Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected by malware [Solved]


  • This topic is locked This topic is locked

#1
sylvia69

sylvia69

    New Member

  • Member
  • Pip
  • 4 posts

Infected by virus named adanak, lucky leap, and YourFileDownloader. I had unistall those from control panel, remove the browser extension, run several malware remover, but it not help.

The virus even infect my another PC dues to I forget the turn off the sync setting in chrome. When I open the chrome in another PC, that PC get infected too. I had now clear the sync browser data, but it seem too lated. I decide to reformat both of my PC since during the process of remove virus, many file had been accidently remove and cause many program and application fail to function.

Before reformat, I want to ensure the data which want to backup is clean from virus. 

Below is my OTL log, hope your can help me to get rid from virus. Thanks in advance.

 

OTL logfile created on: 27-Jul-14 3:30:32 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\name\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
 
3.98 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 49.48% Memory free
7.95 Gb Paging File | 6.14 Gb Available in Paging File | 77.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 575.98 Gb Total Space | 348.92 Gb Free Space | 60.58% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 16.84 Gb Free Space | 17.25% Space Free | Partition Type: NTFS
Drive E: | 2.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: NAME-PC | User Name: name | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-07-27 14:24:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\name\Downloads\OTL.exe
PRC - [2014-07-27 13:05:57 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
PRC - [2014-07-22 05:02:50 | 035,464,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\name\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014-07-07 17:45:24 | 000,359,752 | ---- | M] (360.cn) -- C:\Program Files (x86)\360\360Safe\safemon\360tray.exe
PRC - [2014-05-27 22:00:44 | 000,236,360 | ---- | M] (360.cn) -- C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe
PRC - [2011-05-31 04:48:18 | 000,082,944 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2011-05-31 04:48:16 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2011-03-14 01:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011-01-26 02:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010-11-20 20:17:56 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010-10-08 05:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010-10-06 12:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010-10-01 06:15:20 | 001,078,912 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010-09-24 07:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010-08-18 05:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009-12-16 01:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009-06-20 01:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009-06-20 01:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009-06-16 08:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008-12-23 08:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008-08-14 12:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-07-27 15:23:13 | 000,043,008 | ---- | M] () -- c:\Users\name\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmndydq.dll
MOD - [2014-07-22 04:53:39 | 003,610,624 | ---- | M] () -- C:\Users\name\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014-03-22 00:17:09 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014-03-21 08:44:17 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll
MOD - [2014-03-21 08:43:11 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll
MOD - [2014-03-21 08:42:36 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014-03-21 08:42:19 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014-03-21 08:42:08 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014-03-21 08:42:00 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014-03-21 08:41:57 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll
MOD - [2014-03-21 08:41:33 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014-03-21 08:41:27 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014-03-21 08:41:14 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013-10-19 07:55:03 | 025,100,288 | ---- | M] () -- C:\Users\name\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2011-05-31 04:48:14 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2010-10-01 06:14:04 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2010-10-01 06:13:38 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010-10-01 06:13:12 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
MOD - [2010-10-01 06:13:06 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010-09-24 07:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2014-03-02 21:58:08 | 000,977,088 | ---- | M] () [Auto | Stopped] -- C:\Program Files\KMSpico\Service_KMS.exe -- (Service KMSELDI)
SRV:64bit: - [2013-05-27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012-05-11 12:14:28 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011-03-09 22:50:42 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011-01-26 05:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [On_Demand | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010-11-30 06:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2014-07-10 11:09:45 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-07-02 17:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014-05-27 22:00:44 | 000,236,360 | ---- | M] (360.cn) [Auto | Running] -- C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe -- (ZhuDongFangYu)
SRV - [2014-04-03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014-03-09 18:19:30 | 000,294,912 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\KMSServerService\KMS Server Service.exe -- (KMSServerService)
SRV - [2012-07-09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012-06-24 17:59:00 | 004,985,056 | ---- | M] (BzeekLand LTD.) [On_Demand | Stopped] -- C:\Program Files (x86)\Bzeek\bzeek.exe -- (bzeekuninstallsvc)
SRV - [2012-03-15 13:53:28 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011-03-14 01:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011-03-14 01:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [On_Demand | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010-10-06 12:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010-10-06 12:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-12-16 01:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009-06-16 08:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009-06-11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008-08-15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-07-17 15:07:06 | 000,030,424 | ---- | M] (Sony Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsomc.sys -- (ggsomc)
DRV:64bit: - [2014-07-17 15:07:06 | 000,016,088 | ---- | M] (Sony Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2014-07-16 23:18:07 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2014-07-03 15:49:22 | 000,069,192 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\360netmon.sys -- (360netmon)
