Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Baidu something or other (In Chinese)


  • Please log in to reply
10 replies to this topic

#1 Slumberjax

Slumberjax

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central California
  • Local time:08:29 AM

Posted 11 May 2015 - 06:42 PM

Don't know where it came from, but there's something called Baidu on my laptop, and it's all in Chinese. I had some adware that seems to be gone, but it's still hanging around when I right click on a program. Can't really give any more details, because I can't read Chinese.

Edited by Orange Blossom, 12 May 2015 - 12:50 AM.
Moved from Windows 8 to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:29 PM

Posted 12 May 2015 - 01:47 AM

Hi there,

Baidu is actually a legit Chinese company, and their search engine is commonly called "the Google of China" (yes, it's that big).

If you need to get rid of something from Baidu then run this and I'll see what I can do.

MiniToolbox by Farbar

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore Points
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards,
Alex

#3 Slumberjax

Slumberjax
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central California
  • Local time:08:29 AM

Posted 12 May 2015 - 01:24 PM

MiniToolBox by Farbar Version: 11-05-2015 01
Ran by Michael (administrator) on 12-05-2015 at 11:21:55
Running from "C:\Users\Michael\Desktop"
Microsoft Windows 8.1 (X64)
Model: S500CA Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Qualcomm Atheros AR9485WB-EG Wireless Network Adapter = Wi-Fi (Connected)
Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Ethernet-WFP Native MAC Layer LightWeight Filter-0000" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Slumberjack
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.pace.com

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 1E-71-D9-55-83-2F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . : gateway.pace.com
Description . . . . . . . . . . . : Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
Physical Address. . . . . . . . . : 6C-71-D9-55-83-2F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c933:98b:ec92:72ee%4(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.67(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, May 11, 2015 2:02:05 AM
Lease Expires . . . . . . . . . . : Wednesday, May 13, 2015 10:46:10 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 325874137
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-BF-25-EE-60-A4-4C-0A-3A-7A
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
Physical Address. . . . . . . . . : 60-A4-4C-0A-3A-7A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 2607:f8b0:4010:801::1005
216.58.192.46


Pinging google.com [216.58.192.46] with 32 bytes of data:
Reply from 216.58.192.46: bytes=32 time=110ms TTL=55
Reply from 216.58.192.46: bytes=32 time=71ms TTL=55

Ping statistics for 216.58.192.46:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 71ms, Maximum = 110ms, Average = 90ms
Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 206.190.36.45
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=208ms TTL=46
Reply from 98.139.183.24: bytes=32 time=209ms TTL=46

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 208ms, Maximum = 209ms, Average = 208ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
5...1e 71 d9 55 83 2f ......Microsoft Wi-Fi Direct Virtual Adapter
4...6c 71 d9 55 83 2f ......Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
2...60 a4 4c 0a 3a 7a ......Qualcomm Atheros AR8161 PCI-E Gigabit Ethernet Controller (NDIS 6.30)
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.67 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.67 281
192.168.1.67 255.255.255.255 On-link 192.168.1.67 281
192.168.1.255 255.255.255.255 On-link 192.168.1.67 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.67 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.67 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
4 281 fe80::/64 On-link
4 281 fe80::c933:98b:ec92:72ee/128
On-link
1 306 ff00::/8 On-link
4 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/11/2015 03:51:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SLUMBERJACK)
Description: Activation of app microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe:Microsoft.WindowsLive.Mail.AppX4y6c3g4nq1ywddr4v64vdzznd9w3d820.wwa failed with error: -2144927150 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/10/2015 01:17:58 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: igd10iumd32.dll, version: 10.18.10.3308, time stamp: 0x52379e8f
Exception code: 0xc0000005
Fault offset: 0x00079f67
Faulting process id: 0xbb4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (05/10/2015 00:45:33 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (05/09/2015 02:27:24 AM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1fc

Start Time: 01d08a3a3d4241e7

Termination Time: 4294967295

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: 9921212b-f62d-11e4-bf48-60a44c0a3a7a

Faulting package full name:

Faulting package-relative application ID:

Error: (05/08/2015 02:59:53 AM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 130

Start Time: 01d0897597eb494d

Termination Time: 31

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: f85b3b03-f568-11e4-bf48-60a44c0a3a7a

Faulting package full name:

