D5-40DF-9295-0F33469B400C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3279418&CUI=UN21659026251408012&UM=2
SearchScopes: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140417,20028,0,25,0
SearchScopes: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&bar=13&tn=33059180_cb
SearchScopes: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360safe\safemon\safemon64.dll (360.cn)
BHO-x32: 360sdbho Class -> {0F4BF955-A127-41B7-A998-369904AA2578} -> C:\Program Files (x86)\360\360sd\360sdbho.dll (360.cn)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360safe\safemon\safemon.dll (360.cn)
BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\Chinese\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll (Tencent)
Toolbar: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001 -> No Name - {B7C7D4B0-7A84-4B73-A7EF-48EF59A52C3B} -  No File
Toolbar: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001 -> No Name - {B580CF65-E151-49C3-B73F-70B13FCA8E86} -  No File
DPF: HKLM-x32 {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} https://site.cmbchina.com/download/CMBEdit.cab
DPF: HKLM-x32 {97367E05-1E9D-4DA3-B028-D03A5B2723FF} http://dl.desktop.weibo.com/WeiboBarX/WeiboBarX.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Tcpip\Parameters: [DhcpNameServer] 10.240.205.161
Tcpip\..\Interfaces\{3834ECBF-3EF7-472E-B5EA-10E441197E5E}: [NameServer] 31.168.224.106,5.135.12.52
Tcpip\..\Interfaces\{9704A70B-F8D4-4D40-9DAC-C698C8146704}: [NameServer] 31.168.224.106,5.135.12.52
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
FF Plugin-x32: @360.cn/npaxlogin -> C:\Program Files (x86)\360\360safe\Utils\npaxlogin.dll (360.cn)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\Chinese\funshion\funshiontools\npFunshion.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @qq.com/npOpenPlatform -> C:\Program Files (x86)\Common Files\Tencent\OpenPlatform\3.0.0.3202\npQPMWebGamePlugin.dll (腾讯公司)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll (Tencent)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll ()
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QZoneMusic\2014.12.29.12.0.45\npQzoneMusic.dll (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.3.5\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\Final Codecs\MozillaPlugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.3.46 -> C:\Program Files (x86)\Final Codecs\MozillaPlugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\Final Codecs\MozillaPlugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-1048203749-4246072601-2371806179-1001: @360.cn/360MMPlugin -> C:\Program Files (x86)\360\360safe\mobilemgr\np360MMPlugIn.dll (360.cn)
FF Plugin HKU\S-1-5-21-1048203749-4246072601-2371806179-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Chinese\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-1048203749-4246072601-2371806179-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Chinese\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1048203749-4246072601-2371806179-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Chinese\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1048203749-4246072601-2371806179-1001: KuaiWanInsert -> C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File
FF HKLM-x32\...\Firefox\Extensions: [speedtest137@SpeedAnalysis] - C:\Users\Chinese\AppData\Roaming\Mozilla\Extensions\speedtest137@SpeedAnalysis
FF Extension: Speed Test 137 - C:\Users\Chinese\AppData\Roaming\Mozilla\Extensions\speedtest137@SpeedAnalysis [2013-12-17]
FF HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Firefox\Extensions: [dict@www.youdao.com] - C:\Users\Chinese\AppData\Local\Youdao\Dict\Application\stable\extensions\firefox
FF HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Firefox\Extensions: [speedtest137@SpeedAnalysis] - C:\Users\Chinese\AppData\Roaming\Mozilla\Extensions\speedtest137@SpeedAnalysis
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Chinese\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (appbario19) - C:\Users\Chinese\AppData\Local\Google\Chrome\User Data\Default\Extensions\gahpidfnpjlikfplofgcckpplbhopgpp [2015-01-05]
CHR Extension: (Google 电子钱包) - C:\Users\Chinese\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-16]
CHR HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Chrome\Extension: [gahpidfnpjlikfplofgcckpplbhopgpp] - C:\Users\Chinese\AppData\Local\CRE\gahpidfnpjlikfplofgcckpplbhopgpp.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [gahpidfnpjlikfplofgcckpplbhopgpp] - C:\Users\Chinese\AppData\Local\CRE\gahpidfnpjlikfplofgcckpplbhopgpp.crx [2013-12-11]
StartMenuInternet: 360chrome - C:\Users\Chinese\AppData\Local\360Chrome\Chrome\Application\360chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 360rp; C:\Program Files (x86)\360\360sd\360rps.exe [321096 2014-11-17] (360.cn)
R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [88584 2014-12-23] (百度在线网络技术(北京)有限公司)
R2 BDMRTP; C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\BaiduAnSvc.exe [1047048 2014-12-17] (百度在线网络技术(北京)有限公司)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [40448 2013-12-05] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-09-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [263576 2010-09-14] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation)
S2 pukn; C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\stvqgnr.dll [742216 2014-12-17] ()
S3 QQMusicService; D:\Program Files\Tencent\QQMusic\1144.2015.1.6.15.15.59\QQMusicService.dll [30776 2015-01-05] (Tencent)
S3 SogouUpdate; C:\Program Files (x86)\SogouInput\7.4.1.4857\SogouUpdate.exe [271976 2015-01-08] (Sogou.com Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZhuDongFangYu; C:\Program Files (x86)\360\360safe\deepscan\ZhuDongFangYu.exe [237384 2014-11-27] (360.cn)
S3 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S3 c2cpnrsvc; "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [128584 2014-12-05] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77896 2014-04-22] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [317512 2014-11-25] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2014-04-18] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [344648 2014-12-23] (360.cn)
S4 360Hvm; C:\Windows\System32\Drivers\360Hvm64.sys [181320 2014-12-25] (360安全中心)
R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [72776 2014-12-24] (360.cn)
R2 AdpeakWFP; C:\windows\system32\Drivers\AdpeakWFP64.sys [41624 2013-09-26] (Adpeak, Inc.)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180808 2014-11-06] (360.cn)
U5 BAPIDRV64; C:\Windows\System32\Drivers\BAPIDRV64.sys [180808 2014-11-06] (360.cn)
R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [181072 2014-12-17] (Baidu)
R1 bd0002; C:\Windows\System32\DRIVERS\bd0002.sys [196936 2014-12-24] (Baidu)
R1 bd0002; C:\Windows\SysWOW64\DRIVERS\bd0002.sys [196936 2014-12-24] (Baidu)
R2 BDArKit; C:\Windows\System32\DRIVERS\BDArKit.sys [152392 2014-12-27] (Baidu Technology)
R2 BDDefense; C:\windows\system32\drivers\BDDefense.sys [103752 2015-01-23] (Baidu)
R2 BDMNetMon; C:\Windows\System32\DRIVERS\BDMNetMon.sys [241992 2014-12-17] (Baidu)
R1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [130888 2015-01-16] (Baidu)
R1 BDMWrench_x64; C:\Windows\SysWOW64\DRIVERS\BDMWrench_x64.sys [130888 2015-01-16] (Baidu)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 DsArk; C:\Windows\System32\drivers\DsArk64.sys [132168 2014-12-02] (360.cn)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-09-19] (Microsoft Corporation)
R3 NisDrv; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [72064 2010-09-19] (Microsoft Corporation)
S1 BDEnhanceBoost; system32\drivers\BDEnhanceBoost.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-24 12:27 - 2015-01-24 12:28 - 00027813 _____ () C:\Users\Chinese\Desktop\FRST.txt
2015-01-24 12:25 - 2015-01-24 12:27 - 00000000 ____D () C:\FRST
2015-01-24 11:07 - 2015-01-24 11:07 - 02129920 _____ (Farbar) C:\Users\Chinese\Desktop\FRST64.exe
2015-01-18 16:54 - 2015-01-18 16:54 - 00000954 _____ () C:\Users\Chinese\Desktop\Dropbox.lnk
2015-01-16 15:58 - 2015-01-16 15:59 - 00478744 _____ () C:\windows\system32\FNTCACHE.DAT
2015-01-16 15:16 - 2015-01-16 15:22 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\360SuperKiller
2015-01-16 10:01 - 2014-04-16 13:20 - 00029888 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2015-01-16 10:00 - 2014-04-16 13:20 - 00028352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2015-01-16 08:52 - 2015-01-16 08:52 - 00130888 _____ (Baidu) C:\windows\SysWOW64\Drivers\BDMWrench_x64.sys
2015-01-14 12:21 - 2015-01-14 12:21 - 01949864 _____ (Coupons.com Incorporated) C:\Users\Chinese\Downloads\CouponPrinter.exe
2015-01-14 09:51 - 2014-11-05 01:40 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2015-01-14 09:51 - 2014-11-05 01:39 - 01024512 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-01-14 09:51 - 2014-11-01 01:28 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-01-14 09:51 - 2014-10-29 09:21 - 00499008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys
2015-01-14 09:51 - 2014-10-27 17:10 - 00390841 _____ () C:\windows\system32\ApnDatabase.xml
2015-01-13 21:26 - 2014-11-26 21:40 - 00600576 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-01-13 21:26 - 2014-11-26 20:28 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-01-13 21:25 - 2014-12-11 02:35 - 06973248 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-13 21:24 - 2014-12-19 01:48 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-13 21:24 - 2014-12-11 01:51 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-13 21:24 - 2014-12-06 02:52 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-13 21:24 - 2014-12-06 02:52 - 00357376 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-13 21:24 - 2014-12-06 02:52 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-13 21:24 - 2014-12-06 01:09 - 00055296 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-13 21:23 - 2014-12-18 23:35 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 21:22 - 2014-12-06 02:53 - 00458240 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-13 21:22 - 2014-12-06 02:53 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-13 21:22 - 2014-12-06 02:51 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-13 21:22 - 2014-12-06 01:10 - 00355840 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-13 21:22 - 2014-12-06 01:10 - 00023552 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-13 21:21 - 2014-12-06 02:51 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-13 21:21 - 2014-12-06 02:50 - 00783872 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-13 21:21 - 2014-12-06 01:09 - 00332800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-10 11:10 - 2015-01-10 19:40 - 00000000 ____D () C:\ProgramData\SogouPY
2015-01-10 10:56 - 2015-01-10 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法
2015-01-10 10:56 - 2015-01-10 10:56 - 00000000 _____ () C:\windows\SysWOW64\nso2A3.tmp
2015-01-10 10:56 - 2015-01-10 10:56 - 00000000 _____ () C:\windows\SysWOW64\nscF11D.tmp
2015-01-10 10:56 - 2015-01-10 10:56 - 00000000 _____ () C:\windows\system32\nswFAF2.tmp
2015-01-10 10:56 - 2015-01-10 10:56 - 00000000 _____ () C:\windows\system32\nsu2C4.tmp
2015-01-08 22:22 - 2015-01-08 22:22 - 07987304 _____ (Sogou.com Inc.) C:\windows\system32\SogouPY.ime
2015-01-08 22:22 - 2015-01-08 22:22 - 04675176 _____ (Sogou.com Inc.) C:\windows\SysWOW64\SogouPY.ime
2015-01-08 22:22 - 2015-01-08 22:22 - 00533608 _____ (Sogou.com Inc.) C:\windows\system32\SogouTSF.ime
2015-01-08 22:22 - 2015-01-08 22:22 - 00435304 _____ (Sogou.com Inc.) C:\windows\SysWOW64\SogouTSF.ime
2015-01-08 17:14 - 2015-01-10 11:19 - 00000000 ____D () C:\Users\Chinese\Desktop\新建文件夹 (2)
2015-01-07 19:20 - 2015-01-07 19:28 - 00000000 ____D () C:\Users\Chinese\AppData\Local\{93C1A063-6F2D-4FD6-973E-17B4D707256C}
2015-01-07 19:20 - 2015-01-07 19:20 - 00000000 ____D () C:\Users\Chinese\AppData\Local\{DA35A4E3-260A-4245-8F41-ECFF4231ED9F}
2015-01-07 17:14 - 2015-01-07 19:12 - 00001764 _____ () C:\windows\setupact.log
2015-01-07 17:14 - 2015-01-07 17:14 - 00000000 _____ () C:\windows\setuperr.log
2015-01-06 15:28 - 2015-01-23 11:47 - 00000000 ____D () C:\TTkvod2
2015-01-06 15:28 - 2015-01-10 14:09 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\JJVOD
2015-01-06 15:28 - 2015-01-06 15:28 - 00000451 _____ () C:\Users\Chinese\Desktop\天天看 高清影视.lnk
2015-01-06 15:28 - 2015-01-06 15:28 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\天天看 高清影视
2015-01-06 15:28 - 2015-01-06 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\天天看 高清影视
2015-01-06 15:15 - 2015-01-06 15:15 - 00001037 _____ () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Setup_ttkvod_6.0.1.6.lnk
2015-01-06 15:06 - 2015-01-06 15:06 - 09586128 _____ (天天看) C:\Users\Chinese\Downloads\Setup_ttkvod_6.0.1.6 (1).exe
2015-01-06 15:03 - 2015-01-06 15:04 - 09586128 _____ (天天看) C:\Users\Chinese\Downloads\Setup_ttkvod_6.0.1.6.exe
2015-01-06 12:09 - 2015-01-13 16:51 - 00009149 _____ () C:\Users\Chinese\Desktop\电话薄.xlsx
2015-01-05 18:21 - 2015-01-05 18:21 - 00002350 _____ () C:\Users\Chinese\Desktop\Google Chrome.lnk
2015-01-05 18:21 - 2015-01-05 18:21 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-05 18:20 - 2015-01-06 15:16 - 00001017 _____ () C:\Users\Public\Desktop\QQ音乐.lnk
2014-12-31 10:15 - 2014-12-31 10:15 - 05642036 _____ () C:\Users\Chinese\Downloads\attachments_2014_12_31 (3).zip
2014-12-31 10:14 - 2014-12-31 10:14 - 02365939 _____ () C:\Users\Chinese\Downloads\attachments_2014_12_31 (2).zip
2014-12-31 10:13 - 2015-01-02 17:39 - 00000000 ____D () C:\Users\Chinese\Downloads\attachments_2014_12_31 (1)
2014-12-31 10:13 - 2014-12-31 10:13 - 02374731 _____ () C:\Users\Chinese\Downloads\attachments_2014_12_31 (1).zip
2014-12-31 10:09 - 2014-12-31 10:10 - 05362778 _____ () C:\Users\Chinese\Downloads\attachments_2014_12_31.zip
2014-12-30 23:50 - 2014-12-30 23:50 - 00000000 ____D () C:\Users\Default\AppData\Roaming\360safe
2014-12-30 23:50 - 2014-12-30 23:50 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\360safe
2014-12-29 18:08 - 2015-01-08 17:34 - 00002224 _____ () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\360极速浏览器.lnk
2014-12-29 18:08 - 2015-01-08 17:34 - 00002222 _____ () C:\Users\Chinese\Desktop\360极速浏览器.lnk
2014-12-29 18:08 - 2014-12-29 18:08 - 00000000 ____D () C:\Users\Chinese\AppData\Local\360Chrome
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-24 12:29 - 2013-11-24 15:04 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1048203749-4246072601-2371806179-1001
2015-01-24 12:25 - 2014-12-15 21:28 - 00000000 ___RD () C:\Users\Chinese\Dropbox
2015-01-24 12:25 - 2014-12-15 21:25 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Dropbox
2015-01-24 12:25 - 2013-11-28 09:50 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\newnext.me
2015-01-24 12:24 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-24 12:23 - 2012-08-01 21:02 - 00944882 _____ () C:\windows\PFRO.log
2015-01-24 12:02 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru
2015-01-24 11:35 - 2014-12-17 16:09 - 00002175 _____ () C:\Users\Chinese\Desktop\360软件管家.lnk
2015-01-24 11:15 - 2013-11-24 15:09 - 00434570 _____ () C:\windows\system32\prfh0804.dat
2015-01-24 11:15 - 2013-11-24 15:09 - 00137914 _____ () C:\windows\system32\prfc0804.dat
2015-01-24 11:15 - 2012-07-26 02:28 - 01453322 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-23 23:00 - 2014-12-18 09:47 - 00103752 _____ (Baidu) C:\windows\system32\Drivers\BDDefense.sys
2015-01-23 22:33 - 2013-11-24 14:57 - 01793270 _____ () C:\windows\WindowsUpdate.log
2015-01-23 11:44 - 2014-12-17 16:53 - 00000000 __SHD () C:\Users\Chinese\AppData\Roaming\360Quarant
2015-01-23 11:44 - 2014-12-17 16:53 - 00000000 __SHD () C:\$360Section
2015-01-23 11:44 - 2012-09-11 09:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-23 11:02 - 2014-03-12 18:32 - 00365056 ___SH () C:\Users\Chinese\Downloads\Thumbs.db
2015-01-23 11:01 - 2014-11-04 20:57 - 00000000 ____D () C:\Users\Chinese\AppData\Local\Citrix
2015-01-23 09:32 - 2013-11-24 15:55 - 07101440 ___SH () C:\Users\Chinese\Desktop\Thumbs.db
2015-01-23 00:49 - 2012-07-26 00:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2015-01-22 18:25 - 2013-11-24 18:01 - 00000000 ____D () C:\Users\Chinese\Documents\Tencent Files
2015-01-22 17:13 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp
2015-01-20 21:54 - 2014-11-08 16:52 - 00000000 ____D () C:\TTKVOD_CACHE
2015-01-19 16:30 - 2014-10-17 08:14 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-19 16:30 - 2014-10-17 08:14 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-18 18:30 - 2014-05-10 12:44 - 00000000 ____D () C:\Users\Chinese\Desktop\新建文件夹
2015-01-18 16:55 - 2013-11-24 14:57 - 00000000 ____D () C:\Users\Chinese
2015-01-17 18:51 - 2014-12-17 16:08 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\360Safe
2015-01-16 15:30 - 2014-12-17 16:11 - 00000000 ____D () C:\windows\Tasks\360Disabled
2015-01-16 08:52 - 2014-12-18 09:46 - 00130888 _____ (Baidu) C:\windows\system32\Drivers\BDMWrench_x64.sys
2015-01-12 21:36 - 2013-11-24 15:39 - 00000000 ____D () C:\Program Files (x86)\SogouInput
2015-01-11 23:59 - 2014-09-04 17:31 - 00003472 _____ () C:\windows\System32\Tasks\SogouImeMgr
2015-01-10 11:04 - 2013-12-17 01:50 - 00000000 ____D () C:\Users\Chinese\Documents\PDF files
2015-01-07 19:20 - 2014-12-10 23:32 - 00000000 ____D () C:\Users\Chinese\AppData\Local\Windows Live
2015-01-07 17:17 - 2014-12-17 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全中心
2015-01-07 17:16 - 2014-12-17 16:29 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\360mobilemgr
2015-01-06 21:59 - 2014-12-23 09:17 - 00121344 _____ () C:\Users\Chinese\Desktop\Driving for dollars list.xls
2015-01-06 15:28 - 2014-11-08 16:49 - 00000451 _____ () C:\Users\English\Desktop\天天看 高清影视.lnk
2015-01-06 15:16 - 2014-10-15 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-01-05 18:24 - 2014-10-15 10:48 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯游戏
2015-01-05 18:24 - 2014-10-15 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯游戏
2015-01-05 18:24 - 2013-11-24 15:30 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Tencent
2015-01-05 18:21 - 2014-10-15 10:47 - 00000000 ____D () C:\Program Files\Tencent
2015-01-05 18:21 - 2013-11-24 15:36 - 00000000 ____D () C:\Users\Chinese\AppData\Local\Google
2015-01-05 18:17 - 2013-11-24 15:30 - 00000000 ____D () C:\Program Files (x86)\Tencent
2015-01-05 18:16 - 2014-12-17 21:34 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\爱看视频
2014-12-31 13:12 - 2013-12-05 00:29 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-31 06:14 - 2013-11-24 16:04 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-12-29 19:28 - 2013-11-24 15:43 - 00000000 ____D () C:\Users\Chinese\funshion
2014-12-29 18:08 - 2014-12-17 18:38 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360安全中心
2014-12-27 10:01 - 2014-12-17 21:37 - 00152392 _____ (Baidu Technology) C:\windows\system32\Drivers\BDArKit.sys
2014-12-25 14:11 - 2014-12-17 16:09 - 00181320 _____ (360安全中心) C:\windows\system32\Drivers\360Hvm64.sys
 