DRV:64bit: - [2014-06-16 13:42:46 | 000,103,496 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\360AntiHacker64.sys -- (360AntiHacker)
DRV:64bit: - [2014-05-27 17:23:28 | 000,311,368 | ---- | M] (360.cn) [File_System | System | Running] -- C:\Windows\SysNative\drivers\360Box64.sys -- (360Box64)
DRV:64bit: - [2014-05-14 14:28:52 | 000,181,320 | ---- | M] (360安全中心) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\360Hvm64.sys -- (360Hvm)
DRV:64bit: - [2014-04-18 18:36:10 | 000,310,856 | ---- | M] (360.cn) [File_System | System | Running] -- C:\Windows\SysNative\drivers\360fsflt.sys -- (360FsFlt)
DRV:64bit: - [2014-04-18 16:30:30 | 000,040,520 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\360Camera64.sys -- (360Camera)
DRV:64bit: - [2014-04-15 15:18:46 | 000,180,808 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BAPIDRV64.SYS -- (BAPIDRV)
DRV:64bit: - [2013-09-03 11:15:32 | 000,017,600 | ---- | M] (360安全中心) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SearchHotKeyx64.sys -- (SearchHotKey)
DRV:64bit: - [2013-08-22 16:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013-03-18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013-02-13 05:01:36 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013-02-12 12:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013-02-08 10:49:50 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012-07-26 07:32:08 | 000,307,968 | ---- | M] (D-vitec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dvitdcnt.sys -- (D-Vitec)
DRV:64bit: - [2012-03-26 14:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012-03-01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-10-07 10:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011-06-03 01:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011-06-03 01:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011-03-14 01:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011-03-14 01:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011-03-14 01:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011-03-14 01:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011-03-14 01:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011-03-14 01:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011-03-14 01:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011-03-11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-03-09 23:33:50 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-03-09 22:15:20 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010-12-31 18:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010-12-29 03:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-11-30 06:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010-11-20 21:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 19:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 19:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-11-17 08:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010-11-05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010-09-23 15:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010-09-22 00:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010-08-03 18:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2009-07-20 17:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009-07-14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-11 04:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009-06-11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-11 04:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009-06-11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008-06-27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008-05-30 13:13:32 | 000,034,360 | ---- | M] (Canopus Co,. Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrblock.sys -- (cdrblock)
DRV:64bit: - [2008-05-24 08:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008-05-06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008-02-06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2010-07-27 04:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009-07-14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-03 08:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2008-08-14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp...R03XXXX5WS2ER03
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp...&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp...&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.so.com/?src=xzq
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp...R03XXXX5WS2ER03
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp...&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp...&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.so.com/?src=xzq
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2680072073-3876680634-2631007406-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp...R03XXXX5WS2ER03
IE - HKU\S-1-5-21-2680072073-3876680634-2631007406-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...&q={searchTerms}
IE - HKU\S-1-5-21-2680072073-3876680634-2631007406-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.so.com/?src=xzq
IE - HKU\S-1-5-21-2680072073-3876680634-2631007406-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...&q={searchTerms}
IE - HKU\S-1-5-21-2680072073-3876680634-2631007406-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...&q={searchTerms}
IE - HKU\S-1-5-21-2680072073-3876680634-2631007406-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-2680072073-3876680634-2631007406-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...&q={searchTerms}
IE - HKU\S-1-5-21-2680072073-3876680634-2631007406-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2680072073-3876680634-2631007406-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2680072073-3876680634-2631007406-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.11.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.11.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll File not found
FF - HKLM\Software\MozillaPlugins\@360.cn/npaxlogin: C:\Program Files (x86)\360\360Safe\Utils\npaxlogin.dll (360.cn)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@alipay.com/npaliedit: C:\Windows\system32\aliedit\3.6.0.0\npaliedit.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@iciba.com/GrabWord: C:\Program Files (x86)\Kingsoft\PowerWordDict\plugin\NPAPI\npGrabWord.dll (Kingsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.11.2: C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.11.2: C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll (Thunder Networking Technologies,LTD)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll File not found
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@360.cn/360MMPlugin: C:\Program Files (x86)\360\360Safe\mobilemgr\np360MMPlugIn.dll (360.cn)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll File not found
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.2.dll (Thunder Networking Technologies,LTD)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Kingsoft\PowerWordDict\plugin\Firefox [2014-06-11 23:40:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\nzlzdpyb.default\extensions\[email protected]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\name\AppData\Roaming\IDM\idmmzcc5
 