Faulting package-relative application ID:

Error: (05/08/2015 01:04:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: 2.2.4 32-bit.exe, version: 2.2.4.2854, time stamp: 0x54f6f6a9
Faulting module name: 2.2.4 32-bit.exe, version: 2.2.4.2854, time stamp: 0x54f6f6a9
Exception code: 0xc0000005
Fault offset: 0x00463164
Faulting process id: 0x1aa4
Faulting application start time: 0x2.2.4 32-bit.exe0
Faulting application path: 2.2.4 32-bit.exe1
Faulting module path: 2.2.4 32-bit.exe2
Report Id: 2.2.4 32-bit.exe3
Faulting package full name: 2.2.4 32-bit.exe4
Faulting package-relative application ID: 2.2.4 32-bit.exe5

Error: (05/06/2015 09:44:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SLUMBERJACK)
Description: Activation of app WinStore_cw5n1h2txyewy!Windows.Store failed with error: -2144927150 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/06/2015 09:29:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SLUMBERJACK)
Description: Activation of app WinStore_cw5n1h2txyewy!Windows.Store failed with error: -2144927150 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/06/2015 09:14:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SLUMBERJACK)
Description: Activation of app WinStore_cw5n1h2txyewy!Windows.Store failed with error: -2144927150 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/06/2015 08:59:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: SLUMBERJACK)
Description: Activation of app WinStore_cw5n1h2txyewy!Windows.Store failed with error: -2144927150 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (05/11/2015 04:52:57 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/11/2015 04:52:57 PM) (Source: Service Control Manager) (User: )
Description: The Intel® ME Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/11/2015 04:52:56 PM) (Source: Service Control Manager) (User: )
Description: The ASUS Wake Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/11/2015 04:52:56 PM) (Source: Service Control Manager) (User: )
Description: The NIHardwareService service terminated unexpectedly. It has done this 1 time(s).

Error: (05/11/2015 04:52:56 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/11/2015 04:52:56 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Rapid Start Technology Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/11/2015 04:52:56 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (05/11/2015 04:52:55 PM) (Source: Service Control Manager) (User: )
Description: The ASUS InstantOn Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/11/2015 04:52:55 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/11/2015 04:52:55 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (05/11/2015 03:51:39 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SLUMBERJACK)
Description: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe:Microsoft.WindowsLive.Mail.AppX4y6c3g4nq1ywddr4v64vdzznd9w3d820.wwa-2144927150

Error: (05/10/2015 01:17:58 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9igd10iumd32.dll10.18.10.330852379e8fc000000500079f67bb401d08af978b2bb21C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SYSTEM32\igd10iumd32.dll10b8cecd-f6ed-11e4-bf49-60a44c0a3a7a

Error: (05/10/2015 00:45:33 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (05/09/2015 02:27:24 AM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.3.9600.176671fc01d08a3a3d4241e74294967295C:\WINDOWS\Explorer.EXE9921212b-f62d-11e4-bf48-60a44c0a3a7a

Error: (05/08/2015 02:59:53 AM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.3.9600.1766713001d0897597eb494d31C:\WINDOWS\Explorer.EXEf85b3b03-f568-11e4-bf48-60a44c0a3a7a

Error: (05/08/2015 01:04:23 AM) (Source: Application Error)(User: )
Description: 2.2.4 32-bit.exe2.2.4.285454f6f6a92.2.4 32-bit.exe2.2.4.285454f6f6a9c0000005004631641aa401d0895690d2095fC:\Users\Michael\Desktop\2.2.4 32-bit.exeC:\Users\Michael\Desktop\2.2.4 32-bit.exed6110ec6-f558-11e4-bf47-60a44c0a3a7a

Error: (05/06/2015 09:44:50 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SLUMBERJACK)
Description: WinStore_cw5n1h2txyewy!Windows.Store-2144927150

Error: (05/06/2015 09:29:45 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SLUMBERJACK)
Description: WinStore_cw5n1h2txyewy!Windows.Store-2144927150

Error: (05/06/2015 09:14:45 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SLUMBERJACK)
Description: WinStore_cw5n1h2txyewy!Windows.Store-2144927150

Error: (05/06/2015 08:59:45 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: SLUMBERJACK)
Description: WinStore_cw5n1h2txyewy!Windows.Store-2144927150


CodeIntegrity Errors:
===================================
Date: 2015-05-04 17:23:15.625
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\baidu\BaiduAn\4.0.0.5166\hipsengine\BaiduHips.exe that did not meet the Windows signing level requirements.