==================== Files in the root of some directories =======
 
2013-11-24 15:31 - 2014-11-03 19:09 - 0000917 _____ () C:\Users\Chinese\AppData\Roaming\coreavc.ini
2014-10-22 14:48 - 2014-10-22 19:28 - 0000003 _____ () C:\Users\Chinese\AppData\Local\proxy.log
2013-11-24 15:00 - 2013-11-24 15:00 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Files to move or delete:
====================
C:\Users\Chinese\ePowerButton.exe
 
 
Some content of TEMP:
====================
C:\Users\Chinese\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk1ogtk.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-18 17:19
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:19 PM

Posted 25 January 2015 - 02:18 PM

Hello and Welcome to BleepingComputer,

my Name is Machiavelli and I will assist you with your problem.   :exclame: The fixes are specific to your problem and should only be used for the issue on your machine!  :exclame:
 
I'm in the 'Malware Staff Team' and will provide you with advice:
To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.
 
You must reply to posts within days. If you haven't replied within 4 days your topic will be closed. If you go away for some time please let me know. Communication is a important part here! If you are unsure about something - STOP - and ask me. No need to be afraid of asking - better ask than doing a mistake. Mistakes can lead to an unbootable PC! I would recommend to follow the topic by clicking on the Follow this topic button - you will get notified when I have replied to your topic.
 

:exclame: Below are a few tips :exclame:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
  • My Help is completely free of charge!
    Just if you like to donate me some money you can do it and I'd appreciate it. :)
 

Can you please post the Addition Log into the thread? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 clinysy

clinysy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 25 January 2015 - 05:32 PM