[2014-07-26 15:30:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\name\AppData\Roaming\Mozilla\Firefox\Profiles\8dwmiiqa.default-1406351239874\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/ncr
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: 360MMPlugin (Enabled) = C:\Program Files (x86)\360\360Safe\MobileMgr\np360MMPlugIn.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: 閲戝北璇嶉湼鍙栬瘝鎻掍欢 (Enabled) = C:\Program Files (x86)\Kingsoft\PowerWordDict\plugin\NPAPI\npGrabWord.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: QvodInsert (Enabled) = C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll
CHR - plugin: QvodShareModule (Enabled) = C:\Program Files (x86)\QvodPlayer\npShareModule.dll
CHR - plugin: Windows Live聶 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: NoCountryRedirect (NCR) = C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciboebddidackjicoeoiigdnbmchkdll\0.6.1303_1\
CHR - Extension: Select all Facebook friends = C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbcjpjecmkjagmnhgfojblhjhnalbda\1.0_1\
CHR - Extension: Kingsoft Powerword Grab Word = C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\cngicmmkocjjbmacacmchjhdimdhfgod\2.1_1\
CHR - Extension: Facebook Disconnect = C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.6.6_1\
CHR - Extension: Motivate = C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikbnglopgmdoobfkallgioahbeddajc\0.5_1\
CHR - Extension: 釆犪垱釄姏 (Amharic) = C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiicejfhlmmhlekmafefbecflcpdkocb\2.3.2.0_0\
CHR - Extension: Be Limitless = C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpnljppdhjpafeaokemhcggofohekbp\0.80_1\
CHR - Extension: Dayboard - New Tab Page = C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\kimodcegbhclamjcbifgfaldeengbgij\0.2.0_1\
CHR - Extension: Google Input Tools = C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\mclkkofklkfljcocdinagocijmpgbhab\3.7.1.5_1\
CHR - Extension: Google Wallet = C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Time's Up! - Facebook time limiter = C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjlcinlanjcnogakmjmjhmblfddmmlj\1.0.1_1\
CHR - Extension: Facebook Invite All Subrange = C:\Users\name\AppData\Local\Google\Chrome\User Data\Default\Extensions\phlacnclhiinhhoaonnoflhaoaklmfek\0.1.1_1\
 