Date: 2015-05-04 17:23:15.484
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\baidu\BaiduAn\4.0.0.5166\hipsengine\BaiduHips.exe that did not meet the Windows signing level requirements.

Date: 2015-05-04 17:23:15.344
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\baidu\BaiduAn\4.0.0.5166\hipsengine\BaiduHips.exe that did not meet the Windows signing level requirements.

Date: 2015-05-04 17:23:11.265
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\baidu\BaiduSd\3.0.0.4605\hipsengine\BaiduHips.exe that did not meet the Windows signing level requirements.

Date: 2015-05-04 17:23:11.125
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\baidu\BaiduSd\3.0.0.4605\hipsengine\BaiduHips.exe that did not meet the Windows signing level requirements.

Date: 2015-05-04 17:23:11.000
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\baidu\BaiduSd\3.0.0.4605\hipsengine\BaiduHips.exe that did not meet the Windows signing level requirements.

Date: 2015-05-04 17:22:03.696
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\baidu\BaiduAn\4.0.0.5166\hipsengine\BaiduHips.exe that did not meet the Windows signing level requirements.

Date: 2015-05-04 17:22:03.524
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\baidu\BaiduAn\4.0.0.5166\hipsengine\BaiduHips.exe that did not meet the Windows signing level requirements.

Date: 2015-05-04 17:22:03.337
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\baidu\BaiduAn\4.0.0.5166\hipsengine\BaiduHips.exe that did not meet the Windows signing level requirements.

Date: 2015-05-04 17:22:01.964
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\baidu\BaiduSd\3.0.0.4605\hipsengine\BaiduHips.exe that did not meet the Windows signing level requirements.