Thank you for your reply. Addition Log attached.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Chinese at 2015-01-24 12:31:32
Running from C:\Users\Chinese\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: 360杀毒 (Enabled - Up to date) {6F7A6B22-2309-7CD0-AF79-D11A4916C60C}
AS: 360安全卫士 (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
360安全浏览器7 (HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\360se6) (Version: 7.1.1.529 - 360安全中心)
360安全卫士 (HKLM-x32\...\360安全卫士) (Version: 9.7.0.2001 - 360安全中心)
360极速浏览器 (HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\360Chrome) (Version: 7.5.3.316 - 360安全中心)
360杀毒 (HKLM-x32\...\360SD) (Version: 5.0.0.5104 - 360安全中心)
360手机助手 (HKLM-x32\...\360手机助手) (Version: 2.5.0.1117 - 360)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
ACDSee Pro 5.3 (HKLM-x32\...\{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}) (Version: 5.3.168 - ACD Systems International)
appbario19 Toolbar for IE (HKLM-x32\...\IECT3279418) (Version: 6.17.2.8 - appbario19) <==== ATTENTION
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Foxit Reader Pro 5.4.5 (HKLM-x32\...\{FAE80353-056E-40B9-B862-21CDD1F5525E}_is1) (Version: 5.4.5.0124 - 睿派克技术论坛)
GoldenCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - GoldenCoupon) <==== ATTENTION
Google Chrome (HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
GoToMeeting 6.4.9.2128 (HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\GoToMeeting) (Version: 6.4.9.2128 - CitrixOnline)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Install Converter (HKLM-x32\...\Install Converter) (Version: 1.0 - Install Converter) <==== ATTENTION!
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Updater (HKLM-x32\...\InternetUpdater) (Version: 2.6.51 - Parallel Lines Development, LLC) <==== ATTENTION
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Level Quality Watcher (HKLM\...\Level Quality Watcher) (Version: v1.01 - Level Quality Watcher) <==== ATTENTION!
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Map (North America Edition) (HKLM-x32\...\{1A1DA9F1-0527-4556-90C1-96E7BAAF05E9}) (Version: 1.1.0 - TekMagic Solutions Inc.)
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
MergeModule_x64 (Version: 9.0.02 - Sony Corporation) Hidden
MergeModule_x86 (x32 Version: 9.0.02 - Sony Corporation) Hidden
Microsoft Office Language Pack 2010 - English (HKLM-x32\...\Office14.OMUI.en-us) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.522.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nero 8 Micro (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.20.0 - UpdatePack.nl)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
pdfFactory Pro (HKLM\...\pdfFactory Pro) (Version: 4.75 - FinePrint Software, LLC)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{93AA5B49-0994-4EF6-80F3-868C9CEA88ED}) (Version: 4.0.02.10030 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.0.02 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.0.02 - Sony Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
QQ音乐2014 (HKLM-x32\...\QQMusic) (Version: 11.44.3867.105 - 腾讯科技(深圳)有限公司)
QQ游戏 (HKLM-x32\...\QQ游戏) (Version: 3.5.2.1 - 腾讯公司)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
ScorpionSaver Services (HKLM\...\{6E810AB6-F34E-49A3-A93F-9E503660F718}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0409-0000-0000000FF1CE}_Office14.OMUI.en-us_{840912CB-128E-4A73-9CD9-F807BC9B7684}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
SOHLib for PlayMemories Home (Version: 1.0.3.02170 - Sony Corporation) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.49 - WebAppTech Coding, LLC) <==== ATTENTION
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.00 (64 位) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
百度卫士3.0 (HKLM-x32\...\百度卫士) (Version: 3.0.0.3971 - 百度在线网络技术(北京)有限公司)
搜狗拼音输入法 7.4.1正式版 (HKLM-x32\...\Sogou Input) (Version: 7.4.1.4857 - Sogou.com)
腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 6.5.12956.0 - 腾讯科技(深圳)有限公司)
天天看高清影视 6.0.1.6 (HKLM-x32\...\天天看高清影视) (Version: 6.0.1.6 - 天天看)
微软拼音简捷 2012 流行词汇更新 (KB2723161) (HKLM-x32\...\{3AB40937-B99B-47E6-AE66-8E48ADE56977}) (Version: 15.0.1716 - Microsoft)
终极解码 1.13.0615 (HKLM-x32\...\Final Codecs) (Version: 1.13.0615 - Sdxy)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Chinese\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Chinese\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Chinese\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Chinese\AppData\Local\Citrix\GoToMeeting\2128\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Chinese\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Chinese\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chinese\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chinese\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chinese\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chinese\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chinese\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chinese\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chinese\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Chinese\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Chinese\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
17-12-2014 09:02:55 Windows Update
22-12-2014 08:32:37 Windows Update
13-01-2015 21:19:28 Windows Update
22-01-2015 17:12:36 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 00:26 - 2014-10-22 20:06 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0FABD4A2-B3A4-4283-8468-A23BCD2E65E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1048203749-4246072601-2371806179-1001Core => C:\Users\Chinese\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-20] (Google Inc.)
Task: {1C25EC7C-1F9C-4B93-BE26-B9AD3F75577C} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-09-14] (Microsoft Corporation)
Task: {2109E6EF-CB48-4A2A-B1D1-5F8F13452794} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2014-01-16] (Sony Corporation)
Task: {4CDA7456-6480-4EAC-8DE8-5B61D7BB627B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {662D6CE2-61DD-4332-B97D-7FE20525E211} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {920BD07D-0A81-454B-9561-A8D5672DCC17} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-31] (Microsoft Corporation)
Task: {96CFD436-85B6-4DBF-9999-A65E28FBA21E} - System32\Tasks\SogouImeMgr => C:\Program Files (x86)\SogouInput\SogouExe\SogouExe.exe [2015-01-08] (Sogou.com Inc.)
Task: {A0E5BFFC-096C-43E8-A349-D77FF1736F19} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {A303D7F0-2CD1-4D8A-BC98-795E7DF2401D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-03] (Google Inc.)
Task: {A5D9738A-8810-425C-B7E0-51DB5D0DFEF1} - System32\Tasks\G2MUpdateTask-S-1-5-21-1048203749-4246072601-2371806179-1001 => C:\Users\Chinese\AppData\Local\Citrix\GoToMeeting\2093\g2mupdate.exe [2014-12-15] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {B312B52A-7D7B-4469-8A6F-C9B67A357AEF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {BC0CDEB8-22C5-410C-A55B-8AB1653EBC06} - \AutoKMS No Task File <==== ATTENTION
Task: {C594AB8F-EDE4-4FF6-A970-C8EB5DFE87D7} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Chinese\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {DAB3B720-0DE0-4F0F-9AE8-8FD6034BB2D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1048203749-4246072601-2371806179-1001UA => C:\Users\Chinese\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-20] (Google Inc.)
Task: {E8785CD0-9DC4-4A76-889D-9DF55ECCA4D9} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\System32\NotificationUI.exe [2014-12-09] (Microsoft Corporation)
Task: {FD183838-C4C5-435A-9EAC-D7801E86F097} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-03] (Google Inc.)
 
==================== Loaded Modules (whitelisted) =============
 
2010-09-19 15:35 - 2010-09-19 15:35 - 00048512 _____ () c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll
2013-09-05 03:17 - 2013-09-05 03:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-12-05 20:30 - 2013-12-05 20:30 - 00040448 _____ () C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AdpeakWFP => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1048203749-4246072601-2371806179-500 - Administrator - Disabled)
Chinese (S-1-5-21-1048203749-4246072601-2371806179-1001 - Administrator - Enabled) => C:\Users\Chinese
English (S-1-5-21-1048203749-4246072601-2371806179-1004 - Administrator - Enabled) => C:\Users\English
Guest (S-1-5-21-1048203749-4246072601-2371806179-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1048203749-4246072601-2371806179-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/24/2015 00:25:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 错误应用程序名称: delegate_execute.exe,版本: 39.0.2171.95,时间戳: 0x54823f01
错误模块名称: delegate_execute.exe,版本: 39.0.2171.95,时间戳: 0x54823f01
异常代码: 0xc0000005
错误偏移量: 0x00038458
错误进程 ID: 0xf7c
错误应用程序启动时间: 0xdelegate_execute.exe0
错误应用程序路径: delegate_execute.exe1
错误模块路径: delegate_execute.exe2
报告 ID: delegate_execute.exe3
错误程序包全名: delegate_execute.exe4
错误程序包相对应用程序 ID: delegate_execute.exe5
 
Error: (01/24/2015 00:25:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 错误应用程序名称: SpfService64.exe,版本: 1.3.0.9090,时间戳: 0x4e684dec
错误模块名称: ntdll.dll,版本: 6.2.9200.17046,时间戳: 0x53b4864c
异常代码: 0xc0000005
错误偏移量: 0x000000000000b503
错误进程 ID: 0x718
错误应用程序启动时间: 0xSpfService64.exe0
错误应用程序路径: SpfService64.exe1
错误模块路径: SpfService64.exe2
报告 ID: SpfService64.exe3
错误程序包全名: SpfService64.exe4
错误程序包相对应用程序 ID: SpfService64.exe5
 
Error: (01/24/2015 00:25:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 错误应用程序名称: svchost.exe,版本: 6.2.9200.16420,时间戳: 0x505a96c3
错误模块名称: sechost.dll,版本: 6.2.9200.16384,时间戳: 0x50108ade
异常代码: 0xc0000005
错误偏移量: 0x0000809f
错误进程 ID: 0x370
错误应用程序启动时间: 0xsvchost.exe0
错误应用程序路径: svchost.exe1
错误模块路径: svchost.exe2
报告 ID: svchost.exe3
错误程序包全名: svchost.exe4
错误程序包相对应用程序 ID: svchost.exe5
 
Error: (01/24/2015 11:05:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 错误应用程序名称: explorer.exe,版本: 6.2.9200.16628,时间戳: 0x51a94434
错误模块名称: ntdll.dll,版本: 6.2.9200.17046,时间戳: 0x53b4864c
异常代码: 0xc0000374
错误偏移量: 0x00000000000e9e99
错误进程 ID: 0x10f0
错误应用程序启动时间: 0xexplorer.exe0
错误应用程序路径: explorer.exe1
错误模块路径: explorer.exe2
报告 ID: explorer.exe3
错误程序包全名: explorer.exe4
错误程序包相对应用程序 ID: explorer.exe5
 
Error: (01/24/2015 09:10:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 错误应用程序名称: SpfService64.exe,版本: 1.3.0.9090,时间戳: 0x4e684dec
错误模块名称: ntdll.dll,版本: 6.2.9200.17046,时间戳: 0x53b4864c
异常代码: 0xc0000005
错误偏移量: 0x000000000000b503
错误进程 ID: 0xfb8
错误应用程序启动时间: 0xSpfService64.exe0
错误应用程序路径: SpfService64.exe1
错误模块路径: SpfService64.exe2
报告 ID: SpfService64.exe3
错误程序包全名: SpfService64.exe4
错误程序包相对应用程序 ID: SpfService64.exe5
 
Error: (01/24/2015 09:05:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 错误应用程序名称: SpfService64.exe,版本: 1.3.0.9090,时间戳: 0x4e684dec
错误模块名称: ntdll.dll,版本: 6.2.9200.17046,时间戳: 0x53b4864c
异常代码: 0xc0000005
错误偏移量: 0x000000000000b559
错误进程 ID: 0x1244
错误应用程序启动时间: 0xSpfService64.exe0
错误应用程序路径: SpfService64.exe1
错误模块路径: SpfService64.exe2
报告 ID: SpfService64.exe3
错误程序包全名: SpfService64.exe4
错误程序包相对应用程序 ID: SpfService64.exe5
 
Error: (01/24/2015 09:04:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 错误应用程序名称: svchost.exe,版本: 6.2.9200.16420,时间戳: 0x505a96c3
错误模块名称: sechost.dll,版本: 6.2.9200.16384,时间戳: 0x50108ade
异常代码: 0xc0000005
错误偏移量: 0x0000809f
错误进程 ID: 0x30c
错误应用程序启动时间: 0xsvchost.exe0
错误应用程序路径: svchost.exe1
错误模块路径: svchost.exe2
报告 ID: svchost.exe3
错误程序包全名: svchost.exe4
错误程序包相对应用程序 ID: svchost.exe5
 
Error: (01/23/2015 10:47:47 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (01/23/2015 10:47:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll4
 
Error: (01/23/2015 07:03:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 错误应用程序名称: SpfService64.exe,版本: 1.3.0.9090,时间戳: 0x4e684dec
错误模块名称: ntdll.dll,版本: 6.2.9200.17046,时间戳: 0x53b4864c
异常代码: 0xc0000005
错误偏移量: 0x000000000000b503
错误进程 ID: 0xfa0
错误应用程序启动时间: 0xSpfService64.exe0
错误应用程序路径: SpfService64.exe1
错误模块路径: SpfService64.exe2
报告 ID: SpfService64.exe3
错误程序包全名: SpfService64.exe4
错误程序包相对应用程序 ID: SpfService64.exe5
 
 
System errors:
=============
Error: (01/24/2015 00:28:05 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: 尝试访问 SSL server 凭据私钥时发生错误。从加密模块返回的错误代码为 0x8009030d。内部错误状态为 10001。
 
Error: (01/24/2015 00:27:34 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: 尝试访问 SSL server 凭据私钥时发生错误。从加密模块返回的错误代码为 0x8009030d。内部错误状态为 10001。
 
Error: (01/24/2015 00:25:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: 服务 VAIO Entertainment Common Service 意外停止。这发生了 1 次。
 
Error: (01/24/2015 00:25:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: 服务 pukn 意外停止。这发生了 1 次。
 
Error: (01/24/2015 00:25:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Sony Digital Media Server 服务因下列错误而停止: 
%%2147772159
 
Error: (01/24/2015 00:25:17 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 实时保护功能遇到错误并失败。
 
功能:  %%835
 
错误代码:  0x80004005
 
错误描述:  Unspecified error 
 
原因:  %%842
 
Error: (01/24/2015 00:24:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: 由于下列错误,SafeFix 服务启动失败: 
%%3
 
Error: (01/24/2015 00:24:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: pukn 服务在启动时挂起。
 
Error: (01/24/2015 00:22:56 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (01/24/2015 00:22:10 PM) (Source: Schannel) (EventID: 4102) (User: NT AUTHORITY)
Description: 尝试访问 SSL server 凭据私钥时发生错误。从加密模块返回的错误代码为 0x8009030d。内部错误状态为 10001。
 
 
Microsoft Office Sessions:
=========================
Error: (01/24/2015 00:25:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: delegate_execute.exe39.0.2171.9554823f01delegate_execute.exe39.0.2171.9554823f01c000000500038458f7c01d037fac934f02aC:\Users\Chinese\AppData\Local\Google\Chrome\Application\39.0.2171.95\delegate_execute.exeC:\Users\Chinese\AppData\Local\Google\Chrome\Application\39.0.2171.95\delegate_execute.exe0b52cb63-a3ee-11e4-815a-b4b52faf5a10
 
Error: (01/24/2015 00:25:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SpfService64.exe1.3.0.90904e684decntdll.dll6.2.9200.1704653b4864cc0000005000000000000b50371801d037fab84352a7C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exeC:\windows\SYSTEM32\ntdll.dllf673016a-a3ed-11e4-815a-b4b52faf5a10
 
Error: (01/24/2015 00:25:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.2.9200.16420505a96c3sechost.dll6.2.9200.1638450108adec00000050000809f37001d037fa70c0b00fC:\windows\SysWOW64\svchost.exeC:\windows\SYSTEM32\sechost.dllf5d806af-a3ed-11e4-815a-b4b52faf5a10
 
Error: (01/24/2015 11:05:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.2.9200.1662851a94434ntdll.dll6.2.9200.1704653b4864cc000037400000000000e9e9910f001d037ef46b60be2C:\windows\explorer.exeC:\windows\SYSTEM32\ntdll.dlld02b1767-a3e2-11e4-8159-b4b52faf5a10
 
Error: (01/24/2015 09:10:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SpfService64.exe1.3.0.90904e684decntdll.dll6.2.9200.1704653b4864cc0000005000000000000b503fb801d037dec0a0364bC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exeC:\windows\SYSTEM32\ntdll.dllc6034b10-a3d2-11e4-8159-b4b52faf5a10
 
Error: (01/24/2015 09:05:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SpfService64.exe1.3.0.90904e684decntdll.dll6.2.9200.1704653b4864cc0000005000000000000b559124401d037debe74aba5C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exeC:\windows\SYSTEM32\ntdll.dllfcebe1d6-a3d1-11e4-8159-b4b52faf5a10
 
Error: (01/24/2015 09:04:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.2.9200.16420505a96c3sechost.dll6.2.9200.1638450108adec00000050000809f30c01d037de90480438C:\windows\SysWOW64\svchost.exeC:\windows\SYSTEM32\sechost.dllf8547fcf-a3d1-11e4-8159-b4b52faf5a10
 
Error: (01/23/2015 10:47:47 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (01/23/2015 10:47:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll4
 
Error: (01/23/2015 07:03:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SpfService64.exe1.3.0.90904e684decntdll.dll6.2.9200.1704653b4864cc0000005000000000000b503fa001d03757718b5fadC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exeC:\windows\SYSTEM32\ntdll.dll7616539d-a35c-11e4-8158-b4b52faf5a10
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2130 CPU @ 3.40GHz
Percentage of memory in use: 56%
Total physical RAM: 3974.04 MB
Available physical RAM: 1715.49 MB
Total Pagefile: 4374.04 MB
Available Pagefile: 1312.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:910.68 GB) (Free:534.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:19.36 GB) (Free:0.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D9348C4F)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:19 PM

Posted 26 January 2015 - 10:39 AM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 clinysy

clinysy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 26 January 2015 - 03:57 PM

Thank you. Please see attached.