O1 HOSTS File: ([2014-04-28 13:21:54 | 000,001,312 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (SafeMon Class) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files (x86)\360\360Safe\safemon\safemon64.dll (360.cn)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SafeMon Class) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files (x86)\360\360Safe\safemon\safemon.dll (360.cn)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [360Safetray] C:\Program Files (x86)\360\360Safe\safemon\360tray.exe (360.cn)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\name\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2680072073-3876680634-2631007406-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-2680072073-3876680634-2631007406-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2680072073-3876680634-2631007406-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-2680072073-3876680634-2631007406-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.11.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.11.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AF20393-E60D-4EC7-8A19-ABA5193305C5}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AF20393-E60D-4EC7-8A19-ABA5193305C5}: NameServer = 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E6CC1D-D844-4347-A581-C172887D6394}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31E2A555-AA22-4DCC-81D3-1F04E5A97C88}: NameServer = 120.126.193.1,120.126.125.1
O18:64bit: - Protocol\Handler\ic32pp - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo - No CLSID value found
O18:64bit: - Protocol\Handler\KuGoo3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\Windows\wc98pp.dll ()
O18 - Protocol\Handler\KuGoo {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KUGOU2~1\KUGOO3~1.OCX File not found
O18 - Protocol\Handler\KuGoo3 {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~2\KUGOU2~1\KUGOO3~1.OCX File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014-07-26 15:10:39 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009-07-14 15:49:30 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{043b1b6a-cfa7-11e1-9012-14dae9aca8e4}\Shell - "" = AutoRun
O33 - MountPoints2\{043b1b6a-cfa7-11e1-9012-14dae9aca8e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{043b1b7e-cfa7-11e1-9012-14dae9aca8e4}\Shell - "" = AutoRun
O33 - MountPoints2\{043b1b7e-cfa7-11e1-9012-14dae9aca8e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2fd4740c-cfdd-11e1-ada3-14dae9aca8e4}\Shell - "" = AutoRun
O33 - MountPoints2\{2fd4740c-cfdd-11e1-ada3-14dae9aca8e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{33960108-d16b-11e1-b0c9-14dae9aca8e4}\Shell - "" = AutoRun
O33 - MountPoints2\{33960108-d16b-11e1-b0c9-14dae9aca8e4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{51cdbabc-deff-11e2-b53f-14dae9aca8e4}\Shell - "" = AutoRun
O33 - MountPoints2\{51cdbabc-deff-11e2-b53f-14dae9aca8e4}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{7c4711ae-3e0f-11e2-9fa0-14dae9aca8e4}\Shell - "" = AutoRun
O33 - MountPoints2\{7c4711ae-3e0f-11e2-9fa0-14dae9aca8e4}\Shell\AutoRun\command - "" = wscript.exe "invis.vbs" "start.bat"
O33 - MountPoints2\{a3259692-6c4c-11e2-b555-742f68d491d4}\Shell - "" = AutoRun
O33 - MountPoints2\{a3259692-6c4c-11e2-b555-742f68d491d4}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{a8feeb9f-7041-11e2-8e67-14dae9aca8e4}\Shell - "" = AutoRun
O33 - MountPoints2\{a8feeb9f-7041-11e2-8e67-14dae9aca8e4}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{fc7cd2cb-f188-11e0-ad96-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fc7cd2cb-f188-11e0-ad96-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2009-07-14 15:49:30 | 000,106,760 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-07-27 15:23:03 | 000,000,000 | ---D | C] -- C:\Users\name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014-07-27 13:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014-07-27 04:22:20 | 000,000,000 | R--D | C] -- C:\Users\name\Google Drive
[2014-07-27 04:20:12 | 000,000,000 | R--D | C] -- C:\Users\name\OneDrive
[2014-07-27 04:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft OneDrive
[2014-07-27 04:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2014-07-27 03:55:39 | 000,000,000 | ---D | C] -- C:\adt-bundle-windows-x86_64-20140702
[2014-07-27 03:54:51 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014-07-27 03:54:34 | 000,176,552 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014-07-27 03:54:34 | 000,176,040 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014-07-27 03:54:34 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014-07-27 03:17:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014-07-27 03:17:13 | 000,321,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014-07-27 03:17:07 | 000,191,400 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014-07-27 03:17:07 | 000,190,888 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014-07-27 03:17:07 | 000,111,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014-07-27 03:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014-07-27 02:18:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2014-07-27 01:58:17 | 000,000,000 | ---D | C] -- C:\Dev
[2014-07-27 01:26:21 | 000,000,000 | ---D | C] -- C:\Users\name\Documents\Visual Studio 2008
[2014-07-27 00:32:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Docear
[2014-07-27 00:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Docear4Word
[2014-07-27 00:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Docear4Word