=========================== Installed Programs ============================

Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\{4592BAE7-B99A-47A5-9B6B-3BC236B9D3E9}) (Version: 3.9.145.62246 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.9.145.62246 - Alcor Micro Corp.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS S Series Product Demo (HKLM-x32\...\{387AA3E2-B9FE-4DA1-A097-A0D2213E8794}) (Version: 1.0.0 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.1.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0002 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.26 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0026 - ASUS)
Avid Mbox 2 USB Drivers (x64) (HKLM\...\{F9242D4E-09E7-45C7-A53A-83375D0FAD42}) (Version: 9.0.2 - Avid Technology, Inc.)
Bleep VSTi (HKLM-x32\...\Bleep VSTi) (Version: - )
Blue Cat's Chorus VST 4.1 (HKLM-x32\...\{16414746-4C9F-45F5-9D0B-1BB2F257710A}) (Version: 4.1 - Blue Cat Audio)
Blue Cat's Flanger VST 3.1 (HKLM-x32\...\{AD5E66F6-AABE-4C99-B302-8C1545DD898F}) (Version: 3.1 - Blue Cat Audio)
Blue Cat's Freeware Pack VST 2.1 (HKLM-x32\...\{0EB8339B-59A8-46e5-9D41-44458EBD7085}) (Version: 2.1 - Blue Cat Audio)
Blue Cat's FreqAnalyst VST 2.1 (HKLM-x32\...\{44D94F3A-D38C-48DF-AEF7-4CD8B078F30F}) (Version: 2.1 - Blue Cat Audio)
Blue Cat's Gain Suite VST 3.1 (HKLM-x32\...\{07C621A7-3284-4AD4-AFC8-7F41C475F056}) (Version: 3.1 - Blue Cat Audio)
Blue Cat's Phaser VST 3.1 (HKLM-x32\...\{697CE55E-469F-4FB7-9FB6-8CC4E50852B2}) (Version: 3.1 - Blue Cat Audio)
Blue Cat's Triple EQ VST 4.1 (HKLM-x32\...\{F2D66909-5A27-4F0F-8E53-18BAE15178EC}) (Version: 4.1 - Blue Cat Audio)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
ExpressCache (HKLM\...\{C123584F-9C84-45E8-AE5F-522328BB79A0}) (Version: 1.0.100.0 - Condusiv Technologies)
FabFilter Pro-Q VST RTAS v1.0.1.6 (HKLM-x32\...\FabFilter Pro-Q VST RTAS_is1) (Version: - TEAM AiR)
Free WAV to MP3 Converter (HKLM-x32\...\Free WAV to MP3 Converter) (Version: 1.0 - Polaris-Software.com)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.6.1082 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.9.0 - PACE Anti-Piracy, Inc.)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
Jun's Factory JM-1 (HKLM-x32\...\JM-1) (Version: - )
KORG Legacy Collection - MonoPoly (HKLM-x32\...\{9EB29B63-FE79-445A-96C8-F02DDB82DADF}) (Version: 1.1.0 - KORG Inc.)
LatencyMon 6.00 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MeldaProduction MFreeEffectsBundle 8 (HKLM-x32\...\MeldaProduction MFreeEffectsBundle 8) (Version: - MeldaProduction)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Native Instruments Abbey Road 60s Drums Vintage (HKLM-x32\...\Native Instruments Abbey Road 60s Drums Vintage) (Version: - Native Instruments)
Native Instruments Circuit Halo (HKLM-x32\...\Native Instruments Circuit Halo) (Version: 1.0.0.7 - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.7.4.199 - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: 5.2.0.2770 - Native Instruments)
Native Instruments Guitar Rig Elements for Maschine (HKLM-x32\...\Native Instruments Guitar Rig Elements for Maschine) (Version: - Native Instruments)
Native Instruments Guitar Rig Mobile IO Driver (HKLM-x32\...\Native Instruments Guitar Rig Mobile IO Driver) (Version: - Native Instruments)
Native Instruments Guitar Rig Session IO Driver (HKLM-x32\...\Native Instruments Guitar Rig Session IO Driver) (Version: - Native Instruments)
Native Instruments Halcyon Sky (HKLM-x32\...\Native Instruments Halcyon Sky) (Version: 1.0.0.10 - Native Instruments)
Native Instruments Komplete Elements Mk2 (HKLM-x32\...\Native Instruments Komplete Elements Mk2) (Version: - Native Instruments)
Native Instruments Komplete Kontrol Driver (HKLM-x32\...\Native Instruments Komplete Kontrol Driver) (Version: - Native Instruments)
Native Instruments Komplete Selection (HKLM-x32\...\Native Instruments Komplete Selection) (Version: - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.4.2.245 - Native Instruments)