 

# AdwCleaner v4.109 - Report created 26/01/2015 at 10:56:56
# Updated 24/01/2015 by Xplode
# Database : 2015-01-25.1 [Live]
# Operating System : Windows 8  (64 bits)
# Username : Chinese - HPI3
# Running from : C:\Users\Chinese\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : AdpeakWFP
Service Deleted : InternetUpdater
[#] Service Deleted : BDMWrench_x64
[#] Service Deleted : BDArKit

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\374311380
[!] Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\InternetUpdater
Folder Deleted : C:\ProgramData\RHelpers
Folder Deleted : C:\ProgramData\Updater
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\ProgramData\SearchDonkey
Folder Deleted : C:\ProgramData\GoldenCoupon
Folder Deleted : C:\ProgramData\greatsaving
Folder Deleted : C:\ProgramData\saver box
Folder Deleted : C:\ProgramData\WowCoupon
Folder Deleted : C:\ProgramData\7a605b755ba1dd82
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度卫士
Folder Deleted : C:\Program Files (x86)\baidu
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\FileAssociationManager
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\FastPlayer
[!] Folder Deleted : C:\Program Files (x86)\BaiduAn3.0
Folder Deleted : C:\Program Files (x86)\greatsaving
Folder Deleted : C:\Program Files (x86)\WowCoupon
[!] Folder Deleted : C:\Program Files (x86)\Common Files\baidu
Folder Deleted : C:\windows\SysWOW64\SearchProtect
Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\baidu
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\ScorpionSaver Services
Folder Deleted : C:\Users\Chinese\AppData\Local\baidu
Folder Deleted : C:\Users\Chinese\AppData\Local\Conduit
Folder Deleted : C:\Users\Chinese\AppData\Local\emaze
Folder Deleted : C:\Users\Chinese\AppData\Local\genienext
Folder Deleted : C:\Users\Chinese\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Chinese\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Chinese\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Chinese\AppData\Local\VisualBeeExe
Folder Deleted : C:\Users\Chinese\AppData\LocalLow\baidu
Folder Deleted : C:\Users\Chinese\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Chinese\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Chinese\AppData\Roaming\baidu
Folder Deleted : C:\Users\Chinese\AppData\Roaming\Device
Folder Deleted : C:\Users\Chinese\AppData\Roaming\FileAssociationManager
Folder Deleted : C:\Users\Chinese\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Chinese\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Chinese\AppData\Roaming\serv
Folder Deleted : C:\Users\Chinese\Documents\Mobogenie
Folder Deleted : C:\Users\Chinese\Documents\Optimizer Pro
Folder Deleted : C:\Users\English\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\English\AppData\LocalLow\PriceGong
File Deleted : C:\END
File Deleted : C:\windows\SysWOW64\AdpeakProxy.ini
File Deleted : C:\windows\SysWOW64\AdpeakProxyOff.ini
File Deleted : C:\windows\System32\AdpeakProxy.ini
File Deleted : C:\windows\System32\AdpeakProxyOff.ini
File Deleted : C:\Users\Chinese\daemonprocess.txt
File Deleted : C:\Users\Chinese\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Chinese\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Chinese\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\Chinese\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : BackgroundContainer Startup Task

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\.bdc
Key Deleted : HKLM\SOFTWARE\Classes\.bgl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AdpeakProxy.exe
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
Key Deleted : HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BDSWShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Deleted : HKLM\SOFTWARE\Classes\BDSWShellExt.BDSWShellExtMenu
Key Deleted : HKLM\SOFTWARE\Classes\BDSWShellExt.BDSWShellExtMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ABDSWShellExt
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\WowCoupon.WowCoupon
Key Deleted : HKLM\SOFTWARE\Classes\WowCoupon.WowCoupon.9
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3279418
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A8B81847-1462-4756-9D4A-F506BC5361CD}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0d099e7e-ea94-4574-8760-3e5bb1dd4bdb}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{72d3befc-b0fb-4b39-9048-802a1af1ca05}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{92130eb3-d2b0-40dc-a6a3-ce6b1b02d8b8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{70891BDB-3BE3-45A9-96B6-184ABA962091}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0d099e7e-ea94-4574-8760-3e5bb1dd4bdb}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72d3befc-b0fb-4b39-9048-802a1af1ca05}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92130eb3-d2b0-40dc-a6a3-ce6b1b02d8b8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0d099e7e-ea94-4574-8760-3e5bb1dd4bdb}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{72d3befc-b0fb-4b39-9048-802a1af1ca05}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92130eb3-d2b0-40dc-a6a3-ce6b1b02d8b8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0d099e7e-ea94-4574-8760-3e5bb1dd4bdb}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{72d3befc-b0fb-4b39-9048-802a1af1ca05}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{92130eb3-d2b0-40dc-a6a3-ce6b1b02d8b8}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0d099e7e-ea94-4574-8760-3e5bb1dd4bdb}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{72d3befc-b0fb-4b39-9048-802a1af1ca05}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{92130eb3-d2b0-40dc-a6a3-ce6b1b02d8b8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{505976C2-62D5-40DF-9295-0F33469B400C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\StormWatch
Key Deleted : HKCU\Software\Baidu
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Scorpion Saver
Key Deleted : HKCU\Software\AppDataLow\Software\ScorpionSaver
Key Deleted : HKCU\Software\AppDataLow\Software\Baidu
Key Deleted : HKCU\Software\AppDataLow\Software\Safer-Surf
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Adpeak, Inc.
Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\visualbee
Key Deleted : HKLM\SOFTWARE\Baidu
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1B8A71D1-31D4-EE6A-C32F-836E0BFFA6D3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA8C94BE-9F47-1B2E-90F8-D8C07119BD96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度卫士
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
Key Deleted : [x64] HKLM\SOFTWARE\Adpeak, Inc.
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\6BA018E6E43F3A949AF3E90563067F81
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17183

-\\ Google Chrome v

[C:\Users\Chinese\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Chinese\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [18932 octets] - [26/01/2015 10:54:04]
AdwCleaner[S0].txt - [17213 octets] - [26/01/2015 10:56:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17274 octets] ##########

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015/1/26 星期一
Scan Time: 上午 11:06:22
Logfile: MalwarebytesLog.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.26.06
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Chinese

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 395707
Time Elapsed: 40 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8 x64
Ran by Chinese on 2015/01/26 周一 at 14:07:24.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}

 

~~~ Files

Successfully deleted: [File] "C:\Users\Chinese\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Chinese\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
Successfully deleted: [File] C:\windows\prefetch\BAIDUANBUGRPT.EXE-9989AFFD.pf
Successfully deleted: [File] C:\windows\prefetch\BAIDUANTRAY.EXE-5F57BB19.pf
Successfully deleted: [File] C:\windows\prefetch\BAIDUANUPDATE.EXE-B9D99C88.pf
Successfully deleted: [File] C:\windows\prefetch\BAIDUHIPSBUGRPT.EXE-9ED0C2E4.pf
Successfully deleted: [File] C:\windows\prefetch\BAIDUHIPSUPDATE.EXE-BF20AF6F.pf

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tencent"
Successfully deleted: [Folder] "C:\Users\Chinese\AppData\Roaming\tencent"
Successfully deleted: [Folder] "C:\Users\Chinese\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Chinese\appdata\local\tencent"
Successfully deleted: [Folder] "C:\Users\Chinese\appdata\locallow\tencent"
Successfully deleted: [Folder] "C:\Program Files (x86)\tencent"
Successfully deleted: [Empty Folder] C:\Users\Chinese\appdata\local\{429A8D7D-CDD4-4F1F-90E3-FF2E3096B55A}
Successfully deleted: [Empty Folder] C:\Users\Chinese\appdata\local\{93C1A063-6F2D-4FD6-973E-17B4D707256C}
Successfully deleted: [Empty Folder] C:\Users\Chinese\appdata\local\{DA35A4E3-260A-4245-8F41-ECFF4231ED9F}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015/01/26 周一 at 14:10:20.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Chinese (administrator) on HPI3 on 26-01-2015 15:32:35
Running from C:\Users\Chinese\Desktop
Loaded Profiles: Chinese (Available profiles: Chinese & English)
Platform: Windows 8 (X64) OS Language: 英语(美国)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(360.cn) C:\Program Files (x86)\360\360safe\deepscan\ZhuDongFangYu.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dropbox, Inc.) C:\Users\Chinese\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1431056 2010-10-19] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [ACPW05EN] => C:\Program Files (x86)\ACDSee Pro\ACDSeeProInTouch2.exe [822384 2011-11-16] (ACD Systems)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2711576 2014-10-03] (Sony Corporation)
HKLM-x32\...\Run: [360Safetray] => C:\Program Files (x86)\360\360safe\safemon\360Tray.exe [379720 2014-12-30] (360.cn)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Run: [ctfmon] => C:\windows\system32\ctfmon.exe [10240 2012-07-25] (Microsoft Corporation)
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Run: [360sd] => C:\Program Files (x86)\360\360sd\360sdrun.exe [833352 2014-11-16] (360.cn)
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\MountPoints2: {dfe50474-966c-11e4-814a-b4b52faf5a10} - "G:\VerizonSWUpgradeAssistantLauncher.exe"
Startup: C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Chinese\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [360FileGuardAntiDel] -> {130DA40A-D640-44D7-9CC6-FAA1CD6B3DEA} => C:\Program Files (x86)\360\360sd\ShellIco.dll (360.cn)
ShellIconOverlayIdentifiers: [360UDiskGuard Icon Overlay] -> {CC00F81D-5262-450A-B1FA-D6BEE3406263} => C:\Program Files (x86)\360\360safe\safemon\360UDiskGuard64.dll (360.cn)
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\FunSeed64V951.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao.360.cn/?360safe
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://hao.360.cn/?360safe
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
URLSearchHook: [S-1-5-21-1048203749-4246072601-2371806179-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {4F278F78-EBA9-4035-8A4F-D59977696F15} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {4F278F78-EBA9-4035-8A4F-D59977696F15} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001 -> DefaultScope {4F278F78-EBA9-4035-8A4F-D59977696F15} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001 -> {4F278F78-EBA9-4035-8A4F-D59977696F15} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360safe\safemon\safemon64.dll (360.cn)
BHO-x32: 360sdbho Class -> {0F4BF955-A127-41B7-A998-369904AA2578} -> C:\Program Files (x86)\360\360sd\360sdbho.dll (360.cn)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360safe\safemon\safemon.dll (360.cn)
BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\Chinese\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll No File
DPF: HKLM-x32 {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} https://site.cmbchina.com/download/CMBEdit.cab
DPF: HKLM-x32 {97367E05-1E9D-4DA3-B028-D03A5B2723FF} http://dl.desktop.weibo.com/WeiboBarX/WeiboBarX.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Tcpip\Parameters: [DhcpNameServer] 10.240.205.161

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
FF Plugin-x32: @360.cn/npaxlogin -> C:\Program Files (x86)\360\360safe\Utils\npaxlogin.dll (360.cn)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\Chinese\funshion\funshiontools\npFunshion.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @qq.com/npOpenPlatform -> C:\Program Files (x86)\Common Files\Tencent\OpenPlatform\3.0.0.3202\npQPMWebGamePlugin.dll (腾讯公司)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll (Tencent)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll No File
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QZoneMusic\2014.12.29.12.0.45\npQzoneMusic.dll No File
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\Final Codecs\MozillaPlugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.3.46 -> C:\Program Files (x86)\Final Codecs\MozillaPlugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\Final Codecs\MozillaPlugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-1048203749-4246072601-2371806179-1001: @360.cn/360MMPlugin -> C:\Program Files (x86)\360\360safe\mobilemgr\np360MMPlugIn.dll (360.cn)
FF Plugin HKU\S-1-5-21-1048203749-4246072601-2371806179-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Chinese\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-1048203749-4246072601-2371806179-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Chinese\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1048203749-4246072601-2371806179-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Chinese\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1048203749-4246072601-2371806179-1001: KuaiWanInsert -> C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File
FF HKLM-x32\...\Firefox\Extensions: [speedtest137@SpeedAnalysis] - C:\Users\Chinese\AppData\Roaming\Mozilla\Extensions\speedtest137@SpeedAnalysis
FF Extension: Speed Test 137 - C:\Users\Chinese\AppData\Roaming\Mozilla\Extensions\speedtest137@SpeedAnalysis [2013-12-17]
FF HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Firefox\Extensions: [dict@www.youdao.com] - C:\Users\Chinese\AppData\Local\Youdao\Dict\Application\stable\extensions\firefox
FF HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Firefox\Extensions: [speedtest137@SpeedAnalysis] - C:\Users\Chinese\AppData\Roaming\Mozilla\Extensions\speedtest137@SpeedAnalysis

Chrome:
=======
CHR StartupUrls: Default -> "https://us-mg5.mail.yahoo.com/neo/b/message?sMid=3&fid=Inbox&sort=date&order=down&startMid=0&filterBy=&.rand=1427089085&midIndex=3&mid=2_0_0_1_1_AId2imIAABHhVLZtsglqKE8%2BBg8&fromId=&blockimages=none&nsc=1&enc=auto", "hxxp://search.pch.com/", "hxxp://search.pch.com/"
CHR Profile: C:\Users\Chinese\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google 电子钱包) - C:\Users\Chinese\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-16]
StartMenuInternet: 360chrome - C:\Users\Chinese\AppData\Local\360Chrome\Chrome\Application\360chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 360rp; C:\Program Files (x86)\360\360sd\360rps.exe [321096 2014-11-17] (360.cn)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-09-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [263576 2010-09-14] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation)
S3 QQMusicService; D:\Program Files\Tencent\QQMusic\1144.2015.1.6.15.15.59\QQMusicService.dll [30776 2015-01-05] (Tencent)
S3 SogouUpdate; C:\Program Files (x86)\SogouInput\7.4.1.4857\SogouUpdate.exe [271976 2015-01-08] (Sogou.com Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZhuDongFangYu; C:\Program Files (x86)\360\360safe\deepscan\ZhuDongFangYu.exe [237384 2014-11-27] (360.cn)
S2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [X]
S3 BDMRTP; "C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\BaiduAnSvc.exe" -r [X]
S3 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S3 c2cpnrsvc; "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]
S2 pukn; C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\stvqgnr.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [128584 2014-12-05] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77896 2014-04-22] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [317512 2014-11-25] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2014-04-18] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [344648 2014-12-23] (360.cn)
S4 360Hvm; C:\Windows\System32\Drivers\360Hvm64.sys [181320 2014-12-25] (360安全中心)
R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [72776 2014-12-24] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180808 2014-11-06] (360.cn)
U5 BAPIDRV64; C:\Windows\System32\Drivers\BAPIDRV64.sys [180808 2014-11-06] (360.cn)
R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [181072 2014-12-17] (Baidu)
R1 bd0002; C:\Windows\System32\DRIVERS\bd0002.sys [196936 2014-12-24] (Baidu)
R1 bd0002; C:\Windows\SysWOW64\DRIVERS\bd0002.sys [196936 2014-12-24] (Baidu)
R2 BDArKit; C:\Windows\System32\DRIVERS\BDArKit.sys [152392 2014-12-27] (Baidu Technology)
R2 BDDefense; C:\windows\system32\drivers\BDDefense.sys [103752 2015-01-23] (Baidu)
R2 BDMNetMon; C:\Windows\System32\DRIVERS\BDMNetMon.sys [241992 2014-12-17] (Baidu)
R1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [130888 2015-01-16] (Baidu)
R1 BDMWrench_x64; C:\Windows\SysWOW64\DRIVERS\BDMWrench_x64.sys [130888 2015-01-16] (Baidu)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 DsArk; C:\Windows\System32\drivers\DsArk64.sys [132168 2014-12-02] (360.cn)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-09-19] (Microsoft Corporation)
R3 NisDrv; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [72064 2010-09-19] (Microsoft Corporation)
S1 BDEnhanceBoost; system32\drivers\BDEnhanceBoost.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 15:30 - 2015-01-26 15:30 - 00002233 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 15:30 - 2015-01-26 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-26 15:29 - 2015-01-26 15:29 - 00000910 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-26 15:29 - 2015-01-26 15:29 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-26 15:29 - 2015-01-26 15:29 - 00000000 ____D () C:\Users\Chinese\AppData\Local\Deployment
2015-01-26 15:29 - 2015-01-26 15:29 - 00000000 ____D () C:\Users\Chinese\AppData\Local\Apps\2.0
2015-01-26 14:10 - 2015-01-26 14:10 - 00002364 _____ () C:\Users\Chinese\Desktop\JRT.txt
2015-01-26 14:07 - 2015-01-26 14:07 - 00000000 ____D () C:\windows\ERUNT
2015-01-26 11:04 - 2015-01-26 15:18 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-26 11:04 - 2015-01-26 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-26 11:04 - 2015-01-26 11:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-26 11:04 - 2015-01-26 11:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-26 11:04 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-26 11:04 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-26 11:04 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-26 10:53 - 2015-01-26 10:58 - 00000000 ____D () C:\AdwCleaner
2015-01-26 10:50 - 2015-01-26 10:51 - 01707939 _____ (Thisisu) C:\Users\Chinese\Desktop\JRT.exe
2015-01-26 10:50 - 2015-01-26 10:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Chinese\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-26 10:47 - 2015-01-26 10:48 - 02194432 _____ () C:\Users\Chinese\Desktop\AdwCleaner.exe
2015-01-25 17:30 - 2015-01-25 17:30 - 00033574 _____ () C:\Users\Chinese\Downloads\Addition.txt
2015-01-24 12:31 - 2015-01-24 12:32 - 00033574 _____ () C:\Users\Chinese\Desktop\Addition.txt
2015-01-24 12:27 - 2015-01-26 15:32 - 00021228 _____ () C:\Users\Chinese\Desktop\FRST.txt
2015-01-24 12:27 - 2015-01-24 12:32 - 00042567 _____ () C:\Users\Chinese\Desktop\FRST-1.txt
2015-01-24 12:25 - 2015-01-26 15:32 - 00000000 ____D () C:\FRST
2015-01-24 11:07 - 2015-01-24 11:07 - 02129920 _____ (Farbar) C:\Users\Chinese\Desktop\FRST64.exe
2015-01-18 16:54 - 2015-01-18 16:54 - 00000954 _____ () C:\Users\Chinese\Desktop\Dropbox.lnk
2015-01-16 15:58 - 2015-01-16 15:59 - 00478744 _____ () C:\windows\system32\FNTCACHE.DAT
2015-01-16 15:16 - 2015-01-16 15:22 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\360SuperKiller
2015-01-16 10:01 - 2014-04-16 13:20 - 00029888 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2015-01-16 10:00 - 2014-04-16 13:20 - 00028352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2015-01-16 08:52 - 2015-01-16 08:52 - 00130888 _____ (Baidu) C:\windows\SysWOW64\Drivers\BDMWrench_x64.sys
2015-01-14 12:21 - 2015-01-14 12:21 - 01949864 _____ (Coupons.com Incorporated) C:\Users\Chinese\Downloads\CouponPrinter.exe
2015-01-14 09:51 - 2014-11-05 01:40 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2015-01-14 09:51 - 2014-11-05 01:39 - 01024512 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-01-14 09:51 - 2014-11-01 01:28 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-01-14 09:51 - 2014-10-29 09:21 - 00499008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys
2015-01-14 09:51 - 2014-10-27 17:10 - 00390841 _____ () C:\windows\system32\ApnDatabase.xml