[2014-07-26 18:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2014-07-26 17:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2014-07-26 17:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2014-07-26 17:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2014-07-26 15:05:44 | 000,000,000 | ---D | C] -- C:\Users\name\AppData\Local\Anvisoft
[2014-07-26 14:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014-07-26 13:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-07-26 13:28:02 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014-07-25 20:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2014-07-25 19:08:24 | 000,000,000 | ---D | C] -- C:\Users\name\Docear
[2014-07-24 17:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Docear
[2014-07-24 17:29:06 | 000,000,000 | ---D | C] -- C:\Users\name\Documents\Docear4Word
[2014-07-24 17:28:40 | 000,000,000 | ---D | C] -- C:\Users\name\Documents\Add-in Express
[2014-07-22 23:25:02 | 000,000,000 | ---D | C] -- C:\Users\name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014-07-22 23:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014-07-22 20:47:14 | 000,000,000 | ---D | C] -- C:\Users\name\AppData\Roaming\Notepad++
[2014-07-22 20:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2014-07-22 02:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin
[2014-07-18 00:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Mobile
[2014-07-17 17:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2014-07-17 15:07:06 | 000,030,424 | ---- | C] (Sony Mobile Communications) -- C:\Windows\SysNative\drivers\ggsomc.sys
[2014-07-17 15:07:06 | 000,016,088 | ---- | C] (Sony Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2014-07-16 23:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014-07-16 23:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014-07-16 23:37:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014-07-16 23:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014-07-16 23:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014-07-16 23:18:20 | 000,000,000 | ---D | C] -- C:\Users\name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
[2014-07-16 23:18:07 | 000,034,032 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\seehcri.sys
[2014-07-16 23:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Mobile
[2014-07-15 22:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\yEd Graph Editor
[2014-07-15 22:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\yWorks
[2014-07-12 13:30:52 | 000,000,000 | ---D | C] -- C:\Users\name\AppData\Roaming\Mozilla
[2014-07-10 17:58:42 | 000,000,000 | ---D | C] -- C:\opencv
[2014-07-10 11:20:50 | 000,000,000 | ---D | C] -- C:\Users\name\AppData\Local\Opera Software
[2014-07-10 11:20:49 | 000,000,000 | ---D | C] -- C:\Users\name\AppData\Roaming\Opera Software
[2014-07-06 14:00:37 | 000,000,000 | ---D | C] -- C:\Users\name\AppData\Local\Skype
[2014-07-06 14:00:30 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014-07-06 14:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014-07-06 14:00:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014-07-05 15:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qiqqa
[2014-07-05 15:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qiqqa
[2014-07-05 14:49:47 | 000,000,000 | ---D | C] -- C:\Users\name\AppData\Local\Adobe
[2014-07-05 14:45:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014-07-27 15:23:57 | 000,001,003 | ---- | M] () -- C:\Users\name\Desktop\Dropbox.lnk
[2014-07-27 15:23:16 | 000,002,257 | ---- | M] () -- C:\Users\name\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014-07-27 15:23:16 | 000,001,013 | ---- | M] () -- C:\Users\name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014-07-27 15:10:00 | 000,000,550 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-07-27 13:12:51 | 000,001,150 | ---- | M] () -- C:\Users\name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
[2014-07-27 13:10:00 | 000,000,546 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-07-27 13:08:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-07-27 13:08:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-07-27 13:06:34 | 000,002,233 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014-07-27 13:03:27 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2014-07-27 13:03:27 | 000,000,510 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2014-07-27 13:03:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-07-27 13:03:04 | 3203,239,936 | -HS- | M] () -- C:\hiberfil.sys
[2014-07-27 12:25:41 | 000,001,256 | ---- | M] () -- C:\Users\name\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014-07-27 05:31:12 | 000,801,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-07-27 05:31:12 | 000,668,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-07-27 05:31:12 | 000,126,962 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014-07-27 03:54:29 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014-07-27 03:54:17 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014-07-27 03:54:17 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014-07-27 03:54:16 | 000,176,040 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014-07-27 03:17:02 | 000,111,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014-07-27 03:17:01 | 000,321,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014-07-27 03:17:01 | 000,191,400 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014-07-27 03:17:01 | 000,190,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014-07-27 03:03:29 | 000,049,993 | ---- | M] () -- C:\Users\name\Desktop\Untitled.png
[2014-07-27 00:32:19 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Docear.lnk
[2014-07-26 23:34:56 | 000,039,950 | ---- | M] () -- C:\Users\name\Desktop\literature_and_annotations.html