Native Instruments Kontakt Elements Selection R2 (HKLM-x32\...\Native Instruments Kontakt Elements Selection R2) (Version: - Native Instruments)
Native Instruments Maschine (HKLM-x32\...\Native Instruments Maschine) (Version: - Native Instruments)
Native Instruments Maschine 2 (HKLM-x32\...\Native Instruments Maschine 2) (Version: 2.2.4.2854 - Native Instruments)
Native Instruments Maschine 2 Factory Library (HKLM-x32\...\Native Instruments Maschine 2 Factory Library) (Version: 1.1.0.7 - Native Instruments)
Native Instruments Maschine Controller (HKLM-x32\...\Native Instruments Maschine Controller) (Version: - Native Instruments)
Native Instruments Maschine Controller Driver (HKLM-x32\...\Native Instruments Maschine Controller Driver) (Version: - Native Instruments)
Native Instruments Maschine Controller MK2 Driver (HKLM-x32\...\Native Instruments Maschine Controller MK2 Driver) (Version: - Native Instruments)
Native Instruments Maschine Mikro Driver (HKLM-x32\...\Native Instruments Maschine Mikro Driver) (Version: - Native Instruments)
Native Instruments Maschine Mikro MK2 Driver (HKLM-x32\...\Native Instruments Maschine Mikro MK2 Driver) (Version: - Native Instruments)
Native Instruments Maschine Studio Driver (HKLM-x32\...\Native Instruments Maschine Studio Driver) (Version: - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.4.2.419 - Native Instruments)
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version: 5.9.2.1074 - Native Instruments)
Native Instruments Reaktor Elements Selection (HKLM-x32\...\Native Instruments Reaktor Elements Selection) (Version: - Native Instruments)
Native Instruments Reaktor Prism (HKLM-x32\...\Native Instruments Reaktor Prism) (Version: 1.6.0.1 - Native Instruments)
Native Instruments Reaktor Spark R2 (HKLM-x32\...\Native Instruments Reaktor Spark R2) (Version: 1.4.0.3 - Native Instruments)
Native Instruments Replika (HKLM-x32\...\Native Instruments Replika) (Version: 1.2.1.713 - Native Instruments)
Native Instruments Rig Kontrol 3 Driver (HKLM-x32\...\Native Instruments Rig Kontrol 3 Driver) (Version: - Native Instruments)
Native Instruments Scarbee Mark I (HKLM-x32\...\Native Instruments Scarbee Mark I) (Version: 1.3.0.7 - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Native Instruments Solid Bus Comp FX (HKLM-x32\...\Native Instruments Solid Bus Comp FX) (Version: 1.1.1.427 - Native Instruments)
Noisebud Lazy Kenneth (HKLM-x32\...\Noisebud Lazy Kenneth1.0) (Version: 1.0 - Noisebud)
OhmForce Frohmage VST2 (HKLM-x32\...\Frohmage VST2) (Version: - )
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Hidden
PSP VintageWarmer2 (HKLM-x32\...\PSP VintageWarmer2) (Version: 2.6.0 - PSPaudioware.com)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 5.10 - Philipp Winterberg)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
StereoToolV3_Native (HKLM\...\{20714255-D592-4BAE-B316-BEAE47CDC859}) (Version: 3.2.35.34029 - Flux:: sound and picture development)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
TAL-Chorus-LX (32bit) (HKLM-x32\...\{537B4EA1-4FF0-430F-8DB2-380D3BE375E0}) (Version: 1.0.0 - TAL - Togu Audio Line)
TAL-U-NO-LX-V2 (32bit) (HKLM-x32\...\{BF996EE2-CD34-4E47-90E9-D4833A69BC54}) (Version: 1.3.7 - TAL - Togu Audio Line)
TAL-U-NO-LX-V2 (32bit) (HKLM-x32\...\{C0873244-4E72-4A75-891D-E99EC0BDEB04}) (Version: 1.3.7 - TAL - Togu Audio Line)
TubeOhm ANTI-TRANSPIRANT V1.06 (HKLM-x32\...\TUBEOHM ANTI-TRANSPIRANT V 1.06_is1) (Version: - )
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Windows Driver Package - ASUS (ATP) Mouse (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 8077.71 MB
Available physical RAM: 6066.59 MB
Total Pagefile: 9357.71 MB
Available Pagefile: 7275.85 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.61 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:444.01 GB) (Free:306.59 GB) NTFS

========================= Users: ========================================

User accounts for \\SLUMBERJACK

48BCFD8E4DAE48019A39 6173689F08F14B1AA3A6 Administrator
Guest Michael

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

23-04-2015 11:12:13 Scheduled Checkpoint
28-04-2015 19:06:38 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
28-04-2015 19:07:35 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
04-05-2015 23:31:21 Removed globalupdate Helper
12-05-2015 10:08:10 Scheduled Checkpoint

**** End of log ****

#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:29 PM

Posted 12 May 2015 - 02:00 PM

That's odd, Baidu isn't in Programs and Features.

Let's try something else.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *Baidu*
    
    :folderfind
    *Baidu*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#5 Slumberjax

Slumberjax
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central California
  • Local time:08:29 AM

Posted 12 May 2015 - 03:49 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 13:47 on 12/05/2015 by Michael
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*Baidu*"
C:\$Recycle.Bin\S-1-5-21-4036031217-1605871042-697544606-1001\$RBPOZOJ\BAIDUANBUGRPT.EXE-99ACEEA8.pf --a---- 31772 bytes [22:20 04/05/2015] [23:15 04/05/2015] 0B8A562ACB07577C78A76D32DA85133D
C:\$Recycle.Bin\S-1-5-21-4036031217-1605871042-697544606-1001\$RBPOZOJ\BAIDUANTRAY.EXE-5936AC74.pf --a---- 41122 bytes [22:19 04/05/2015] [22:19 04/05/2015] 568120099E7E696435B6DC0451673F86
C:\$Recycle.Bin\S-1-5-21-4036031217-1605871042-697544606-1001\$RBPOZOJ\BAIDUANUPDATE.EXE-B9FCDB33.pf --a---- 64832 bytes [22:12 04/05/2015] [23:18 04/05/2015] 5A4E95D6E8CC3464F84CEECC2A04C62A
C:\$Recycle.Bin\S-1-5-21-4036031217-1605871042-697544606-1001\$RBPOZOJ\BAIDUHIPS.EXE-6CD86BDF.pf --a---- 115096 bytes [22:18 04/05/2015] [23:16 04/05/2015] 96F0E58D09CDB16733E29BA937A94827
C:\$Recycle.Bin\S-1-5-21-4036031217-1605871042-697544606-1001\$RBPOZOJ\BAIDUHIPS.EXE-F690EF7B.pf --a---- 119538 bytes [22:18 04/05/2015] [23:16 04/05/2015] 5019692C332402440B3F120D663A526F
C:\$Recycle.Bin\S-1-5-21-4036031217-1605871042-697544606-1001\$RBPOZOJ\BAIDUSDTRAY.EXE-6F7B9690.pf --a---- 38158 bytes [22:19 04/05/2015] [22:19 04/05/2015] BABDA0EE7CB47FF978BC7B27ADC30F58
C:\$Recycle.Bin\S-1-5-21-4036031217-1605871042-697544606-1001\$RBPOZOJ\BAIDUSDUPDATE.EXE-36EDDF8F.pf --a---- 224232 bytes [22:09 04/05/2015] [23:18 04/05/2015] 677A09AF05FBB54B8BDF0396855A954D
C:\$Recycle.Bin\S-1-5-21-4036031217-1605871042-697544606-1001\$RBPOZOJ\BAIDUSDUPROXY64.EXE-6823ED75.pf --a---- 18850 bytes [22:20 04/05/2015] [22:20 04/05/2015] 2E034053E19AF3065A0D4B4B839E9155
C:\AdwCleaner\Quarantine\C\Program Files (x86)\baidu\baidu.ini.vir --a---- 45 bytes [21:03 04/05/2015] [21:03 04/05/2015] 207BC1FEDA769EBE5AD530C0E40D6547
C:\Users\Michael\AppData\Local\Microsoft\Internet Explorer\DOMStore\O8I59ZX2\www.baidu[1].xml --a---- 114 bytes [23:23 04/05/2015] [23:23 04/05/2015] 0D8C0A85EE7FE97AF5E58CD09A9349FC
C:\Users\Michael\AppData\Local\Microsoft\Windows\INetCache\IE\KEUY0UQB\baidu-something-or-other-in-chinese[1].htm --a---- 118600 bytes [20:46 12/05/2015] [20:46 12/05/2015] A989A7A5F8E75C829117388E9A2F9EA4
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Recent\http--www.baidu.com-.lnk --a---- 198 bytes [23:23 04/05/2015] [23:23 04/05/2015] 62C47853E22777402AF8887B616D431D
C:\Windows\Fonts\baiduan_number_new.ttf --a---- 29096 bytes [21:06 04/05/2015] [05:02 03/04/2015] 67960BCB783E87E7249EF0BC9D37E86B
C:\Windows\Fonts\baidusd_number_new.ttf --a---- 29140 bytes [21:04 04/05/2015] [07:37 06/11/2014] C4CAB9449756AE02B514980144C981AB

========== folderfind ==========

Searching for "*Baidu"
C:\AdwCleaner\Quarantine\C\Program Files (x86)\baidu d------ [00:22 05/05/2015]
C:\AdwCleaner\Quarantine\C\ProgramData\baidu d------ [00:22 05/05/2015]
C:\AdwCleaner\Quarantine\C\Users\Michael\AppData\Roaming\baidu d------ [00:23 05/05/2015]

-= EOF =-

#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:29 PM

Posted 12 May 2015 - 03:53 PM

Hi there,

Let's see if these tools can catch those Baidu leftovers.

Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
===

AdwCleaner - Scan & Clean

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Regards,
Alex

#7 Slumberjax

Slumberjax
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central California
  • Local time:08:29 AM

Posted 12 May 2015 - 04:28 PM

# AdwCleaner v4.203 - Logfile created 12/05/2015 at 14:24:13
# Updated 30/04/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Michael - SLUMBERJACK
# Running from : C:\Users\Michael\Desktop\NI Stuff\Antivirus Apps\adwcleaner_4.203.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : bd0001
[#] Service Deleted : bd0002
[#] Service Deleted : BDMWrench_x64
Service Deleted : TAOAccelerator
[#] Service Deleted : TSDefenseBt
[#] Service Deleted : TSSysKit
[#] Service Deleted : QMUdisk

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\tencent
Folder Deleted : C:\Program Files (x86)\Common Files\tencent
Folder Deleted : C:\Users\Michael\AppData\Local\Temp\tencent
Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\tencent
File Deleted : C:\WINDOWS\System32\drivers\BDDefense.sys
File Deleted : C:\WINDOWS\System32\drivers\bd0001.sys
File Deleted : C:\WINDOWS\System32\drivers\bd0002.sys
File Deleted : C:\WINDOWS\System32\drivers\bd0003.sys
File Deleted : C:\WINDOWS\System32\drivers\BDArKit.SYS
File Deleted : C:\WINDOWS\System32\drivers\BDMWrench_x64.sys

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Baidu

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v

*************************

AdwCleaner[R0].txt - [12384 bytes] - [04/05/2015 17:21:09]
AdwCleaner[R1].txt - [1670 bytes] - [12/05/2015 14:23:08]
AdwCleaner[S0].txt - [10569 bytes] - [04/05/2015 17:22:34]
AdwCleaner[S1].txt - [1655 bytes] - [12/05/2015 14:24:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1714  bytes] ##########



#8 Slumberjax

Slumberjax
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central California
  • Local time:08:29 AM

Posted 12 May 2015 - 04:29 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.0 (05.09.2015:1)
OS: Windows 8.1 x64
Ran by Michael on Tue 05/12/2015 at 14:18:00.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Failed to stop: [Service] bd0001
Failed to stop: [Service] bd0002
Failed to stop: [Service] bdmwrench_x64

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Failed to delete: [Folder] C:\Program Files (x86)\tencent

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/12/2015 at 14:19:35.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#9 Slumberjax

Slumberjax
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central California
  • Local time:08:29 AM

Posted 12 May 2015 - 04:33 PM

Alex, It would appear that what you're helping with is working so far. When I right click things on my desktop, The Baidu Chinese writing prompts seem to have disappeared, so thank you so much for that. I guess it wasn't malicious, but it was annoying, and unwarranted. If you notice anything else I should remove, I'm happy to keep debugging as long as you are. Thank you graciously for your speedy responses and professionalism :) Mike



#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:29 PM

Posted 13 May 2015 - 12:18 AM

Hi there,

It appears that you had both Baidu and Tencent on your machine. They are legit Chinese companies, and both produce antivirus software. However Tencent is one of the two vendors in hot water for cheating in AV tests recently, so I would doubt their products' effectiveness.

Meanwhile please take note of the following:

- Your Malwarebytes installation is outdated (the current version is 2.1.6.1022).

- Please uninstall SUPERAntiSpyware - its effectiveness is poor and you already have Malwarebytes which is better.

Okay... now we just need to clean things up and you are good to go.

Download DelFix from here and save it to your Desktop.
  • Close all running programs and start DelFix.
  • Make sure all available options are checked.
  • Click Run.
  • DelFix will remove the most of the tools used during the cleaning process.
You can uninstall ESET Online Scanner from Programs and Features in Control Panel.

Keep your non-Microsoft applications updated as well
Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Personal Software Inspector - I suggest that you run it at least once a month.

Malwarebytes Anti-Exploit
Malwarebytes Anti-Exploit (MBAE) is a very useful utility in keeping your computer safe on the Internet. It uses innovative technologies to block exploits - peepholes in software that cybercriminals can use to get their malware into your system, thus stopping their advance before they can drop their payload. What's more, it's a "fire and forget" solution - just install MBAE and it will automatically do its job.
Malwarebytes Anti-Exploit Free offers protection for your browsers - upgrading to Premium allows you to create customized shields for other applications.

Safe computing practices

Best Practices for Safe Computing - Prevention of Malware Infection
How Malware Spreads - How did I get infected
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)

If you have any questions left, feel free to ask me here.

Regards,
Alex

#11 Slumberjax

Slumberjax
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Central California
  • Local time:08:29 AM

Posted 13 May 2015 - 01:05 AM

Awesome. Done and done. Couldn't find EST online to uninstall, but as far as I can tell everything else is cleared up. Thx again
Mike




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users