Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE home page is hijacked


  • This topic is locked This topic is locked
8 replies to this topic

#1 mc51

mc51

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 05 March 2015 - 10:29 AM

Hello, my IE home page is set to http://hao.360.cn/?src=lm&ls=n0bf36f1f97. Even if I set it to blank page, it will be reset to hao.360.cn after i reboot my machine. I believe my pc is infected. Please help. Thanks.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by Jimmy (administrator) on JIMMY-PC on 05-03-2015 23:23:42
Running from C:\Users\Jimmy\Downloads
Loaded Profiles: Jimmy (Available profiles: Jimmy & 1 & 2)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\AstSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\41.0.2272.41\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\41.0.2272.41\remoting_host.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Usoris Systems LLC) C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
(Usoris Systems LLC) C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
() C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.53\QvodWebService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Octoshape ApS) C:\Users\Jimmy\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(http://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Usoris Systems LLC) C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2014-10-20] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-06] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300472 2010-05-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-11-19] (BlueStack Systems, Inc.)
HKLM-x32\...\RunOnce: [network_smb_downloadfilekczk] => C:\Users\Jimmy\AppData\Local\Temp\\BI_RunOnce.exe [206624 2014-10-12] () <===== ATTENTION
Winlogon\Notify\klogon: C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
HKU\S-1-5-21-4039380538-3531473328-549646064-1001\...\Run: [Google Update] => C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
HKU\S-1-5-21-4039380538-3531473328-549646064-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe [3872080 2011-12-22] (Microsoft Corporation)
HKU\S-1-5-21-4039380538-3531473328-549646064-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKU\S-1-5-21-4039380538-3531473328-549646064-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-4039380538-3531473328-549646064-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Jimmy\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D296} => C:\ProgramData\QvodPlayer\QvodExtend\5.0.101.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
ShellIconOverlayIdentifiers-x32: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D295} => C:\ProgramData\QvodPlayer\QvodExtend\5.0.101.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-4039380538-3531473328-549646064-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://hk.msn.com/?ocid=iehp
HKU\S-1-5-21-4039380538-3531473328-549646064-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-4039380538-3531473328-549646064-1001 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_oem_dg&ch=33
BHO: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D296} -> C:\ProgramData\QvodPlayer\QvodExtend\5.0.101.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Users\Jimmy\Documents\iTools\Plugin\iToolsBHO64.dll (iTools.hk)
BHO: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: 捃濘FLV弝凊抻摯狟婥盓厥 -> {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} -> C:\Users\Jimmy\Desktop\Thunder 7.2.3.3244 Portable NoAD VIP6\BHO\XlBrowserAddinKernel1.0.4.63.dll (ShenZhen Xunlei Networking Technologies,LTD)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IEVkbdBHO Class -> {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: 捃濘狟婥盓厥 -> {889D2FEB-5411-4565-8998-1DD2C5261283} -> C:\Users\Jimmy\Desktop\Thunder 7.2.3.3244 Portable NoAD VIP6\BHO\XunleiBHO7.2.3.3244.dll (深圳市迅雷网络技术有限公司)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: 9831FEEA-76C3-8B64-9E1C-4B030B5A91F2 Class -> {9831FEEA-76C3-8B64-9E1C-4B030B5A91F2} -> C:\Program Files (x86)\QvodPlayer\AddIn\{9831FEEA-76C3-8B64-9E1C-4B030B5A91F2}\QvodAddr.dll No File
BHO-x32: 捃濘訧埭壽瑩趼凊抻 -> {9AA238FE-8298-48c9-B188-05B6AEE76C3A} -> C:\Users\Jimmy\Desktop\Thunder 7.2.3.3244 Portable NoAD VIP6\BHO\XlBrowserAddinKernel1.0.4.63.dll (ShenZhen Xunlei Networking Technologies,LTD)
BHO-x32: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D295} -> C:\ProgramData\QvodPlayer\QvodExtend\5.0.101.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll (Tencent Technology (Shenzhen) Company Limited)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\Jimmy\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll (Tencent)
BHO-x32: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Users\Jimmy\Documents\iTools\Plugin\iToolsBHO.dll (iTools.hk)
BHO-x32: FilterBHO Class -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Download Accelerator Plus Integration -> {FF6C3CF0-4B15-11D1-ABED-709549C10000} -> C:\Program Files (x86)\DAP\dapieloader.dll (SpeedBit Ltd.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-4039380538-3531473328-549646064-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-4039380538-3531473328-549646064-1001 -> No Name - {65F8A3D2-4C22-4A33-9633-73167EAEEC45} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\29pbh3w5.default
FF NetworkProxy: "ftp", "97.77.104.22"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "gopher", "97.77.104.22"
FF NetworkProxy: "gopher_port", 80
FF NetworkProxy: "http", "97.77.104.22"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "socks", "97.77.104.22"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "97.77.104.22"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Users\Jimmy\Documents\iTools\Plugin\npiTools.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.00.34C\npwangwang.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Users\Jimmy\Documents\iTools\Plugin\npiTools.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @qq.com/npOpenPlatform -> C:\Program Files (x86)\Common Files\Tencent\OpenPlatform\3.0.0.3200\npQPMWebGamePlugin.dll (腾讯公司)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll (Tencent)
FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll ()
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.94\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4039380538-3531473328-549646064-1001: @1.qq.com/npqqwebgame -> C:\Users\Jimmy\AppData\Roaming\Tencent\WebGamePlugin\1.0.3.2\npqqwebgame.dll ( )
FF Plugin HKU\S-1-5-21-4039380538-3531473328-549646064-1001: @acestream.net/acestreamplugin,version=2.2.5-next -> C:\Users\Jimmy\AppData\Roaming\ACEStream\player\npace_plugin.dll No File
FF Plugin HKU\S-1-5-21-4039380538-3531473328-549646064-1001: @alibaba.com/npAliSSOLogin;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.00.41C\npAliSSOLogin.dll (ÌÔ±¦£¨Öйú£©Èí¼þÓÐÏÞ¹«Ë¾)
FF Plugin HKU\S-1-5-21-4039380538-3531473328-549646064-1001: @alibaba.com/npwangwang;version=1.0 -> C:\Program Files (x86)\AliWangWang\8.00.41C\npwangwang.dll ( )
FF Plugin HKU\S-1-5-21-4039380538-3531473328-549646064-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Jimmy\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1401100-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKU\S-1-5-21-4039380538-3531473328-549646064-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4039380538-3531473328-549646064-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jimmy\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF Extension: CCTV player plugin for Firefox - C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\29pbh3w5.default\Extensions\cctvplayer-plugin@www.cctv.com [2012-08-05]
FF Extension: Firebug - C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\29pbh3w5.default\Extensions\firebug@software.joehewitt.com.xpi [2012-07-05]
FF Extension: Proxy Tool - C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\29pbh3w5.default\Extensions\proxytool@proxylist.co.xpi [2014-04-29]
FF Extension: Greasemonkey - C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\29pbh3w5.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-25]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2013-10-09]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012-01-07]
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012-01-07]
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012-01-07]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-01-09]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2014-09-19]
FF HKU\S-1-5-21-4039380538-3531473328-549646064-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
FF Extension: Download Accelerator Plus (DAP) extension - C:\Program Files (x86)\DAP\DAPFireFox [2011-12-12]
FF HKU\S-1-5-21-4039380538-3531473328-549646064-1001\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Jimmy\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> about:blank
CHR Profile: C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (OneTab) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2014-04-16]
CHR Extension: (Google Search) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-01-07]
CHR Extension: (Tampermonkey) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-09-28]
CHR Extension: (Download Accelerator Plus (DAP)) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb [2011-12-12]
CHR Extension: (Falcon Proxy) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gchhimlnjdafdlkojbffdkogjhhkdepf [2014-10-16]
CHR Extension: (AdBlock) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-20]
CHR Extension: (Virtual Keyboard) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2012-01-07]
CHR Extension: (Office Apps) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke [2014-06-20]
CHR Extension: (支付宝安全插件) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lapoiohkeidniicbalnfmakkbnpejgbi [2014-08-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (My IP address) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\monhkdcehmbdgkhgpccaccbbcgcfpjkd [2014-07-04]
CHR Extension: (Google Wallet) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (apple在线商店iphone6到货提醒) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaiecklleaimljfiphbkbhpjenllbgjg [2014-09-15]
CHR Extension: (Auto Refresh Plus) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih [2014-10-11]
CHR Extension: (Gmail) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR Extension: (Anti-Banner) - C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2012-01-07]
CHR HKU\S-1-5-21-4039380538-3531473328-549646064-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kpckgflgdapkpabemgkielbefdildaio] - C:\Users\Jimmy\AppData\Roaming\ACEStream\extensions\chrome_new\magicplayer.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\urladvisor.crx [2011-04-25]
CHR HKLM-x32\...\Chrome\Extension: [ffdcfjdljhbehggjdkdioajnknjcpbjb] - C:\Program Files (x86)\DAP\DAPChrome\DAPChrome6.crx [2011-12-12]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\virtkbd.crx [2011-04-25]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ChromeExt\ab.crx [2011-04-25]
StartMenuInternet: Google Chrome - C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Ast Service; C:\Windows\SysWOW64\\AstSrv.exe [57344 2008-01-07] (Nalpeiron Ltd.) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [206448 2014-10-20] (Kaspersky Lab ZAO)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393728 2014-11-21] (BlueStack Systems, Inc.) [File not signed]
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-11-19] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [786136 2014-11-19] (BlueStack Systems, Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\41.0.2272.41\remoting_host.exe [56648 2015-02-01] (Google Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-09-30] ()
R2 RManService; C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe [6063360 2014-02-12] (Usoris Systems LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S4 ARUpdate; C:\Program Files\TENCENT\AddrUpdate\AddrUpdate.exe /Service [X]
S4 TBUpdate; C:\Program Files\Tencent\barupdate\TBUpdate.exe /service [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-11-19] (BlueStack Systems)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2014-10-21] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 mv2; C:\Windows\System32\DRIVERS\mv2.sys [12096 2013-01-22] (UVNC BVBA)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0014.sys [28768 2014-05-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R3 RemotePCmirror; C:\Windows\System32\DRIVERS\RemotePCmirror.sys [11368 2013-01-22] (Pro Softnet Crop provider)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-27] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-12-13] () [File not signed]
R3 TCPZ; C:\Windows\System32\DRIVERS\tcpz-x64d.sys [15208 2011-12-12] (deepxw)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
U3 aiqli67m; C:\Windows\System32\Drivers\aiqli67m.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S1 bd0001; system32\DRIVERS\bd0001.sys [X]
S1 bd0004; system32\DRIVERS\bd0004.sys [X]
S3 cpuz135; \??\C:\Users\Jimmy\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 GPU-Z; \??\C:\Users\Jimmy\AppData\Local\Temp\GPU-Z.sys [X]
S3 TCCrystalCpuInfo; \??\C:\Users\Jimmy\AppData\Local\Temp\TCCpuInfo64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-05 23:23 - 2015-03-05 23:23 - 02092544 _____ (Farbar) C:\Users\Jimmy\Downloads\FRST64.exe
2015-03-05 23:23 - 2015-03-05 23:23 - 00038956 _____ () C:\Users\Jimmy\Downloads\FRST.txt
2015-03-05 23:23 - 2015-03-05 23:23 - 00000000 ____D () C:\FRST
2015-03-05 03:43 - 2015-03-05 03:43 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-05 00:05 - 2015-03-05 00:05 - 00169336 _____ () C:\Users\Jimmy\Downloads\Aimbot Collection 9.6 (1).zip
2015-03-04 00:03 - 2015-03-04 00:03 - 01465217 _____ () C:\Users\Jimmy\Downloads\WoT Mods_mpgh.net.rar
2015-03-01 23:40 - 2015-03-01 23:40 - 95240144 _____ (Intel® Corporation) C:\Users\Jimmy\Downloads\Wireless_16.11.0_s64.exe
2015-03-01 18:41 - 2015-03-01 18:41 - 15147984 _____ (Intel® Corporation) C:\Users\Jimmy\Downloads\Wireless_17.14.0_Ds64.exe
2015-03-01 18:41 - 2015-03-01 18:41 - 109060888 _____ (Intel® Corporation) C:\Users\Jimmy\Downloads\Wireless_17.14.0_s64.exe
2015-03-01 18:34 - 2015-03-01 18:34 - 32935064 _____ (Intel® Corporation) C:\Users\Jimmy\Downloads\WP-BT_17.1.1411.01_s32.exe
2015-03-01 00:40 - 2015-03-01 00:40 - 13223208 _____ (Disc Soft Ltd) C:\Users\Jimmy\Downloads\Unconfirmed 677542.crdownload
2015-03-01 00:34 - 2015-03-01 00:35 - 13223208 _____ (Disc Soft Ltd) C:\Users\Jimmy\Downloads\Unconfirmed 941544.crdownload
2015-02-28 23:53 - 2015-02-28 23:53 - 00000000 ____D () C:\Users\Jimmy\Downloads\Q9W7tc_32bit
2015-02-28 23:47 - 2015-02-28 23:50 - 151467731 _____ () C:\Users\Jimmy\Downloads\Q9W7tc_32bit.exe
2015-02-28 20:41 - 2015-02-28 20:41 - 00026629 _____ () C:\Users\Jimmy\Downloads\[kickass.to]adobe.acrobat.xi.pro.11.0.6.multilanguage.chingliu.torrent
2015-02-28 20:37 - 2015-02-28 20:37 - 00032438 _____ () C:\Users\Jimmy\Downloads\[kickass.to]adobe.photoshop.cs3.extended.version.full.crack.torrent
2015-02-28 00:40 - 2015-02-28 00:40 - 00028441 _____ () C:\Users\Jimmy\Downloads\Unconfirmed 315744.crdownload
2015-02-27 03:11 - 2015-02-27 03:11 - 00169336 _____ () C:\Users\Jimmy\Downloads\Aimbot Collection 9.6.zip
2015-02-27 01:34 - 2015-02-27 01:34 - 00117294 _____ () C:\Users\Jimmy\Downloads\skins_dendyt.torrent
2015-02-27 01:33 - 2015-02-27 01:49 - 178206068 _____ () C:\Users\Jimmy\Downloads\CheatPack.For.Skill_0.9.6.ENG(2).zip
2015-02-25 02:53 - 2015-02-25 02:53 - 10108499 _____ () C:\Users\Jimmy\Downloads\res_mods.rar
2015-02-25 00:56 - 2015-02-25 00:59 - 44796181 _____ (Aslain ) C:\Users\Jimmy\Downloads\Aslains_XVM_Mod_Installer_v.4.2.17_96.exe
2015-02-25 00:26 - 2015-02-25 00:26 - 06666372 _____ () C:\Users\Jimmy\Downloads\Aslains_XVM_Mod_v.4.2.17_96.zip
2015-02-25 00:00 - 2015-02-25 00:00 - 01275366 _____ () C:\Users\Jimmy\Downloads\J1mB0_s_Crosshair_Mod_v1.47_-_Curse_Client.zip
2015-02-24 23:38 - 2015-02-24 23:39 - 06277131 _____ () C:\Users\Jimmy\Downloads\J1mB0_s_XVM_Config_v6.0.0.1.zip
2015-02-23 01:14 - 2015-02-23 01:14 - 06666072 _____ () C:\Users\Jimmy\Downloads\Aslains_XVM_Mod_v.4.2.15_96.zip
2015-02-22 01:38 - 2015-02-22 01:38 - 00014311 _____ () C:\Users\Jimmy\Downloads\7CFB4D7D44857912FF6B1602BEEC1DA335AC2CF9.torrent
2015-02-22 01:24 - 2015-02-22 01:24 - 00082340 _____ () C:\Users\Jimmy\Downloads\GVG-089R.rar
2015-02-22 00:07 - 2015-02-22 00:07 - 06650051 _____ () C:\Users\Jimmy\Downloads\Aslains_XVM_Mod_v.4.2.5_96.zip
2015-02-21 02:36 - 2015-02-21 02:36 - 00014002 _____ () C:\Users\Jimmy\Downloads\SHKD-564+Ai+Uehara+JAV+CENSORED.torrent
2015-02-19 00:05 - 2015-02-19 00:05 - 00000000 ____D () C:\Users\Jimmy\AppData\Roaming\Wargaming.net
2015-02-18 23:18 - 2015-02-18 23:18 - 00000000 ____D () C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2015-02-18 23:15 - 2015-02-18 23:15 - 05090904 _____ (Wargaming.net ) C:\Users\Jimmy\Downloads\WoT_internet_install_asia.exe
2015-02-18 19:49 - 2015-02-18 19:49 - 00014957 _____ () C:\Users\Jimmy\Downloads\[kickass.to]aka.005.unlimited.want.to.do.housewife.1.matsushima.aoi.torrent
2015-02-17 01:57 - 2015-02-17 01:57 - 00012428 _____ () C:\Users\Jimmy\Downloads\[kickass.to]mild.957.undercover.investigator.ai.uehara.torrent
2015-02-17 01:54 - 2015-02-17 01:54 - 00018207 _____ () C:\Users\Jimmy\Downloads\JAV+Censored+MILD-957+Undercover+Investigator+Ai+Uehara.torrent
2015-02-17 01:51 - 2015-02-17 01:51 - 00093435 _____ () C:\Users\Jimmy\Downloads\JAV+censored+MILD-957+Uehara+Ai.torrent
2015-02-15 23:37 - 2015-03-01 13:53 - 00000000 ____D () C:\ProgramData\QvodPlayer
2015-02-12 01:30 - 2015-02-12 01:30 - 00012498 _____ () C:\Users\Jimmy\Documents\us_stock_chief.xlsx
2015-02-12 01:03 - 2015-02-12 01:03 - 00000459 _____ () C:\Users\Jimmy\Documents\Transaction History.csv
2015-02-12 00:24 - 2015-02-12 00:24 - 00021434 _____ () C:\Users\Jimmy\Downloads\[limetorrents.cc]JAV.Censored.EBOD-426.AV.Ban!.!SSS-BODY.Climax.77.Times!.!Full.Uncut.4.Production.Katahira.Akane.torrent
2015-02-08 00:31 - 2015-02-08 00:31 - 00000000 ____D () C:\Program Files (x86)\GUM8324.tmp
2015-02-07 02:12 - 2015-02-07 02:12 - 00012202 _____ () C:\Users\Jimmy\Downloads\[kickass.so]bf.364.bondage.girl.transcendence.f.cup.convulsions.sex.honda.rico.torrent
2015-02-07 01:52 - 2015-02-07 01:52 - 00021025 _____ () C:\Users\Jimmy\Downloads\[kickass.so]rbd.660.哀秘.certificate.mizutani.heart.sound.that.was.bleeped.torrent
2015-02-07 01:43 - 2015-02-07 01:43 - 00067335 _____ () C:\Users\Jimmy\Downloads\RBD660AVI.torrent
2015-02-05 23:34 - 2015-02-05 23:34 - 00291606 _____ () C:\Users\Jimmy\Downloads\TCPView.zip
2015-02-05 23:31 - 2015-02-05 23:31 - 02194432 _____ () C:\Users\Jimmy\Downloads\adwcleaner_4.109.exe
2015-02-04 00:58 - 2015-02-04 00:58 - 00073577 _____ () C:\Users\Jimmy\Downloads\WANZ-297.torrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-05 23:16 - 2014-07-21 14:08 - 00000472 _____ () C:\Windows\Tasks\AliUpdater{A2D30374-ECA9-41CE-A228-9EB4B616410D}.job
2015-03-05 23:16 - 2014-07-21 14:07 - 00000000 ____D () C:\Program Files (x86)\AliWangWang
2015-03-05 22:50 - 2013-01-10 10:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-05 22:36 - 2014-03-14 23:21 - 00000542 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-05 22:31 - 2011-11-05 12:41 - 00000552 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4039380538-3531473328-549646064-1001UA.job
2015-03-05 09:30 - 2009-07-14 12:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-05 09:30 - 2009-07-14 12:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-05 09:28 - 2009-07-14 13:13 - 00798520 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-05 09:26 - 2014-03-14 23:21 - 00000538 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-05 09:26 - 2012-01-07 02:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-05 09:26 - 2011-12-13 09:49 - 00000000 ____D () C:\Users\Jimmy\Tracing
2015-03-05 09:26 - 2011-11-02 02:00 - 02030669 _____ () C:\Windows\WindowsUpdate.log
2015-03-05 09:23 - 2013-04-04 18:27 - 00002756 _____ () C:\Windows\System32\Tasks\AutoKMSDaily
2015-03-05 09:23 - 2013-04-04 18:27 - 00000218 _____ () C:\Windows\Tasks\AutoKMSDaily.job
2015-03-05 09:23 - 2013-04-04 18:27 - 00000216 _____ () C:\Windows\Tasks\AutoKMS.job
2015-03-05 09:23 - 2012-01-10 12:10 - 00151552 _____ () C:\Windows\KMSEmulator.exe
2015-03-05 09:22 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-05 09:22 - 2009-07-14 12:51 - 00067271 _____ () C:\Windows\setupact.log
2015-03-05 01:03 - 2009-07-14 10:34 - 00000603 _____ () C:\Windows\win.ini
2015-03-05 00:31 - 2011-11-05 12:41 - 00000500 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4039380538-3531473328-549646064-1001Core.job
2015-03-04 22:33 - 2011-11-05 12:41 - 00002340 _____ () C:\Users\Jimmy\Desktop\Google Chrome.lnk
2015-03-02 01:52 - 2012-03-08 01:16 - 00061924 _____ () C:\Windows\SysWOW64\q922pyb.tbl
2015-03-02 01:52 - 2012-03-08 01:16 - 00057750 _____ () C:\Windows\SysWOW64\q922stb.tbl
2015-03-02 01:52 - 2012-03-08 01:16 - 00046760 _____ () C:\Windows\SysWOW64\q922b.tbl
2015-03-02 01:52 - 2012-02-21 00:32 - 00196608 _____ () C:\Windows\SysWOW64\q9b5rel.tbl
2015-03-01 17:27 - 2014-07-21 14:08 - 00003542 _____ () C:\Windows\System32\Tasks\AliUpdater{A2D30374-ECA9-41CE-A228-9EB4B616410D}
2015-03-01 17:23 - 2010-11-21 11:47 - 00266824 _____ () C:\Windows\PFRO.log
2015-03-01 13:48 - 2014-07-19 00:37 - 00000954 _____ () C:\Users\Jimmy\AppData\Roaming\coreavc.ini
2015-03-01 13:46 - 2009-07-14 12:45 - 00427344 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-27 00:22 - 2013-04-12 00:22 - 00000322 _____ () C:\Windows\Tasks\At1.job
2015-02-25 03:31 - 2011-11-02 02:13 - 00112288 _____ () C:\Users\Jimmy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-18 09:37 - 2014-03-14 23:21 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-12 01:30 - 2014-02-26 01:29 - 00000000 ____D () C:\BrightSmart
2015-02-09 00:26 - 2011-11-05 12:41 - 00003526 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4039380538-3531473328-549646064-1001UA
2015-02-09 00:26 - 2011-11-05 12:41 - 00003130 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4039380538-3531473328-549646064-1001Core
2015-02-08 08:13 - 2013-06-28 18:58 - 00001342 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2015-02-08 00:31 - 2014-03-14 23:21 - 00003538 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 00:31 - 2014-03-14 23:21 - 00003286 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 03:50 - 2013-01-10 10:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 03:50 - 2012-03-30 09:48 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 03:50 - 2011-12-12 23:13 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 22:49 - 2013-10-09 02:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 
==================== Files in the root of some directories =======
 
2014-07-21 14:08 - 2014-07-21 14:08 - 0001078 _____ () C:\Users\Jimmy\AppData\Roaming\base64.cer
2014-07-19 00:37 - 2015-03-01 13:48 - 0000954 _____ () C:\Users\Jimmy\AppData\Roaming\coreavc.ini
2013-03-17 14:57 - 2013-03-17 14:57 - 0000093 _____ () C:\Users\Jimmy\AppData\Local\fusioncache.dat
2012-06-20 14:31 - 2014-10-28 03:35 - 0000600 _____ () C:\Users\Jimmy\AppData\Local\PUTTY.RND
2012-01-07 02:31 - 2012-01-07 02:31 - 0017408 _____ () C:\Users\Jimmy\AppData\Local\WebpageIcons.db
2012-02-03 14:07 - 2012-02-03 14:07 - 0003774 _____ () C:\ProgramData\114la.ico
2011-12-15 11:20 - 2011-12-15 11:20 - 0000113 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2011-12-15 11:07 - 2011-12-15 11:07 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Files to move or delete:
====================
C:\Users\Jimmy\AppData\Local\Temp\\BI_RunOnce.exe
C:\Windows\Tasks\At1.job
 
 
Some content of TEMP:
====================
C:\Users\Jimmy\AppData\Local\Temp\Bass.dll
C:\Users\Jimmy\AppData\Local\Temp\Bass.Net.dll
C:\Users\Jimmy\AppData\Local\Temp\BI_RunOnce.exe
C:\Users\Jimmy\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\Jimmy\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jimmy\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Jimmy\AppData\Local\Temp\qqsafeud.exe
C:\Users\Jimmy\AppData\Local\Temp\QRDUYC.DLL
C:\Users\Jimmy\AppData\Local\Temp\QzoneMusic.exe
C:\Users\Jimmy\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Jimmy\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Jimmy\AppData\Local\Temp\sfareca00001.dll
C:\Users\Jimmy\AppData\Local\Temp\sfareca00002.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
 
 
LastRegBack: 2015-03-05 10:09
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


m

#2 mc51

mc51
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 06 March 2015 - 11:31 AM

can anyone help?



#3 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 AM

Posted 06 March 2015 - 11:57 AM

Hello mc51 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------

 

Addition.txt is created by default from the first run of FRST, can you check inside this folder: C:\FRST\Logs I need to see that log before we progress. If no Addition log inside the Logs folder run FRST scan one more time, ensure "Addition" is checked in the optional scan box...

Attached Images

 

Ashampoo_Snap_20140927_13h17m38s_001_Far

 

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 mc51

mc51
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 06 March 2015 - 12:26 PM

Hi I have attached the log file for your review. Thanks.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by Jimmy at 2015-03-05 23:24:10
Running from C:\Users\Jimmy\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Disabled - Out of date) {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
AS: Kaspersky Internet Security (Disabled - Up to date) {95CBD341-38DB-14AC-AF6A-08054B41A339}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.0 - )
115UDown (HKU\S-1-5-21-4039380538-3531473328-549646064-1001\...\115UDown) (Version: 3.3.1.13 - Guangdong, 115, Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Fran蓷is, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple 應用程式支援 (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Aslain's XVM Mod version 4.2.17 (HKLM-x32\...\ZRwTINhSZfduKONYrSCTiCiGPggQZdcLRvoAVxyCOXXpkHeC~1DC3968F_is1) (Version: 4.2.17 - Aslain)
Battlefield 4 Update 2 (HKLM-x32\...\QmF0dGxlZmllbGQ0_is1) (Version: 1 - )
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 70.2012.1109.1410 - F5 Networks, Inc.)
BlueStacks App Player 0.9.6.4092 SuperUser BSEasy (HKLM-x32\...\{AC7B7E99-4E43-47B7-A526-10BE7A28E160}) (Version: 0.9.6.4092 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chrome Remote Desktop Host (HKLM-x32\...\{C9F8858E-B6F9-4E56-B155-2A5CE7FC74B9}) (Version: 41.0.2272.41 - Google Inc.)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.0.3.6 - Citrix Systems, Inc.)
CPUID CPU-Z 1.59 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
DAZzle (HKLM-x32\...\DAZzle) (Version:  - )
Defcon v1.6 (HKLM-x32\...\Defcon_is1) (Version:  - Introversion Software Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.3.10485 - Blizzard Entertainment)
Download Accelerator Plus (DAP) (HKLM-x32\...\Download Accelerator Plus (DAP)) (Version: 9606 (Build 2121) - Speedbit Ltd.)
DYMO Printable Postage (HKLM-x32\...\Printable Postage.exe) (Version: 3.3 - Endicia Internet Postage)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Far Cry 4 - Gold Edition version Far Cry 4 - Gold Edition (HKLM-x32\...\Far Cry 4 - Gold Edition_is1) (Version: Far Cry 4 - Gold Edition - )
Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.4.9.4 - Telerik)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Google Chrome (HKU\S-1-5-21-4039380538-3531473328-549646064-1001\...\Google Chrome) (Version: 41.0.2272.76 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HammerTap 3 (HKLM-x32\...\{1C84BF7A-168C-424F-9CAC-260624C92C1A}) (Version: 3.1.1021 - Hammertap)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
iPhone Backup Extractor (HKU\S-1-5-21-4039380538-3531473328-549646064-1001\...\iPhone Backup Extractor) (Version: 5.3.10.0 - Reincubate Ltd)
iTools (HKLM-x32\...\iTools) (Version:  - 深圳市创想天空科技有限公司)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Jove's Mod Pack 0.9.6 version 17.1 (2/10/2015) (HKLM-x32\...\{B0F4B9B2-D252-44B6-B6C4-464809AA675B}_is1) (Version: 17.1 (2/10/2015) - )
Kaspersky Internet Security 2012 (HKLM-x32\...\InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}) (Version: 12.0.0.374 - Kaspersky Lab)
Kaspersky Internet Security 2012 (x32 Version: 12.0.0.374 - Kaspersky Lab) Hidden
LINE (HKLM-x32\...\LINE) (Version: 3.6.0.32 - LINE Corporation)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
MBT Desktop Pro (HKLM-x32\...\MBT Desktop Pro) (Version: 2.1.0.59 - MB Trading, Inc.)
MetaStock 11.0 (HKU\S-1-5-21-4039380538-3531473328-549646064-1001\...\MetaStock 11.0) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
MLDownloader (HKLM-x32\...\{E42E14F4-D4BB-4C3E-88DE-CB79A1C003DA}) (Version: 6.7.1 - Trading-Tools.com)
Mozilla Firefox 24.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
Mp3tag v2.49a (HKLM-x32\...\Mp3tag) (Version: v2.49a - Florian Heidenreich)
MSI Afterburner 2.1.0 (HKLM-x32\...\Afterburner) (Version: 2.1.0 - MSI Co., LTD)
NinjaTrader 7 (HKLM-x32\...\{2F9AA215-35FB-4758-B95D-46AA04CB6517}) (Version: 7.0.1014 - NinjaTrader)
Octoshape Streaming Services (HKU\S-1-5-21-4039380538-3531473328-549646064-1001\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Remote Utilities - Host (HKLM-x32\...\{0D3BB12F-9903-4D4A-A062-97947D2AB44E}) (Version: 5.255.6006 - Usoris Systems LLC)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
ScreenScales (HKLM-x32\...\TalonDesigns.ScreenScales.7FC373E9EAC9060672FF2DDDD79F68531886285B.1) (Version: 1.0 - Talon Designs)
ScreenScales (x32 Version: 1.0 - Talon Designs) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ShipWorks?2.9.73 (HKLM-x32\...\ShipWorks_is1) (Version: 2.9.73 - Interapptive? Inc.)
ShipWorks?3.3.7.3935 (HKLM\...\{4D8308A1-37BB-47F4-802E-2FF213545A58}_is1) (Version: 3.3.7.3935 - Interapptive? Inc.)
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
SMS Control Center Free (HKLM-x32\...\{1EB31B96-CD37-45DC-B637-7D56BAE4D0D9}) (Version: 7.5.9.5 - KD Apps)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SPTrader (HKLM\...\{FDC63683-F54D-4753-B755-A295E1ABAFA9}_is1) (Version:  - Sharp Point Limited)
StreamTorrent 1.0 (HKLM-x32\...\StreamTorrent 1.0) (Version:  - )
TBUpdate (HKLM-x32\...\TBUpdate) (Version: 5.0.0.16 - 腾讯科技(深圳)有限公司)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Tencent QQMail Plugin (HKLM-x32\...\QQMailPlugin) (Version:  - )
Top Trader Professional version 2.0.0.3 (HKLM-x32\...\{528D882E-9936-4214-B202-8973C9ED3DAC}_is1) (Version: 2.0.0.3 - Top Technology International Ltd.)
TortoiseSVN 1.6.16.21511 (64 bit) (HKLM\...\{1DD03A94-C815-46EF-A43A-B36694002A7C}) (Version: 1.6.21511 - TortoiseSVN)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UltraEdit (HKLM-x32\...\InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}) (Version: 17.30.1002 - IDM Computer Solutions, Inc.)
UltraEdit (x32 Version: 17.30.1002 - IDM Computer Solutions, Inc.) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-4039380538-3531473328-549646064-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812ASIA}_is1) (Version:  - Wargaming.net)
三国杀online桌面版 (HKLM-x32\...\SanGuoShaAIR) (Version: 3.6.8 - UNKNOWN)
三国杀online桌面版 (x32 Version: 3.6.8 - UNKNOWN) Hidden
刲坰載陔督昢 (HKLM-x32\...\SOSOUpdate) (Version: 6.1.0.2 - 枆捅褪撮ㄗ旮詀ㄘ衄癹鼠侗)
阿里旺旺2014Beta1 (HKLM-x32\...\阿里旺旺2014Beta1) (Version:  - 阿里巴巴(中国)有限公司)
財龍投資決策系統 (HKLM-x32\...\財龍投資決策系統) (Version:  - )
耀才證券網上交易系統(專業版) (HKLM-x32\...\{E7AAE664-3B28-4B2B-B078-F561424A5CDC}) (Version: 1.13.4 - Ayers)
腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 6.4.12582.0 - 腾讯科技(深圳)有限公司)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4039380538-3531473328-549646064-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4039380538-3531473328-549646064-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4039380538-3531473328-549646064-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4039380538-3531473328-549646064-1001_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-4039380538-3531473328-549646064-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4039380538-3531473328-549646064-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4039380538-3531473328-549646064-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4039380538-3531473328-549646064-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jimmy\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
05-02-2015 06:11:08 Scheduled Checkpoint
13-02-2015 04:14:31 Scheduled Checkpoint
23-02-2015 04:33:12 Scheduled Checkpoint
01-03-2015 13:53:59 删除了 微软设备健康助手
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2015-02-08 18:03 - 00001342 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 licensing.ultraedit.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00313586-0D20-4359-8AB3-E90C4ADE78BE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {09CEDD14-FCCF-420F-8EF9-B195379CECD2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4039380538-3531473328-549646064-1001Core => C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {0BD41070-4F9B-4854-8E72-FA29C5771602} - System32\Tasks\AliUpdater{A2D30374-ECA9-41CE-A228-9EB4B616410D} => C:\Program Files (x86)\AliWangWang\AliTask.exe [2014-12-10] ()
Task: {24778463-1B36-4190-B0D5-07D035FCEC09} - System32\Tasks\{5904AB63-40D1-429F-899B-C2304FDC4AA4} => pcalua.exe -a "C:\Users\Jimmy\Downloads\dotNetFx35setup (1).exe" -d C:\Users\Jimmy\Downloads
Task: {27B18E8F-49D2-4C47-9A27-D1581BEF8D1B} - System32\Tasks\{B3DD5B4D-B27C-42DE-82FF-6C3209E5D414} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {2C8A67CB-6D55-4B94-A6C4-964FF4E47131} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-14] (Google Inc.)
Task: {5110C554-033C-4F9D-B1C7-83F765F868A5} - System32\Tasks\{F67EA52B-AEE0-4D0D-A475-7501C1215F5B} => pcalua.exe -a "C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C7C4DNZ6\InstallerControl_setup[1].exe" -d C:\Users\Jimmy\Desktop
Task: {5EA39EC6-B965-414C-9A6D-B71D46DD81FE} - System32\Tasks\{2EF74534-078C-4295-84A3-F638078DBF2A} => E:\download\Equis.MetaStock.Pro.EOD.v11.0.Cracked-RedT\setup\MS110EOD.exe [2009-10-07] ()
Task: {673B013E-3ECB-45A6-B3B4-800B1108B6F2} - System32\Tasks\At1 => C:\Windows\hhh.exe <==== ATTENTION
Task: {7E918326-75ED-41F6-9EC8-5706678270AC} - System32\Tasks\{F0CA2F39-A0E0-4F1F-AD86-41978A10E0C9} => pcalua.exe -a C:\ProgramData\deal4me\XusDCk.exe -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {7F9A233F-2049-486A-AB93-A59BEBF75877} - System32\Tasks\{10263E15-1483-40DF-94E1-81FCC51E447E} => C:\Users\Jimmy\AppData\Local\Temp\WZSE6.TMP\Setup.exe <==== ATTENTION
Task: {80E25136-DDD4-4AAA-BF58-39CC1B414CBB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {86ED6374-FAD3-479C-933D-D13AA3FDD83C} - System32\Tasks\{E501F3DF-2C2F-4DFB-99D7-9199370D0073} => C:\Users\Jimmy\AppData\Local\Temp\WZSE6.TMP\Setup.exe <==== ATTENTION
Task: {914F1B3D-7ACE-49D7-A4DC-DEEAC7F5FF91} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4039380538-3531473328-549646064-1001UA => C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {96593F71-62FF-46A2-B9EB-2F919DA527D4} - System32\Tasks\{8CFD1794-2EBA-4669-9A3F-CD09BC1CDEDB} => pcalua.exe -a "C:\Program Files (x86)\YouTube Accelerator\YTAUninstall.exe"
Task: {A26A6252-3DFE-4763-B70C-281B289438FE} - System32\Tasks\{2377D651-3132-4015-A99E-128B9D9FCE38} => E:\download\Equis.MetaStock.Pro.EOD.v11.0.Cracked-RedT\setup\MS110EOD.exe [2009-10-07] ()
Task: {B2EEA1BC-2784-4510-A197-A2969F3F2C12} - System32\Tasks\{45D2D9B2-19FB-4486-A4BC-A6980137131E} => C:\Users\Jimmy\AppData\Local\Temp\WZSE7.TMP - Copy\Setup.exe [1998-10-02] (InstallShield Software Corporation) <==== ATTENTION
Task: {D3DE30A3-2905-4662-AF75-129F6365645D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-14] (Google Inc.)
Task: {D91AEA48-E148-46FF-83F9-275DF0E6333B} - System32\Tasks\{0A897D6D-5798-42D3-B5EC-0D193DADA8E9} => C:\Users\Jimmy\AppData\Local\Temp\WZSE7.TMP - Copy\Setup.exe [1998-10-02] (InstallShield Software Corporation) <==== ATTENTION
Task: {E0F90C37-B1A8-418B-8F81-74C7CB2F0FB8} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-04-04] ()
Task: {EC7FC77A-A9D9-4B43-B318-C5ADCD69C3D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {F6DE3DC5-7106-40F1-BE6C-FE964E38F4A9} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe [2013-04-04] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AliUpdater{A2D30374-ECA9-41CE-A228-9EB4B616410D}.job => C:\Program Files (x86)\AliWangWang\AliTask.exe
Task: C:\Windows\Tasks\At1.job => C:\Windows\hhh.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4039380538-3531473328-549646064-1001Core.job => C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4039380538-3531473328-549646064-1001UA.job => C:\Users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2011-12-13 00:50 - 2012-09-30 14:22 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 22:42 - 2010-01-02 22:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-06-24 15:38 - 2014-06-24 15:38 - 00014256 _____ () C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.53\QvodWebService.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02118032 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 07008656 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 02089360 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 01270160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00192912 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
2011-04-24 23:13 - 2011-04-24 23:13 - 00758160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
2011-04-20 19:56 - 2011-04-20 19:56 - 00025088 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
2012-01-08 21:41 - 2012-01-08 21:41 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-04 22:33 - 2015-02-28 09:56 - 01174856 _____ () C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\41.0.2272.76\libglesv2.dll
2015-03-04 22:33 - 2015-02-28 09:56 - 00080200 _____ () C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\41.0.2272.76\libegl.dll
2015-03-04 22:33 - 2015-02-28 09:56 - 09279304 _____ () C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\41.0.2272.76\pdf.dll
2015-03-04 22:33 - 2015-02-28 09:56 - 14965064 _____ () C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\41.0.2272.76\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:AstInfo
AlternateDataStreams: C:\ProgramData\TEMP:553CA6CA
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\remotepc => "(Default)"="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4039380538-3531473328-549646064-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ARUpdate => 2
MSCONFIG\Services: TBUpdate => 3
MSCONFIG\startupreg: AceStream => C:\Users\Jimmy\AppData\Roaming\ACEStream\engine\ace_engine.exe
MSCONFIG\startupreg: QvodTerminal => "C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe" -autorun
 
==================== Accounts: =============================
 
1 (S-1-5-21-4039380538-3531473328-549646064-1004 - Limited - Enabled) => C:\Users\1
2 (S-1-5-21-4039380538-3531473328-549646064-1005 - Limited - Enabled) => C:\Users\2
Administrator (S-1-5-21-4039380538-3531473328-549646064-500 - Administrator - Disabled)
ASPNET (S-1-5-21-4039380538-3531473328-549646064-1007 - Limited - Enabled)
Guest (S-1-5-21-4039380538-3531473328-549646064-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4039380538-3531473328-549646064-1002 - Limited - Enabled)
Jimmy (S-1-5-21-4039380538-3531473328-549646064-1001 - Administrator - Enabled) => C:\Users\Jimmy
 
==================== Faulty Device Manager Devices =============
 
Name: bd0001
Description: bd0001
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: bd0001
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: bd0004
Description: bd0004
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: bd0004
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/05/2015 10:10:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/05/2015 10:09:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/05/2015 09:26:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/05/2015 09:24:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/05/2015 09:23:12 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (03/04/2015 03:40:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/03/2015 04:16:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/02/2015 04:52:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/01/2015 11:22:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2015 11:21:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (03/05/2015 11:10:35 PM) (Source: TermDD) (EventID: 50) (User: )
Description: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
 
Error: (03/05/2015 08:37:22 PM) (Source: TermDD) (EventID: 50) (User: )
Description: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
 
Error: (03/05/2015 07:01:02 PM) (Source: TermDD) (EventID: 50) (User: )
Description: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
 
Error: (03/05/2015 04:40:24 PM) (Source: TermDD) (EventID: 50) (User: )
Description: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
 
Error: (03/05/2015 03:23:58 PM) (Source: TermDD) (EventID: 50) (User: )
Description: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
 
Error: (03/05/2015 02:11:06 PM) (Source: TermDD) (EventID: 50) (User: )
Description: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
 
Error: (03/05/2015 00:51:56 PM) (Source: TermDD) (EventID: 50) (User: )
Description: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
 
Error: (03/05/2015 11:51:53 AM) (Source: TermDD) (EventID: 50) (User: )
Description: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
 
Error: (03/05/2015 10:41:53 AM) (Source: TermDD) (EventID: 50) (User: )
Description: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
 
Error: (03/05/2015 09:26:12 AM) (Source: TermDD) (EventID: 50) (User: )
Description: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
 
 
Microsoft Office Sessions:
=========================
Error: (03/05/2015 10:10:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"c:\program files (x86)\Tencent\QQ\Bin\auclt.exe
 
Error: (03/05/2015 10:09:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (03/05/2015 09:26:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
 
Error: (03/05/2015 09:24:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/05/2015 09:23:12 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (03/04/2015 03:40:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"c:\program files (x86)\Tencent\QQ\Bin\auclt.exe
 
Error: (03/03/2015 04:16:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"c:\program files (x86)\Tencent\QQ\Bin\auclt.exe
 
Error: (03/02/2015 04:52:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"c:\program files (x86)\Tencent\QQ\Bin\auclt.exe
 
Error: (03/01/2015 11:22:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/01/2015 11:21:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-05 23:06:43.289
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-02-04 22:42:27.438
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-10 01:58:52.988
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-10 01:58:52.972
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-02 12:21:34.495
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Jimmy\AppData\Local\Temp\cpuz64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-07-02 12:21:34.478
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Jimmy\AppData\Local\Temp\cpuz64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-30 02:07:58.991
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Jimmy\AppData\Local\Temp\TCCpuInfo64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-30 02:07:58.972
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Jimmy\AppData\Local\Temp\TCCpuInfo64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-30 02:07:58.934
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Jimmy\AppData\Local\Temp\TCCpuInfo64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-30 02:07:58.915
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Jimmy\AppData\Local\Temp\TCCpuInfo64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU X3350 @ 2.66GHz
Percentage of memory in use: 52%
Total physical RAM: 8191.15 MB
Available physical RAM: 3872.26 MB
Total Pagefile: 16380.5 MB
Available Pagefile: 10730.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.24 GB) (Free:35.72 GB) NTFS
Drive d: () (Fixed) (Total:465.75 GB) (Free:14.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Data) (Fixed) (Total:298.09 GB) (Free:1.55 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 74B474B4)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 2C46E022)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: FB97E533)
Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Attached Files


Edited by mc51, 06 March 2015 - 12:46 PM.


#5 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 AM

Posted 06 March 2015 - 03:20 PM

Hi mc51,
 

C:\Windows\KMSEmulator.exe
C:\Users\Jimmy\Downloads\[kickass.to]adobe.acrobat.xi.pro.11.0.6.multilanguage.chingliu.torrent
C:\Users\Jimmy\Downloads\[kickass.to]adobe.photoshop.cs3.extended.version.full.crack.torrent
C:\Users\Jimmy\Downloads\[limetorrents.cc]JAV.Censored.EBOD-426.AV.Ban!.!SSS-BODY.Climax.77.Times!.!Full.Uncut.4.Production.Katahira.Akane.torrent

127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com

 

A Keygen is a program which is used to illegally bypass copy protection on games and commercial software by generating a random serial number, or "cd key", that matches the software it is intended to be used with.

A Cracking tool is used to copy commercial software illegally by breaking the various copy-protection and registration techniques being used.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk..

 

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors..

Keygen and Crack Sites Distribute VIRUX and FakeAV


.warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

------------------------------------------
I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.

 

 

FF ProfilePath: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\29pbh3w5.default
FF NetworkProxy: "ftp", "97.77.104.22"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "gopher", "97.77.104.22"
FF NetworkProxy: "gopher_port", 80
FF NetworkProxy: "http", "97.77.104.22"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "socks", "97.77.104.22"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "97.77.104.22"
FF NetworkProxy: "ssl_port", 80
FF NetworkProxy: "type", 0

Do you use a proxy ve VPN . Did you make this proxy settings?

 

 Are  they related with Chrome Remote Desktop Host ?

----------------------------------------------------------------------------------------------------

 

Remote Utilities - Host

install you   this the software ???

 

 

 

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 mc51

mc51
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:30 PM

Posted 07 March 2015 - 11:49 AM

Thank for the reply. I have uninstalled uTorrent immediately. 

 

 

And for the proxy setting, I think I install a plugin in chrome to use that proxy setting and I will now uninstall that plugin. 

 

The remote utilities host is installed by me long time ago and i didnt experience any issue until very recent, so I guess it should not be a problem?

 

Now my pc is still having the same issue. Can you tell me if there is anything I can do? Thanks.



#7 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 AM

Posted 07 March 2015 - 07:20 PM

Thank for the reply. I have uninstalled uTorrent immediately. 
 
And for the proxy setting, I think I install a plugin in chrome to use that proxy setting and I will now uninstall that plugin. 
 
The remote utilities host is installed by me long time ago and i didnt experience any issue until very recent, so I guess it should not be a problem?
 
Now my pc is still having the same issue. Can you tell me if there is anything I can do? Thanks.

Okay.
 
Please go to Start, Click Control Panel , click Programs and then click Programs and Features if it still exists:
And uninstall the following applications.
 
TBUpdate
Tencent QQMail Plugin
C:\Program Files (x86)\Tencent
C:\Program Files (x86)\QQMailPlugin

------------------------------------------------------------------------------------------
 
Step 1:
FRST Script:
Please download this attached txt.gif  fixlist.txt  12.1KB  0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Have a nice day.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 AM

Posted 12 March 2015 - 09:20 AM

Hello,

4 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:30 AM

Posted 14 March 2015 - 06:59 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users