[2014-07-26 22:11:40 | 000,000,000 | ---- | M] () -- C:\Users\name\defogger_reenable
[2014-07-26 17:08:29 | 000,000,935 | ---- | M] () -- C:\Users\name\Desktop\pointer.c
[2014-07-26 17:06:26 | 000,000,878 | ---- | M] () -- C:\Users\name\Desktop\pointer.o
[2014-07-26 15:51:15 | 000,000,973 | ---- | M] () -- C:\Users\name\Desktop\pointer2.o
[2014-07-26 15:10:39 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014-07-24 22:29:37 | 370,763,706 | ---- | M] () -- C:\adt-bundle-windows-x86_64-20140702.zip
[2014-07-21 04:01:27 | 002,113,536 | ---- | M] () -- C:\Users\name\Documents\efficient dairy.edfx
[2014-07-18 01:32:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2014-07-17 23:43:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsomc_01009.Wdf
[2014-07-17 15:07:06 | 000,030,424 | ---- | M] (Sony Mobile Communications) -- C:\Windows\SysNative\drivers\ggsomc.sys
[2014-07-17 15:07:06 | 000,016,088 | ---- | M] (Sony Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2014-07-16 23:18:07 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\seehcri.sys
[2014-07-16 18:00:50 | 003,050,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014-07-16 17:06:58 | 000,027,420 | ---- | M] () -- C:\Users\name\Desktop\pointer.exe
[2014-07-10 11:09:45 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014-07-10 11:09:44 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014-07-03 15:49:22 | 000,069,192 | ---- | M] (360.cn) -- C:\Windows\SysNative\drivers\360netmon.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014-07-27 15:23:57 | 000,001,003 | ---- | C] () -- C:\Users\name\Desktop\Dropbox.lnk
[2014-07-27 15:23:16 | 000,001,013 | ---- | C] () -- C:\Users\name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014-07-27 13:06:34 | 000,002,257 | ---- | C] () -- C:\Users\name\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014-07-27 13:06:34 | 000,002,233 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014-07-27 13:05:59 | 000,000,550 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-07-27 13:05:58 | 000,000,546 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-07-27 03:03:29 | 000,049,993 | ---- | C] () -- C:\Users\name\Desktop\Untitled.png
[2014-07-27 00:32:19 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Docear.lnk
[2014-07-27 00:20:47 | 000,000,935 | ---- | C] () -- C:\Users\name\Desktop\pointer.c
[2014-07-26 23:34:56 | 000,039,950 | ---- | C] () -- C:\Users\name\Desktop\literature_and_annotations.html
[2014-07-26 22:11:40 | 000,000,000 | ---- | C] () -- C:\Users\name\defogger_reenable
[2014-07-26 15:39:00 | 000,000,973 | ---- | C] () -- C:\Users\name\Desktop\pointer2.o
[2014-07-26 15:10:39 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014-07-26 14:36:46 | 000,000,878 | ---- | C] () -- C:\Users\name\Desktop\pointer.o
[2014-07-24 22:28:48 | 370,763,706 | ---- | C] () -- C:\adt-bundle-windows-x86_64-20140702.zip
[2014-07-18 01:32:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2014-07-17 23:43:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsomc_01009.Wdf
[2014-07-16 10:13:29 | 000,027,420 | ---- | C] () -- C:\Users\name\Desktop\pointer.exe
[2014-07-11 23:13:45 | 003,050,680 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014-04-28 13:40:14 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014-04-04 14:53:49 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\glut32.dll
[2014-01-06 23:40:20 | 000,000,145 | ---- | C] () -- C:\Users\name\.appletviewer
[2013-11-21 19:09:38 | 000,001,078 | ---- | C] () -- C:\Users\name\AppData\Roaming\base64.cer
[2013-08-16 23:54:09 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013-06-15 15:17:52 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
[2013-06-15 15:17:52 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
[2013-06-15 15:17:52 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
[2013-06-15 15:17:29 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2013-06-15 15:17:29 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2013-06-15 15:17:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2013-06-15 15:17:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth2.dll
[2013-06-15 15:17:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth1.dll
[2013-06-15 15:17:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nsprs.dll
[2013-06-15 15:16:22 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2013-06-15 15:16:22 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2013-06-09 21:53:19 | 000,000,408 | ---- | C] () -- C:\Users\name\AppData\Roaming\CamShapes.ini
[2013-06-09 21:53:19 | 000,000,408 | ---- | C] () -- C:\Users\name\AppData\Roaming\CamLayout.ini
[2013-06-09 21:53:19 | 000,000,103 | ---- | C] () -- C:\Users\name\AppData\Roaming\Camdata.ini
[2013-06-09 21:35:12 | 000,004,509 | ---- | C] () -- C:\Users\name\AppData\Roaming\CamStudio.cfg
[2013-03-12 11:30:07 | 000,000,533 | ---- | C] () -- C:\Windows\wininit.ini
[2013-03-05 13:54:02 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2012-04-03 10:14:31 | 000,000,954 | ---- | C] () -- C:\Users\name\AppData\Roaming\coreavc.ini
[2012-02-29 16:56:10 | 000,000,009 | ---- | C] () -- C:\Users\name\AppData\Roaming\pwpe_wiki_ini.conf
[2011-04-13 20:54:22 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009-07-14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-03-25 10:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-03-25 10:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 20:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:81F83028
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:A1EDB939
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:3E7393FC