2015-01-13 21:26 - 2014-11-26 21:40 - 00600576 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-01-13 21:26 - 2014-11-26 20:28 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-01-13 21:25 - 2014-12-11 02:35 - 06973248 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-13 21:24 - 2014-12-19 01:48 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-13 21:24 - 2014-12-11 01:51 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-13 21:24 - 2014-12-06 02:52 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-13 21:24 - 2014-12-06 02:52 - 00357376 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-13 21:24 - 2014-12-06 02:52 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-13 21:24 - 2014-12-06 01:09 - 00055296 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-13 21:23 - 2014-12-18 23:35 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 21:22 - 2014-12-06 02:53 - 00458240 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-13 21:22 - 2014-12-06 02:53 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-13 21:22 - 2014-12-06 02:51 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-13 21:22 - 2014-12-06 01:10 - 00355840 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-13 21:22 - 2014-12-06 01:10 - 00023552 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-13 21:21 - 2014-12-06 02:51 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-13 21:21 - 2014-12-06 02:50 - 00783872 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-13 21:21 - 2014-12-06 01:09 - 00332800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-10 11:10 - 2015-01-10 19:40 - 00000000 ____D () C:\ProgramData\SogouPY
2015-01-10 10:56 - 2015-01-10 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法
2015-01-10 10:56 - 2015-01-10 10:56 - 00000000 _____ () C:\windows\SysWOW64\nso2A3.tmp
2015-01-10 10:56 - 2015-01-10 10:56 - 00000000 _____ () C:\windows\SysWOW64\nscF11D.tmp
2015-01-10 10:56 - 2015-01-10 10:56 - 00000000 _____ () C:\windows\system32\nswFAF2.tmp
2015-01-10 10:56 - 2015-01-10 10:56 - 00000000 _____ () C:\windows\system32\nsu2C4.tmp
2015-01-08 22:22 - 2015-01-08 22:22 - 07987304 _____ (Sogou.com Inc.) C:\windows\system32\SogouPY.ime
2015-01-08 22:22 - 2015-01-08 22:22 - 04675176 _____ (Sogou.com Inc.) C:\windows\SysWOW64\SogouPY.ime
2015-01-08 22:22 - 2015-01-08 22:22 - 00533608 _____ (Sogou.com Inc.) C:\windows\system32\SogouTSF.ime
2015-01-08 22:22 - 2015-01-08 22:22 - 00435304 _____ (Sogou.com Inc.) C:\windows\SysWOW64\SogouTSF.ime
2015-01-08 17:14 - 2015-01-10 11:19 - 00000000 ____D () C:\Users\Chinese\Desktop\新建文件夹 (2)
2015-01-07 17:14 - 2015-01-07 19:12 - 00001764 _____ () C:\windows\setupact.log
2015-01-07 17:14 - 2015-01-07 17:14 - 00000000 _____ () C:\windows\setuperr.log
2015-01-06 15:28 - 2015-01-25 16:55 - 00000000 ____D () C:\TTkvod2
2015-01-06 15:28 - 2015-01-10 14:09 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\JJVOD
2015-01-06 15:28 - 2015-01-06 15:28 - 00000451 _____ () C:\Users\Chinese\Desktop\天天看 高清影视.lnk
2015-01-06 15:28 - 2015-01-06 15:28 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\天天看 高清影视
2015-01-06 15:28 - 2015-01-06 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\天天看 高清影视
2015-01-06 15:15 - 2015-01-06 15:15 - 00001037 _____ () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Setup_ttkvod_6.0.1.6.lnk
2015-01-06 15:06 - 2015-01-06 15:06 - 09586128 _____ (天天看) C:\Users\Chinese\Downloads\Setup_ttkvod_6.0.1.6 (1).exe
2015-01-06 15:03 - 2015-01-06 15:04 - 09586128 _____ (天天看) C:\Users\Chinese\Downloads\Setup_ttkvod_6.0.1.6.exe
2015-01-06 12:09 - 2015-01-13 16:51 - 00009149 _____ () C:\Users\Chinese\Desktop\电话薄.xlsx
2015-01-05 18:21 - 2015-01-05 18:21 - 00002350 _____ () C:\Users\Chinese\Desktop\Google Chrome.lnk
2015-01-05 18:21 - 2015-01-05 18:21 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-05 18:20 - 2015-01-06 15:16 - 00001017 _____ () C:\Users\Public\Desktop\QQ音乐.lnk
2014-12-31 10:15 - 2014-12-31 10:15 - 05642036 _____ () C:\Users\Chinese\Downloads\attachments_2014_12_31 (3).zip
2014-12-31 10:14 - 2014-12-31 10:14 - 02365939 _____ () C:\Users\Chinese\Downloads\attachments_2014_12_31 (2).zip
2014-12-31 10:13 - 2015-01-02 17:39 - 00000000 ____D () C:\Users\Chinese\Downloads\attachments_2014_12_31 (1)
2014-12-31 10:13 - 2014-12-31 10:13 - 02374731 _____ () C:\Users\Chinese\Downloads\attachments_2014_12_31 (1).zip
2014-12-31 10:09 - 2014-12-31 10:10 - 05362778 _____ () C:\Users\Chinese\Downloads\attachments_2014_12_31.zip
2014-12-30 23:50 - 2014-12-30 23:50 - 00000000 ____D () C:\Users\Default\AppData\Roaming\360safe
2014-12-30 23:50 - 2014-12-30 23:50 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\360safe
2014-12-29 18:08 - 2015-01-08 17:34 - 00002224 _____ () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\360极速浏览器.lnk
2014-12-29 18:08 - 2015-01-08 17:34 - 00002222 _____ () C:\Users\Chinese\Desktop\360极速浏览器.lnk
2014-12-29 18:08 - 2014-12-29 18:08 - 00000000 ____D () C:\Users\Chinese\AppData\Local\360Chrome

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-26 15:30 - 2013-11-24 15:37 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-26 15:29 - 2013-12-03 12:49 - 00003882 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-26 15:29 - 2013-12-03 12:49 - 00003646 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-26 15:18 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru
2015-01-26 14:14 - 2013-11-24 15:04 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1048203749-4246072601-2371806179-1001
2015-01-26 13:15 - 2014-12-15 21:28 - 00000000 ___RD () C:\Users\Chinese\Dropbox
2015-01-26 13:15 - 2014-12-15 21:25 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Dropbox
2015-01-26 13:14 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-26 13:13 - 2012-08-01 21:02 - 01427084 _____ () C:\windows\PFRO.log
2015-01-26 13:13 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\schemas
2015-01-26 12:25 - 2014-11-18 22:06 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\FunTV
2015-01-26 12:25 - 2014-07-04 09:31 - 00000000 ___HD () C:\Users\Public\FunAcce
2015-01-26 12:25 - 2014-04-24 19:47 - 00000000 ____D () C:\Users\Chinese\AppData\Local\TB
2015-01-26 12:25 - 2014-04-21 20:11 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\CloudMedia
2015-01-26 12:25 - 2013-12-17 01:50 - 00000000 ____D () C:\temp
2015-01-26 12:25 - 2013-11-24 15:26 - 00000000 ___HD () C:\Program Files\English
2015-01-26 12:25 - 2013-11-24 15:11 - 00000000 ____D () C:\Users\English
2015-01-26 12:25 - 2013-11-24 14:57 - 00000000 ____D () C:\Users\Chinese
2015-01-26 11:32 - 2014-12-17 16:09 - 00002175 _____ () C:\Users\Chinese\Desktop\360软件管家.lnk
2015-01-26 11:01 - 2013-11-24 15:55 - 07101440 ___SH () C:\Users\Chinese\Desktop\Thumbs.db
2015-01-26 11:00 - 2012-07-26 00:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2015-01-26 10:49 - 2014-03-12 18:32 - 00365056 ___SH () C:\Users\Chinese\Downloads\Thumbs.db
2015-01-25 20:43 - 2013-11-24 14:57 - 02031069 _____ () C:\windows\WindowsUpdate.log
2015-01-25 19:59 - 2014-11-08 16:52 - 00000000 ____D () C:\TTKVOD_CACHE
2015-01-25 08:42 - 2013-11-24 15:09 - 00434570 _____ () C:\windows\system32\prfh0804.dat
2015-01-25 08:42 - 2013-11-24 15:09 - 00137914 _____ () C:\windows\system32\prfc0804.dat
2015-01-25 08:42 - 2012-07-26 02:28 - 01453322 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-23 23:00 - 2014-12-18 09:47 - 00103752 _____ (Baidu) C:\windows\system32\Drivers\BDDefense.sys
2015-01-23 11:44 - 2014-12-17 16:53 - 00000000 __SHD () C:\Users\Chinese\AppData\Roaming\360Quarant
2015-01-23 11:44 - 2014-12-17 16:53 - 00000000 __SHD () C:\$360Section
2015-01-23 11:44 - 2012-09-11 09:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-23 11:01 - 2014-11-04 20:57 - 00000000 ____D () C:\Users\Chinese\AppData\Local\Citrix
2015-01-22 18:25 - 2013-11-24 18:01 - 00000000 ____D () C:\Users\Chinese\Documents\Tencent Files
2015-01-22 17:13 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp
2015-01-19 16:30 - 2014-10-17 08:14 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-19 16:30 - 2014-10-17 08:14 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-18 18:30 - 2014-05-10 12:44 - 00000000 ____D () C:\Users\Chinese\Desktop\新建文件夹
2015-01-17 18:51 - 2014-12-17 16:08 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\360Safe
2015-01-16 15:30 - 2014-12-17 16:11 - 00000000 ____D () C:\windows\Tasks\360Disabled
2015-01-16 08:52 - 2014-12-18 09:46 - 00130888 _____ (Baidu) C:\windows\system32\Drivers\BDMWrench_x64.sys
2015-01-12 21:36 - 2013-11-24 15:39 - 00000000 ____D () C:\Program Files (x86)\SogouInput
2015-01-11 23:59 - 2014-09-04 17:31 - 00003472 _____ () C:\windows\System32\Tasks\SogouImeMgr
2015-01-10 11:04 - 2013-12-17 01:50 - 00000000 ____D () C:\Users\Chinese\Documents\PDF files
2015-01-07 19:20 - 2014-12-10 23:32 - 00000000 ____D () C:\Users\Chinese\AppData\Local\Windows Live
2015-01-07 17:17 - 2014-12-17 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全中心
2015-01-07 17:16 - 2014-12-17 16:29 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\360mobilemgr
2015-01-06 21:59 - 2014-12-23 09:17 - 00121344 _____ () C:\Users\Chinese\Desktop\Driving for dollars list.xls
2015-01-06 15:28 - 2014-11-08 16:49 - 00000451 _____ () C:\Users\English\Desktop\天天看 高清影视.lnk
2015-01-06 15:16 - 2014-10-15 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-01-05 18:24 - 2014-10-15 10:48 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯游戏
2015-01-05 18:24 - 2014-10-15 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯游戏
2015-01-05 18:21 - 2014-10-15 10:47 - 00000000 ____D () C:\Program Files\Tencent
2015-01-05 18:21 - 2013-11-24 15:36 - 00000000 ____D () C:\Users\Chinese\AppData\Local\Google
2015-01-05 18:16 - 2014-12-17 21:34 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\爱看视频
2014-12-31 13:12 - 2013-12-05 00:29 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-31 06:14 - 2013-11-24 16:04 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-12-29 18:08 - 2014-12-17 18:38 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360安全中心
2014-12-27 10:01 - 2014-12-17 21:37 - 00152392 _____ (Baidu Technology) C:\windows\system32\Drivers\BDArKit.sys

==================== Files in the root of some directories =======

2013-11-24 15:31 - 2014-11-03 19:09 - 0000917 _____ () C:\Users\Chinese\AppData\Roaming\coreavc.ini
2013-11-24 15:00 - 2013-11-24 15:00 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Files to move or delete:
====================
C:\Users\Chinese\ePowerButton.exe

Some content of TEMP:
====================
C:\Users\Chinese\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnfctxn.dll
C:\Users\Chinese\AppData\Local\Temp\Quarantine.exe
C:\Users\Chinese\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-18 17:19

==================== End Of Log ============================



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:19 PM

Posted 26 January 2015 - 04:29 PM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\MountPoints2: {dfe50474-966c-11e4-814a-b4b52faf5a10} - "G:\VerizonSWUpgradeAssistantLauncher.exe"
    ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\FunSeed64V951.dll No File
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
    FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
    FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\Chinese\funshion\funshiontools\npFunshion.dll No File
    FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll No File
    FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QZoneMusic\2014.12.29.12.0.45\npQzoneMusic.dll No File
    C:\Users\Chinese\ePowerButton.exe
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 clinysy

clinysy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 26 January 2015 - 08:31 PM

Hi, Computer seems to be running, but a rogue window did pop-up during last reply and an ad popped up when going to the ESET website. Haven't used computer much since ESET scan. Anything left to do? Results below.
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Chinese at 2015-01-26 17:10:29 Run:1
Running from C:\Users\Chinese\Desktop
Loaded Profiles: Chinese (Available profiles: Chinese & English)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
KU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\MountPoints2: {dfe50474-966c-11e4-814a-b4b52faf5a10} - "G:\VerizonSWUpgradeAssistantLauncher.exe"
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\FunSeed64V951.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\Chinese\funshion\funshiontools\npFunshion.dll No File
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll No File
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QZoneMusic\2014.12.29.12.0.45\npQzoneMusic.dll No File
C:\Users\Chinese\ePowerButton.exe
EmptyTemp:
*****************
 
KU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\MountPoints2: {dfe50474-966c-11e4-814a-b4b52faf5a10} - "G:\VerizonSWUpgradeAssistantLauncher.exe" => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\FunOverlay" => Key deleted successfully.
"HKCR\CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}" => Key deleted successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCR\PROTOCOLS\Handler\skypec2c" => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found. 
"HKLM\Software\MozillaPlugins\@qvod.com/QvodShare" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@funshion.com/npFunshion" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQPhotoDrawEx" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QzoneMusic" => Key deleted successfully.
C:\Users\Chinese\ePowerButton.exe => Moved successfully.
EmptyTemp: => Removed 41.3 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 17:12:30 ====
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Chinese (administrator) on HPI3 on 26-01-2015 17:52:17
Running from C:\Users\Chinese\Desktop
Loaded Profiles: Chinese (Available profiles: Chinese & English)
Platform: Windows 8 (X64) OS Language: 英语(美国)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(360.cn) C:\Program Files (x86)\360\360sd\360rps.exe
(360.cn) C:\Program Files (x86)\360\360safe\deepscan\ZhuDongFangYu.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(360.cn) C:\Program Files (x86)\360\360sd\360sd.exe
(Dropbox, Inc.) C:\Users\Chinese\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(360.cn) C:\Program Files (x86)\360\360safe\safemon\360tray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(360.cn) C:\Program Files (x86)\360\360safe\SoftMgr\SML\SoftMgrLite.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(360.cn) C:\Program Files (x86)\360\360sd\360rp.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-10] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1431056 2010-10-19] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [ACPW05EN] => C:\Program Files (x86)\ACDSee Pro\ACDSeeProInTouch2.exe [822384 2011-11-16] (ACD Systems)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2711576 2014-10-03] (Sony Corporation)
HKLM-x32\...\Run: [360Safetray] => C:\Program Files (x86)\360\360safe\safemon\360tray.exe [379720 2014-12-30] (360.cn)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Run: [ctfmon] => C:\windows\system32\ctfmon.exe [10240 2012-07-25] (Microsoft Corporation)
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Run: [360sd] => C:\Program Files (x86)\360\360sd\360sdrun.exe [833352 2014-11-16] (360.cn)
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\MountPoints2: {dfe50474-966c-11e4-814a-b4b52faf5a10} - "G:\VerizonSWUpgradeAssistantLauncher.exe" 
Startup: C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Chinese\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [360FileGuardAntiDel] -> {130DA40A-D640-44D7-9CC6-FAA1CD6B3DEA} => C:\Program Files (x86)\360\360sd\ShellIco.dll (360.cn)
ShellIconOverlayIdentifiers: [360UDiskGuard Icon Overlay] -> {CC00F81D-5262-450A-B1FA-D6BEE3406263} => C:\Program Files (x86)\360\360safe\safemon\360UDiskGuard64.dll (360.cn)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao.360.cn/?360safe
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://hao.360.cn/?360safe
HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao.360.cn/?360safe
URLSearchHook: [S-1-5-21-1048203749-4246072601-2371806179-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001 -> DefaultScope {4F278F78-EBA9-4035-8A4F-D59977696F15} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001 -> {4F278F78-EBA9-4035-8A4F-D59977696F15} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1048203749-4246072601-2371806179-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360safe\safemon\safemon64.dll (360.cn)
BHO-x32: 360sdbho Class -> {0F4BF955-A127-41B7-A998-369904AA2578} -> C:\Program Files (x86)\360\360sd\360sdbho.dll (360.cn)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360safe\safemon\safemon.dll (360.cn)
BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\Chinese\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll No File
DPF: HKLM-x32 {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} https://site.cmbchina.com/download/CMBEdit.cab
DPF: HKLM-x32 {97367E05-1E9D-4DA3-B028-D03A5B2723FF} http://dl.desktop.weibo.com/WeiboBarX/WeiboBarX.cab
Tcpip\Parameters: [DhcpNameServer] 10.240.205.161
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @360.cn/npaxlogin -> C:\Program Files (x86)\360\360safe\Utils\npaxlogin.dll (360.cn)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @qq.com/npOpenPlatform -> C:\Program Files (x86)\Common Files\Tencent\OpenPlatform\3.0.0.3202\npQPMWebGamePlugin.dll (腾讯公司)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll (Tencent)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.46 -> C:\Program Files (x86)\Final Codecs\MozillaPlugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=1.0.3.46 -> C:\Program Files (x86)\Final Codecs\MozillaPlugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.46 -> C:\Program Files (x86)\Final Codecs\MozillaPlugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-1048203749-4246072601-2371806179-1001: @360.cn/360MMPlugin -> C:\Program Files (x86)\360\360safe\mobilemgr\np360MMPlugIn.dll (360.cn)
FF Plugin HKU\S-1-5-21-1048203749-4246072601-2371806179-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Chinese\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-1048203749-4246072601-2371806179-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Chinese\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1048203749-4246072601-2371806179-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Chinese\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1048203749-4246072601-2371806179-1001: KuaiWanInsert -> C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File
FF HKLM-x32\...\Firefox\Extensions: [speedtest137@SpeedAnalysis] - C:\Users\Chinese\AppData\Roaming\Mozilla\Extensions\speedtest137@SpeedAnalysis
FF Extension: Speed Test 137 - C:\Users\Chinese\AppData\Roaming\Mozilla\Extensions\speedtest137@SpeedAnalysis [2013-12-17]
FF HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Firefox\Extensions: [dict@www.youdao.com] - C:\Users\Chinese\AppData\Local\Youdao\Dict\Application\stable\extensions\firefox
FF HKU\S-1-5-21-1048203749-4246072601-2371806179-1001\...\Firefox\Extensions: [speedtest137@SpeedAnalysis] - C:\Users\Chinese\AppData\Roaming\Mozilla\Extensions\speedtest137@SpeedAnalysis
 
Chrome: 
=======
CHR Profile: C:\Users\Chinese\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google 电子钱包) - C:\Users\Chinese\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-16]
StartMenuInternet: 360chrome - C:\Users\Chinese\AppData\Local\360Chrome\Chrome\Application\360chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 360rp; C:\Program Files (x86)\360\360sd\360rps.exe [321096 2014-11-17] (360.cn)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-09-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [263576 2010-09-14] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [485400 2014-10-03] (Sony Corporation)
S3 QQMusicService; D:\Program Files\Tencent\QQMusic\1144.2015.1.6.15.15.59\QQMusicService.dll [30776 2015-01-05] (Tencent)
S3 SogouUpdate; C:\Program Files (x86)\SogouInput\7.4.1.4857\SogouUpdate.exe [271976 2015-01-08] (Sogou.com Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-08-10] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZhuDongFangYu; C:\Program Files (x86)\360\360safe\deepscan\ZhuDongFangYu.exe [237384 2014-11-27] (360.cn)
S2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [X]
S3 BDMRTP; "C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\BaiduAnSvc.exe" -r [X]
S3 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S3 c2cpnrsvc; "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]
S2 pukn; C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\stvqgnr.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [128584 2014-12-05] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77896 2014-04-22] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [317512 2014-11-25] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2014-04-18] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [344648 2014-12-23] (360.cn)
S4 360Hvm; C:\Windows\System32\Drivers\360Hvm64.sys [181320 2014-12-25] (360安全中心)
R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [72776 2014-12-24] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180808 2014-11-06] (360.cn)
U5 BAPIDRV64; C:\Windows\System32\Drivers\BAPIDRV64.sys [180808 2014-11-06] (360.cn)
R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [181072 2014-12-17] (Baidu)
R1 bd0002; C:\Windows\System32\DRIVERS\bd0002.sys [196936 2014-12-24] (Baidu)
R1 bd0002; C:\Windows\SysWOW64\DRIVERS\bd0002.sys [196936 2014-12-24] (Baidu)
R2 BDArKit; C:\Windows\System32\DRIVERS\BDArKit.sys [152392 2014-12-27] (Baidu Technology)
R2 BDDefense; C:\windows\system32\drivers\BDDefense.sys [103752 2015-01-23] (Baidu)
R2 BDMNetMon; C:\Windows\System32\DRIVERS\BDMNetMon.sys [241992 2014-12-17] (Baidu)
R1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [130888 2015-01-16] (Baidu)
R1 BDMWrench_x64; C:\Windows\SysWOW64\DRIVERS\BDMWrench_x64.sys [130888 2015-01-16] (Baidu)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 DsArk; C:\Windows\System32\drivers\DsArk64.sys [132168 2014-12-02] (360.cn)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-09-19] (Microsoft Corporation)
R3 NisDrv; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [72064 2010-09-19] (Microsoft Corporation)
S1 BDEnhanceBoost; system32\drivers\BDEnhanceBoost.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 17:52 - 2015-01-26 17:52 - 00020299 _____ () C:\Users\Chinese\Desktop\FRST.txt
2015-01-26 15:51 - 2015-01-26 15:51 - 00000267 _____ () C:\Users\Chinese\Desktop\Rich text editor, editor_54c6a85ba829d, press ALT 0 for help., undefined (2).url
2015-01-26 15:50 - 2015-01-26 15:50 - 00000267 _____ () C:\Users\Chinese\Desktop\Rich text editor, editor_54c6a85ba829d, press ALT 0 for help., undefined.url
2015-01-26 15:30 - 2015-01-26 15:30 - 00002233 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 15:30 - 2015-01-26 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-26 15:29 - 2015-01-26 15:29 - 00000000 ____D () C:\Users\Chinese\AppData\Local\Deployment
2015-01-26 15:29 - 2015-01-26 15:29 - 00000000 ____D () C:\Users\Chinese\AppData\Local\Apps\2.0
2015-01-26 14:10 - 2015-01-26 14:10 - 00002364 _____ () C:\Users\Chinese\Desktop\JRT.txt
2015-01-26 14:07 - 2015-01-26 14:07 - 00000000 ____D () C:\windows\ERUNT
2015-01-26 11:04 - 2015-01-26 17:49 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-26 11:04 - 2015-01-26 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-26 11:04 - 2015-01-26 11:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-26 11:04 - 2015-01-26 11:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-26 11:04 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-01-26 11:04 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-01-26 11:04 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-01-26 10:53 - 2015-01-26 10:58 - 00000000 ____D () C:\AdwCleaner
2015-01-26 10:50 - 2015-01-26 10:51 - 01707939 _____ (Thisisu) C:\Users\Chinese\Desktop\JRT.exe
2015-01-26 10:50 - 2015-01-26 10:50 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Chinese\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-26 10:47 - 2015-01-26 10:48 - 02194432 _____ () C:\Users\Chinese\Desktop\AdwCleaner.exe
2015-01-25 17:30 - 2015-01-25 17:30 - 00033574 _____ () C:\Users\Chinese\Downloads\Addition.txt
2015-01-24 12:31 - 2015-01-24 12:32 - 00033574 _____ () C:\Users\Chinese\Desktop\Addition.txt
2015-01-24 12:27 - 2015-01-26 15:34 - 00038515 _____ () C:\Users\Chinese\Desktop\FRST-2.txt
2015-01-24 12:27 - 2015-01-24 12:32 - 00042567 _____ () C:\Users\Chinese\Desktop\FRST-1.txt
2015-01-24 12:25 - 2015-01-26 17:52 - 00000000 ____D () C:\FRST
2015-01-24 11:07 - 2015-01-24 11:07 - 02129920 _____ (Farbar) C:\Users\Chinese\Desktop\FRST64.exe
2015-01-18 16:54 - 2015-01-18 16:54 - 00000954 _____ () C:\Users\Chinese\Desktop\Dropbox.lnk
2015-01-16 15:58 - 2015-01-16 15:59 - 00478744 _____ () C:\windows\system32\FNTCACHE.DAT
2015-01-16 15:16 - 2015-01-16 15:22 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\360SuperKiller
2015-01-16 10:01 - 2014-04-16 13:20 - 00029888 _____ (Microsoft Corporation) C:\windows\system32\aspnet_counters.dll
2015-01-16 10:00 - 2014-04-16 13:20 - 00028352 _____ (Microsoft Corporation) C:\windows\SysWOW64\aspnet_counters.dll
2015-01-16 08:52 - 2015-01-16 08:52 - 00130888 _____ (Baidu) C:\windows\SysWOW64\Drivers\BDMWrench_x64.sys
2015-01-14 12:21 - 2015-01-14 12:21 - 01949864 _____ (Coupons.com Incorporated) C:\Users\Chinese\Downloads\CouponPrinter.exe
2015-01-14 09:51 - 2014-11-05 01:40 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2015-01-14 09:51 - 2014-11-05 01:39 - 01024512 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2015-01-14 09:51 - 2014-11-01 01:28 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-01-14 09:51 - 2014-10-29 09:21 - 00499008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys
2015-01-14 09:51 - 2014-10-27 17:10 - 00390841 _____ () C:\windows\system32\ApnDatabase.xml
2015-01-13 21:26 - 2014-11-26 21:40 - 00600576 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-01-13 21:26 - 2014-11-26 20:28 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-01-13 21:25 - 2014-12-11 02:35 - 06973248 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-13 21:24 - 2014-12-19 01:48 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-13 21:24 - 2014-12-11 01:51 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-13 21:24 - 2014-12-06 02:52 - 00384000 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-13 21:24 - 2014-12-06 02:52 - 00357376 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-13 21:24 - 2014-12-06 02:52 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-13 21:24 - 2014-12-06 01:09 - 00055296 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-13 21:23 - 2014-12-18 23:35 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 21:22 - 2014-12-06 02:53 - 00458240 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-13 21:22 - 2014-12-06 02:53 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-13 21:22 - 2014-12-06 02:51 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-13 21:22 - 2014-12-06 01:10 - 00355840 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-13 21:22 - 2014-12-06 01:10 - 00023552 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-13 21:21 - 2014-12-06 02:51 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-13 21:21 - 2014-12-06 02:50 - 00783872 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-13 21:21 - 2014-12-06 01:09 - 00332800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-10 11:10 - 2015-01-10 19:40 - 00000000 ____D () C:\ProgramData\SogouPY
2015-01-10 10:56 - 2015-01-10 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法
2015-01-10 10:56 - 2015-01-10 10:56 - 00000000 _____ () C:\windows\SysWOW64\nso2A3.tmp
2015-01-10 10:56 - 2015-01-10 10:56 - 00000000 _____ () C:\windows\SysWOW64\nscF11D.tmp
2015-01-10 10:56 - 2015-01-10 10:56 - 00000000 _____ () C:\windows\system32\nswFAF2.tmp
2015-01-10 10:56 - 2015-01-10 10:56 - 00000000 _____ () C:\windows\system32\nsu2C4.tmp
2015-01-08 22:22 - 2015-01-08 22:22 - 07987304 _____ (Sogou.com Inc.) C:\windows\system32\SogouPY.ime
2015-01-08 22:22 - 2015-01-08 22:22 - 04675176 _____ (Sogou.com Inc.) C:\windows\SysWOW64\SogouPY.ime
2015-01-08 22:22 - 2015-01-08 22:22 - 00533608 _____ (Sogou.com Inc.) C:\windows\system32\SogouTSF.ime
2015-01-08 22:22 - 2015-01-08 22:22 - 00435304 _____ (Sogou.com Inc.) C:\windows\SysWOW64\SogouTSF.ime
2015-01-08 17:14 - 2015-01-10 11:19 - 00000000 ____D () C:\Users\Chinese\Desktop\新建文件夹 (2)
2015-01-07 17:14 - 2015-01-07 19:12 - 00001764 _____ () C:\windows\setupact.log
2015-01-07 17:14 - 2015-01-07 17:14 - 00000000 _____ () C:\windows\setuperr.log
2015-01-06 15:28 - 2015-01-25 16:55 - 00000000 ____D () C:\TTkvod2
2015-01-06 15:28 - 2015-01-10 14:09 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\JJVOD
2015-01-06 15:28 - 2015-01-06 15:28 - 00000451 _____ () C:\Users\Chinese\Desktop\天天看 高清影视.lnk
2015-01-06 15:28 - 2015-01-06 15:28 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\天天看 高清影视
2015-01-06 15:28 - 2015-01-06 15:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\天天看 高清影视
2015-01-06 15:15 - 2015-01-06 15:15 - 00001037 _____ () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Setup_ttkvod_6.0.1.6.lnk
2015-01-06 15:06 - 2015-01-06 15:06 - 09586128 _____ (天天看) C:\Users\Chinese\Downloads\Setup_ttkvod_6.0.1.6 (1).exe
2015-01-06 15:03 - 2015-01-06 15:04 - 09586128 _____ (天天看) C:\Users\Chinese\Downloads\Setup_ttkvod_6.0.1.6.exe
2015-01-06 12:09 - 2015-01-13 16:51 - 00009149 _____ () C:\Users\Chinese\Desktop\电话薄.xlsx
2015-01-05 18:21 - 2015-01-05 18:21 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-05 18:20 - 2015-01-06 15:16 - 00001017 _____ () C:\Users\Public\Desktop\QQ音乐.lnk
2014-12-31 10:15 - 2014-12-31 10:15 - 05642036 _____ () C:\Users\Chinese\Downloads\attachments_2014_12_31 (3).zip
2014-12-31 10:14 - 2014-12-31 10:14 - 02365939 _____ () C:\Users\Chinese\Downloads\attachments_2014_12_31 (2).zip
2014-12-31 10:13 - 2015-01-02 17:39 - 00000000 ____D () C:\Users\Chinese\Downloads\attachments_2014_12_31 (1)
2014-12-31 10:13 - 2014-12-31 10:13 - 02374731 _____ () C:\Users\Chinese\Downloads\attachments_2014_12_31 (1).zip
2014-12-31 10:09 - 2014-12-31 10:10 - 05362778 _____ () C:\Users\Chinese\Downloads\attachments_2014_12_31.zip
2014-12-30 23:50 - 2014-12-30 23:50 - 00000000 ____D () C:\Users\Default\AppData\Roaming\360safe
2014-12-30 23:50 - 2014-12-30 23:50 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\360safe
2014-12-29 18:08 - 2015-01-08 17:34 - 00002224 _____ () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\360极速浏览器.lnk
2014-12-29 18:08 - 2015-01-08 17:34 - 00002222 _____ () C:\Users\Chinese\Desktop\360极速浏览器.lnk
2014-12-29 18:08 - 2014-12-29 18:08 - 00000000 ____D () C:\Users\Chinese\AppData\Local\360Chrome
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-26 17:49 - 2013-11-24 15:36 - 00000000 ____D () C:\Users\Chinese\AppData\Local\Google
2015-01-26 17:44 - 2013-11-24 15:55 - 07101440 ___SH () C:\Users\Chinese\Desktop\Thumbs.db
2015-01-26 17:25 - 2013-11-24 15:04 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1048203749-4246072601-2371806179-1001
2015-01-26 17:18 - 2013-11-24 15:09 - 00434570 _____ () C:\windows\system32\prfh0804.dat
2015-01-26 17:18 - 2013-11-24 15:09 - 00137914 _____ () C:\windows\system32\prfc0804.dat
2015-01-26 17:18 - 2012-07-26 02:28 - 01453322 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-26 17:14 - 2014-12-15 21:28 - 00000000 ___RD () C:\Users\Chinese\Dropbox
2015-01-26 17:14 - 2014-12-15 21:25 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Dropbox
2015-01-26 17:13 - 2014-02-11 07:36 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-26 17:13 - 2012-08-01 21:02 - 01431388 _____ () C:\windows\PFRO.log
2015-01-26 17:13 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-26 17:12 - 2014-12-17 16:11 - 00000000 ____D () C:\windows\Tasks\360Disabled
2015-01-26 17:12 - 2013-12-03 12:49 - 00003884 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-26 17:12 - 2013-12-03 12:49 - 00003648 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-26 17:10 - 2013-11-24 14:57 - 00000000 ____D () C:\Users\Chinese
2015-01-26 17:10 - 2012-07-26 03:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2015-01-26 16:02 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru
2015-01-26 15:30 - 2013-11-24 15:37 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-26 13:13 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\schemas
2015-01-26 12:25 - 2014-11-18 22:06 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\FunTV
2015-01-26 12:25 - 2014-07-04 09:31 - 00000000 ___HD () C:\Users\Public\FunAcce
2015-01-26 12:25 - 2014-04-24 19:47 - 00000000 ____D () C:\Users\Chinese\AppData\Local\TB
2015-01-26 12:25 - 2014-04-21 20:11 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\CloudMedia
2015-01-26 12:25 - 2013-12-17 01:50 - 00000000 ____D () C:\temp
2015-01-26 12:25 - 2013-11-24 15:26 - 00000000 ___HD () C:\Program Files\English
2015-01-26 12:25 - 2013-11-24 15:11 - 00000000 ____D () C:\Users\English
2015-01-26 11:32 - 2014-12-17 16:09 - 00002175 _____ () C:\Users\Chinese\Desktop\360软件管家.lnk
2015-01-26 11:00 - 2012-07-26 00:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2015-01-26 10:49 - 2014-03-12 18:32 - 00365056 ___SH () C:\Users\Chinese\Downloads\Thumbs.db
2015-01-25 20:43 - 2013-11-24 14:57 - 02031069 _____ () C:\windows\WindowsUpdate.log
2015-01-25 19:59 - 2014-11-08 16:52 - 00000000 ____D () C:\TTKVOD_CACHE
2015-01-23 23:00 - 2014-12-18 09:47 - 00103752 _____ (Baidu) C:\windows\system32\Drivers\BDDefense.sys
2015-01-23 11:44 - 2014-12-17 16:53 - 00000000 __SHD () C:\Users\Chinese\AppData\Roaming\360Quarant
2015-01-23 11:44 - 2014-12-17 16:53 - 00000000 __SHD () C:\$360Section
2015-01-23 11:44 - 2012-09-11 09:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-23 11:01 - 2014-11-04 20:57 - 00000000 ____D () C:\Users\Chinese\AppData\Local\Citrix
2015-01-22 18:25 - 2013-11-24 18:01 - 00000000 ____D () C:\Users\Chinese\Documents\Tencent Files
2015-01-22 17:13 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp
2015-01-19 16:30 - 2014-10-17 08:14 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-19 16:30 - 2014-10-17 08:14 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-18 18:30 - 2014-05-10 12:44 - 00000000 ____D () C:\Users\Chinese\Desktop\新建文件夹
2015-01-17 18:51 - 2014-12-17 16:08 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\360Safe
2015-01-16 08:52 - 2014-12-18 09:46 - 00130888 _____ (Baidu) C:\windows\system32\Drivers\BDMWrench_x64.sys
2015-01-12 21:36 - 2013-11-24 15:39 - 00000000 ____D () C:\Program Files (x86)\SogouInput
2015-01-11 23:59 - 2014-09-04 17:31 - 00003472 _____ () C:\windows\System32\Tasks\SogouImeMgr
2015-01-10 11:04 - 2013-12-17 01:50 - 00000000 ____D () C:\Users\Chinese\Documents\PDF files
2015-01-07 19:20 - 2014-12-10 23:32 - 00000000 ____D () C:\Users\Chinese\AppData\Local\Windows Live
2015-01-07 17:17 - 2014-12-17 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全中心
2015-01-07 17:16 - 2014-12-17 16:29 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\360mobilemgr
2015-01-06 21:59 - 2014-12-23 09:17 - 00121344 _____ () C:\Users\Chinese\Desktop\Driving for dollars list.xls
2015-01-06 15:28 - 2014-11-08 16:49 - 00000451 _____ () C:\Users\English\Desktop\天天看 高清影视.lnk
2015-01-06 15:16 - 2014-10-15 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-01-05 18:24 - 2014-10-15 10:48 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯游戏
2015-01-05 18:24 - 2014-10-15 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯游戏
2015-01-05 18:21 - 2014-10-15 10:47 - 00000000 ____D () C:\Program Files\Tencent
2015-01-05 18:16 - 2014-12-17 21:34 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\爱看视频
2014-12-31 13:12 - 2013-12-05 00:29 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-31 06:14 - 2013-11-24 16:04 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-12-29 18:08 - 2014-12-17 18:38 - 00000000 ____D () C:\Users\Chinese\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360安全中心
2014-12-27 10:01 - 2014-12-17 21:37 - 00152392 _____ (Baidu Technology) C:\windows\system32\Drivers\BDArKit.sys
 
==================== Files in the root of some directories =======
 
2013-11-24 15:31 - 2014-11-03 19:09 - 0000917 _____ () C:\Users\Chinese\AppData\Roaming\coreavc.ini
2013-11-24 15:00 - 2013-11-24 15:00 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Some content of TEMP:
====================
C:\Users\Chinese\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpffoppw.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-18 17:19
 
==================== End Of Log ============================
 
C:\AdwCleaner\Quarantine\C\Program Files\ScorpionSaver Services\AdpeakWFP64.sys.vir Win64/Adware.Adpeak.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FastPlayer\FastPlayer.exe.vir a variant of MSIL/NewPlayer.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FastPlayer\fastUpdater.exe.vir a variant of MSIL/NewPlayer.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FastPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\manifest.json.vir JS/Superfish.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\FastPlayer\flaelojgnhjgiilnmignlkamlcncclph\1.0_0\script.js.vir JS/Superfish.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\IE\CT3279418\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3279418\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\InternetUpdater\InternetUpdaterService.exe.vir a variant of MSIL/Adware.PullUpdate.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Updater\Uninstall.exe.vir multiple threats cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\Conduit\APISupport\APISupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\Conduit\APISupport\APISupport.old.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\Conduit\APISupport\APISupport_2.0.4.3\ApiSupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\Conduit\APISupport\APISupport_2.0.5.9\ApiSupport.dll.vir a variant of Win32/Conduit.SearchProtect.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.107\MiniSP.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.76\MiniSP.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\Conduit\APISupport\MiniSP_1.0.2.93\MiniSP.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\Conduit\Chrome\CT3279418\CHUninstaller.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\Conduit\Chrome\CT3279418\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\Conduit\Community Alerts\Aler0.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\Conduit\CT3279418\appbario19ToolbarHelper.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\NativeMessaging\CT3279418\1_0_0_10\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\NativeMessaging\CT3279418\1_0_0_6\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\NativeMessaging\CT3279418\1_0_0_7\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\NativeMessaging\CT3279418\1_0_0_9\TBMessagingHost.exe.vir Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\NativeMessaging\CT3279418\1_0_1_6\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Local\NativeMessaging\CT3279418\1_0_2_0\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Roaming\newnext.me\nengine.dll.vir Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Chinese\AppData\Roaming\SearchProtect\Res\SPSetup.exe.vir Win32/Conduit.SearchProtect.A potentially unwanted application deleted - quarantined
C:\Program Files\Windows Games\IGSMJ\tn-82073038_14_hao123inst.exe a variant of Win32/Hao123.A potentially unwanted application deleted - quarantined
C:\Users\Chinese\AppData\Local\KWExplorer\User Data\Default\Extensions\gahpidfnpjlikfplofgcckpplbhopgpp\10.23.0.722_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\Users\Chinese\AppData\Local\KWExplorer\User Data\Default\Extensions\gahpidfnpjlikfplofgcckpplbhopgpp\10.23.0.722_0\TBHostSupport\TBHostSupport.dll a variant of Win32/Toolbar.Conduit.AA potentially unwanted application deleted - quarantined


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:19 PM

Posted 27 January 2015 - 11:37 AM

Which Rogue PopUp? oO

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 clinysy

clinysy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 27 January 2015 - 01:16 PM

Looks like it's not happening anymore. Can you give me information on how to stop this from happening again? How can I tell what's attacking my computer? What's the best anti-virus program to protect against apps and browser attacks? Did I download the wrong things, or was I attacked? Thanks so much for your help. -- Cheryl



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:19 PM

Posted 27 January 2015 - 01:34 PM

I would wait one day if you get any further issues. There's no best AV, I can just recommend you EmsiSoft. I think you got the infection by downloading wrong programs (with Adware)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 clinysy

clinysy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 27 January 2015 - 01:49 PM

ok. Thank you.



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:19 PM

Posted 27 January 2015 - 01:52 PM

Can you come back tomorrow and tell me if issues are left? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 clinysy

clinysy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 27 January 2015 - 01:54 PM

yes, of course. Thank you. I will.



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:19 PM

Posted 27 January 2015 - 02:32 PM

OK :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 clinysy

clinysy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 28 January 2015 - 06:14 PM

It does not seem like there are any issues left. Thank you so much for your help!  :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users