< End of report >

Attached Files


  • 0

Advertisements


#2
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello sylvia69, 
 
My name is Teima and I'll be happy to assist you with this issue. Before we commence I'd like to ask that you take into careful thought of the points which I've listed below as they will beneficial to the guidance as to which I'll present yourself with here on Geekstogo. :)
 
Notes before we commence:
 
  • It's important that you reply within four days. If you haven't replied within that time, the thread will be closed.
  • As the process of malware removal is often challenging at times I'd like you to take into consideration that it may take multiple replies in order to resolve the issue/issues present.
  • If you are uncertain about any of the steps as to which I present yourself with. Please feel free to ask myself for further clarification.
  • It's important that you don't use tools which have been recommended for other users of the forum, failure to follow these guidelines will most likely result in an unbootable machine.
  • These steps only apply for the user "sylvia69". If you're reading this thread and you're requiring assistance, then read this thread and follow the listed steps carefully.
  • The absence of symptoms does not necessarily mean that your system is clean. Please stick with me until I state that your system is clean.
  • If It's been a total of three days and you've yet to receive a response from myself. Please send myself a reminder by clicking here and attaching the appropriate thread link where I can respond.

Extra

 
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have two people examining your issue. Thanks for your consideration. :thumbsup:

  • 0

#3
sylvia69

sylvia69

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Hi Teima, thanks for your help. Due to I urgent use for my laptop, I had already backup and reformat my computer. However, the virus had been infected my backup data too. As the result the new formatted computer also getting malware. 
Again, I will try to reformat my computer. Hopefully the malware not going to infect my computer once again.


  • 0

#4
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts

Ok thanks for informing me. Please do let me know how you get on with it. :)


  • 0

#5
sylvia69

sylvia69

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Okay. I just reformat my PC. It seem okay so far. Thanks for your help. =D


  • 0

#6
Teima

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts

Perfect. Do you require any further assistance?


  • 0

#7
sylvia69

sylvia69

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

No for now. Thanks for concern. Btw, this forum are awesome. Keep going & thanks ;)


  • 0

#8
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP