Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser hijacked by hao123.com [Solved]

Started by intuitions , Sep 20 2014 08:22 PM
hao123 malware spyware hijack browser

  • This topic is locked This topic is locked

#1
intuitions
Posted 20 September 2014 - 08:22 PM

intuitions

    New Member

  • Member
  • Pip
  • 2 posts

Hi,

 

About two or three days ago, an application called QVOD updated without my knowledge and suddenly my browsers (Firefox and IE;except Chrome) are now conquered by this url http://www.hao123.co...97473572_hao_pg.

 

My default browser was firefox, so I uninstalled the firefox and QVOD applications. Tried several malware scanner and remover but the problem still exists.

 

As one of the user named happyhome posted on 26 Jul 2014, I have tried malwarebyte, spy hunter, adwcleaner and etc, so far only spy hunter identified hao123.com but could not remove it as it is not free.

 

Below are some of the logs I obtained after reading the above-mentioned post:-

 

1. OTL Scan Report:

 

OTL logfile created on: 21-09-14 10:05:14 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MM-yy
 
3.49 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 39.88% Memory free
5.32 Gb Paging File | 3.13 Gb Available in Paging File | 58.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 20.99 Gb Free Space | 21.49% Space Free | Partition Type: NTFS
Drive D: | 736.19 Gb Total Space | 9.25 Gb Free Space | 1.26% Space Free | Partition Type: NTFS
Drive E: | 97.65 Gb Total Space | 30.95 Gb Free Space | 31.69% Space Free | Partition Type: NTFS
Drive G: | 1862.98 Gb Total Space | 85.85 Gb Free Space | 4.61% Space Free | Partition Type: NTFS
 
Computer Name: INTUITIONS | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-09-21 10:05:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2014-09-04 11:01:19 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2014-08-21 21:44:00 | 004,796,696 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2014-07-23 07:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2014-07-22 15:25:38 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2014-07-22 15:15:46 | 005,562,736 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2014-06-27 11:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014-06-24 10:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014-06-02 10:36:12 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2014-05-12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014-05-12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014-05-12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014-04-28 17:03:05 | 000,874,144 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
PRC - [2014-04-14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014-03-24 15:53:53 | 001,004,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
PRC - [2014-02-23 11:28:10 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
PRC - [2013-11-08 18:53:36 | 000,071,261 | ---- | M] (ShenZhen Thunder Networking Technologies,Ltd.) -- C:\Documents and Settings\user\Local Settings\Temp\~nsu.tmp\Cu_.exe
PRC - [2013-07-23 09:08:38 | 001,089,888 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013-07-10 14:23:10 | 001,694,080 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
PRC - [2011-12-26 23:18:13 | 001,528,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
PRC - [2011-12-26 23:18:13 | 000,845,880 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
PRC - [2010-12-20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010-12-20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010-11-17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2008-04-14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-04-14 08:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2007-06-01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007-06-01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006-05-06 09:29:38 | 000,006,656 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-09-21 05:28:46 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Temp\nsk45F.tmp\System.dll
MOD - [2014-09-04 11:01:18 | 000,331,592 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.120\ppgooglenaclpluginchrome.dll
MOD - [2014-09-04 11:01:17 | 014,891,848 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
MOD - [2014-09-04 11:01:16 | 008,577,864 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.120\pdf.dll
MOD - [2014-09-04 11:01:09 | 001,660,232 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
MOD - [2014-05-13 12:04:48 | 000,167,768 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014-05-13 12:04:46 | 000,109,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014-05-13 12:04:42 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2014-05-12 17:49:04 | 000,260,608 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_06.dll
MOD - [2014-04-15 03:41:12 | 000,039,192 | ---- | M] () -- C:\Program Files\CCleaner\branding.dll
MOD - [2014-02-12 15:53:19 | 018,154,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\7f34e1f4be5d4acd31bad72bcdc38812\System.ServiceModel.ni.dll
MOD - [2014-02-12 15:52:09 | 000,194,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\c859f19f4e08a2af1e71574e61cecb58\CustomMarshalers.ni.dll
MOD - [2014-02-12 15:51:51 | 000,253,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\3bf08827028ef041ff839c2f77b57c53\WindowsFormsIntegration.ni.dll
MOD - [2014-02-12 15:50:52 | 000,096,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\7adb90a5891feda0bb9f2940737bf66c\UIAutomationProvider.ni.dll
MOD - [2014-02-12 15:50:26 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d76dee4e068cd6a4732330586a381549\System.EnterpriseServices.ni.dll
MOD - [2014-02-12 15:50:26 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\8569e4b97586dcf81f16ed37ff95e5a5\System.Transactions.ni.dll
MOD - [2014-02-12 15:50:26 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d76dee4e068cd6a4732330586a381549\System.EnterpriseServices.Wrapper.dll
MOD - [2014-02-12 15:50:25 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\dd74f8b73c38df11b4c0a04f888ea080\System.Runtime.DurableInstancing.ni.dll
MOD - [2014-02-12 15:50:24 | 002,659,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\85e7468112f32805a2c4bf00bc0aa59f\System.Runtime.Serialization.ni.dll
MOD - [2014-02-12 15:50:24 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1f4be0e330601d725caf8ca0ab044e63\SMDiagnostics.ni.dll
MOD - [2014-02-12 15:50:21 | 001,812,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\bb52f86e93a8ec6b972fe08f0174792d\System.Xaml.ni.dll
MOD - [2014-02-12 15:50:20 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\168578ffd99d5733e9fbeeec9270bd8f\Microsoft.VisualC.ni.dll
MOD - [2014-02-12 15:50:01 | 000,044,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Accessibility\4388e5c2a1870a07b31fccfed5aa2243\Accessibility.ni.dll
MOD - [2014-02-12 15:20:16 | 018,022,912 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\070d57b5cb77cf0957fd97c0f6a6264a\PresentationFramework.ni.dll
MOD - [2014-02-12 15:20:01 | 011,527,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\92be3cdd3db80f1f6e62d1cbc83a06ca\PresentationCore.ni.dll
MOD - [2014-02-12 15:19:58 | 001,014,784 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\a4ce5f03557ebd9a2bd480bc8fcac15b\System.Configuration.ni.dll
MOD - [2014-02-12 15:19:56 | 006,813,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\0eb5666beda5c07930a276e6287665c1\System.Data.ni.dll
MOD - [2014-02-12 15:19:56 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a4c49915de3e664e513fd9c62ca137fe\PresentationFramework.Luna.ni.dll
MOD - [2014-02-12 15:19:52 | 000,690,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a238d7eea5bc203d1e7843d03f7a6fc9\System.ComponentModel.Composition.ni.dll
MOD - [2014-02-12 15:19:50 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\fd77c46c055eb94cac642e293b29f289\System.Core.ni.dll
MOD - [2014-02-12 15:19:48 | 005,628,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\24a8baa9aa971f9d08350027462fbf60\System.Xml.ni.dll
MOD - [2014-02-12 15:19:48 | 003,883,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\f4bde3578a1b2ffc0cebf27cdd2ac5ff\WindowsBase.ni.dll
MOD - [2014-02-12 15:19:43 | 009,100,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\893c48d5a4f51cbd5b9d494a5a9749af\System.ni.dll
MOD - [2014-02-12 15:19:40 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\e7e181a25f0faca0509d40958647ae4d\System.Numerics.ni.dll
MOD - [2014-02-12 15:19:38 | 014,418,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\a8d5c7930097f2a087332d84e6983f4e\mscorlib.ni.dll
MOD - [2013-11-08 19:50:20 | 000,051,592 | ---- | M] () -- C:\Program Files\Common Files\Thunder Network\Kankan\StreamI.cfg
MOD - [2013-06-17 12:35:10 | 000,478,400 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
MOD - [2013-05-08 14:52:14 | 001,270,464 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
MOD - [2012-09-08 13:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012-09-08 13:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2012-08-23 10:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2012-04-03 17:06:14 | 000,565,640 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
MOD - [2012-01-09 19:44:20 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011-12-26 23:18:13 | 000,845,880 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
MOD - [2011-11-01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-11-01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011-05-19 20:34:22 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Spybot - Search & Destroy 2\av\avxdisk.dll
MOD - [2009-11-05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2008-04-14 08:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008-04-14 08:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006-05-06 09:29:38 | 000,006,656 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2006-05-06 09:29:22 | 000,008,704 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2006-05-06 09:29:18 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2005-11-01 13:07:56 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\CopyToSendTo.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2014-09-10 20:16:21 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-07-23 07:47:10 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2014-07-22 15:25:38 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2014-06-02 10:36:12 | 000,296,312 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2014-05-12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014-05-12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014-04-14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014-02-23 11:28:10 | 000,214,512 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe -- (AVP)
SRV - [2010-12-20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010-12-20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [File_System | Auto | Stopped] -- system32\drivers\sbapifs.sys -- (sbapifs)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\sbaphd.sys -- (sbaphd)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\New Folder\kerneld.wnt -- (EverestDriver)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\bd0004.sys -- (bd0004)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\bd0001.sys -- (bd0001)
DRV - [2014-09-21 06:20:13 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014-05-12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014-03-24 15:55:15 | 000,576,096 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2014-02-23 11:32:10 | 000,144,992 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2014-02-23 11:32:10 | 000,024,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2014-02-23 11:32:10 | 000,024,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2014-02-23 11:32:08 | 000,135,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2013-08-14 08:08:28 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2013-05-14 17:34:44 | 000,045,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2013-04-19 11:44:54 | 000,036,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2013-04-12 15:34:48 | 000,014,432 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\klpd.sys -- (klpd)
DRV - [2012-12-18 10:06:00 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012-09-20 12:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudserd.sys -- (ssudserd)
DRV - [2012-09-20 12:35:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012-09-20 12:35:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011-08-31 18:18:40 | 000,019,800 | ---- | M] (360安全中心) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\efimon.sys -- (EfiMon)
DRV - [2011-07-23 00:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011-07-13 05:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-12-10 13:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010-12-10 13:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010-11-23 18:16:56 | 006,203,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010-11-09 11:09:22 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2010-10-19 16:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)
DRV - [2010-10-15 00:29:14 | 000,260,864 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010-05-20 12:09:40 | 000,143,360 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010-01-29 15:48:33 | 000,724,736 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Drt2870.sys -- (rt2870)
DRV - [2009-11-18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009-11-18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2006-11-02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006-05-19 20:48:37 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2006-05-06 09:29:34 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.5
FF - prefs.js..extensions.enabledAddons: %7B6e84150a-d526-41f1-a480-a67d3fed910d%7D:1.5.6
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7Ba0faa0a4-f1a7-4098-9a74-21efc3a92372%7D:28.0.0
FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.9.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@56.com/iCan: C:\Program Files\iCan3\npiCan3plugin.dll (www.56.com)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@cuminas.jp/DjVuPlugin: C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll (Cuminas Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npaplayer: C:\Documents and Settings\All Users\Application Data\Thunder Network\APlayer\codecs\npaplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files\QvodPlayer\npQvodInsert.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxluser:  File not found
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-07-29 14:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-07-29 14:30:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-07-29 14:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-07-29 14:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-07-29 14:29:59 | 000,000,000 | ---D | M]
 
[2011-12-26 22:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2014-09-20 12:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zaq598pg.default-1411150770890\extensions
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{A0FAA0A4-F1A7-4098-9A74-21EFC3A92372}.XPI
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{E0B8C461-F8FB-49B4-8373-FE32E9252800}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.120\pdf.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: APlayer ActiveX hosting plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\Thunder Network\APlayer\codecs\npaplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Thunder DapCtrl NPAPI Plugin (Enabled) = C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.9.(953).dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.550.14 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U55 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
CHR - plugin: mozilla-kwwebgame-plugin (Enabled) = C:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll
CHR - plugin: QvodInsert (Enabled) = C:\Program Files\QvodPlayer\npQvodInsert.dll
CHR - plugin: QvodShareModule (Enabled) = C:\Program Files\QvodPlayer\npShareModule.dll
CHR - plugin: XunLei Plugin (Enabled) = C:\Program Files\Thunder Network\Thunder\data\npxunlei1.0.0.1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: 56iCan3 Browser Plugin (Enabled) = C:\Program Files\iCan3\npiCan3plugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\14.0.0.4651_0\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\14.0.0.4651_0\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\14.0.0.4651_0\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\14.0.0.4917_0\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\14.0.0.4651_0\
 
O1 HOSTS File: ([2001-08-24 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (IE2EMBHO Class) - {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Program Files\easyMule\modules\IE2EM.dll (VeryCD.com)
O2 - BHO: (WebDetectorBHO Class) - {43BEAFD9-E005-483D-A367-146BA6C8A32E} - C:\Documents and Settings\user\Local Settings\Application Data\Tudou\FeisuTudou\tudouDetector.dll (土豆网)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\user\Application Data\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Google Pinyin 2 Autoupdater] C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe (Google Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_55)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFA4CD60-5B5A-4F8A-83B3-EAECC9890F0D}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) -  File not found
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2011-12-26 19:25:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7d4939f2-75c1-11e2-b199-5404a6a0a050}\Shell - "" = AutoRun
O33 - MountPoints2\{7d4939f2-75c1-11e2-b199-5404a6a0a050}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7d4939f2-75c1-11e2-b199-5404a6a0a050}\Shell\AutoRun\command - "" = H:\StartUse.exe
O33 - MountPoints2\{b0be24eb-f2ab-11e1-b118-5404a6a0a050}\Shell - "" = AutoRun
O33 - MountPoints2\{b0be24eb-f2ab-11e1-b118-5404a6a0a050}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b0be24eb-f2ab-11e1-b118-5404a6a0a050}\Shell\AutoRun\command - "" = H:\P14GSetup.exe
O33 - MountPoints2\{cd055cc7-f1e4-11e1-9ef5-5404a6a0a050}\Shell - "" = AutoRun
O33 - MountPoints2\{cd055cc7-f1e4-11e1-9ef5-5404a6a0a050}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cd055cc7-f1e4-11e1-9ef5-5404a6a0a050}\Shell\AutoRun\command - "" = H:\P14GSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-09-21 06:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
[2014-09-21 06:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Notepad++
[2014-09-21 06:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014-09-21 06:05:21 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014-09-21 05:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
[2014-09-21 05:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2014-09-21 05:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2014-09-21 05:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014-09-21 03:51:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2014-09-21 03:51:05 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2014-09-21 03:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2014-09-21 03:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014-09-21 03:43:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2014-09-21 02:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2014-09-21 02:02:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2014-09-20 19:53:35 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2014-09-20 19:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014-09-20 13:45:57 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014-09-20 13:45:11 | 000,053,208 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014-09-20 13:45:11 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014-09-20 13:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014-09-20 13:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014-09-20 13:33:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014-09-20 13:32:32 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014-08-25 13:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Adobe
[2014-08-24 22:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\JPEXS
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\user\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\user\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014-09-21 09:28:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014-09-21 09:16:00 | 000,000,536 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014-09-21 09:14:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1390067357-839522115-1003UA.job
[2014-09-21 06:20:13 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014-09-21 05:54:15 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 008bceca-8d95-4a2e-bff5-7b51a9f5ec7b.job
[2014-09-21 05:54:14 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 8e6e8d92-1206-4a49-84f2-87315a62c23c.job
[2014-09-21 05:53:03 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2014-09-21 04:28:10 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014-09-21 03:53:58 | 000,000,644 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014-09-21 03:53:45 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014-09-21 03:53:45 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014-09-21 03:51:15 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014-09-21 03:46:01 | 000,413,742 | ---- | M] () -- C:\Documents and Settings\user\Desktop\cc_20140921_034350.reg
[2014-09-21 01:59:02 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\WDPABKP.dat
[2014-09-21 01:58:23 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014-09-21 01:58:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014-09-20 19:53:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2014-09-20 13:45:14 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014-09-20 12:14:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1390067357-839522115-1003Core.job
[2014-09-20 02:16:50 | 037,242,171 | ---- | M] () -- C:\Documents and Settings\user\Desktop\bookmarks.html
[2014-09-20 01:38:53 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\user\Application Data\CoreAVC.ini
[2014-09-20 01:21:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014-09-13 02:16:50 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014-09-10 20:16:20 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014-09-10 20:16:20 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014-09-08 15:00:00 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014-08-31 23:57:26 | 000,000,480 | ---- | M] () -- C:\Documents and Settings\user\Desktop\NovaSpace.lnk
[2014-08-26 15:59:24 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\user\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\user\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014-09-21 05:54:15 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 008bceca-8d95-4a2e-bff5-7b51a9f5ec7b.job
[2014-09-21 05:54:14 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 8e6e8d92-1206-4a49-84f2-87315a62c23c.job
[2014-09-21 05:53:03 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2014-09-21 03:53:36 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2014-09-21 03:53:32 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014-09-21 03:53:27 | 000,000,644 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2014-09-21 03:51:15 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2014-09-21 03:43:53 | 000,413,742 | ---- | C] () -- C:\Documents and Settings\user\Desktop\cc_20140921_034350.reg
[2014-09-20 13:45:14 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014-09-20 02:16:18 | 037,242,171 | ---- | C] () -- C:\Documents and Settings\user\Desktop\bookmarks.html
[2014-09-19 00:21:43 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\WDPABKP.dat
[2014-05-11 16:20:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\{91205AB6-E780-4925-B866-9D18A74DA8AE}
[2014-03-25 01:16:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\fntfresh.exe
[2014-03-21 02:34:07 | 000,002,292 | ---- | C] () -- C:\Documents and Settings\user\Application Data\ASSDraw3.cfg
[2014-02-11 23:00:55 | 000,011,126 | ---- | C] () -- C:\Documents and Settings\user\gsview32.ini
[2013-12-02 09:59:03 | 000,099,472 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013-09-14 23:00:58 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2013-03-07 01:01:38 | 000,020,994 | ---- | C] () -- C:\Documents and Settings\user\.TransferManager.db
[2013-03-07 00:52:22 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2013-03-07 00:52:22 | 000,037,344 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2013-02-07 11:51:55 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\PUTTY.RND
[2012-12-18 10:06:10 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012-08-15 23:09:04 | 006,356,926 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-1390067357-839522115-1003-0.dat
[2012-08-15 23:09:03 | 000,186,502 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012-08-02 22:31:10 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\user\Application Data\CoreAVC.ini
[2012-03-19 02:38:02 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\user\default.pls
[2012-03-05 00:07:13 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\WebpageIcons.db
[2012-01-24 04:12:50 | 000,000,452 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012-01-02 23:28:26 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\user\Application Data\ANICONFIG_{57AAC226-D422-430F-89F7-58D6C79EBA92}.ini
[2011-12-29 19:39:30 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2011-12-26 19:30:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008-04-14 08:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 08:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2014-09-16 20:30:16 | 004,947,968 | ---- | M] ()(C:\WINDOWS\System32\???????????????????????????????????????????????????) -- C:\WINDOWS\System32\㩣摜捯浵湥獴愠摮猠瑥楴杮屳污獵牥屳灡汰捩瑡潩慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
[2014-06-26 00:17:25 | 004,947,968 | ---- | C] ()(C:\WINDOWS\System32\???????????????????????????????????????????????????) -- C:\WINDOWS\System32\㩣摜捯浵湥獴愠摮猠瑥楴杮屳污獵牥屳灡汰捩瑡潩慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
[2014-06-06 03:09:59 | 000,383,019 | ---- | M] ()(C:\Documents and Settings\user\Desktop\?????-??-??-??????.txt) -- C:\Documents and Settings\user\Desktop\计算机网络-设备-协议-配置简明教程.txt
[2014-06-06 03:09:59 | 000,383,019 | ---- | C] ()(C:\Documents and Settings\user\Desktop\?????-??-??-??????.txt) -- C:\Documents and Settings\user\Desktop\计算机网络-设备-协议-配置简明教程.txt
[2014-05-18 18:54:43 | 000,000,000 | ---D | M](C:\Documents and Settings\user\Desktop\???) -- C:\Documents and Settings\user\Desktop\童小芯
[2014-05-07 20:19:36 | 000,001,717 | ---- | M] ()(C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\?????.lnk) -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\优酷客户端.lnk
[2013-09-29 15:48:59 | 000,001,717 | ---- | C] ()(C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\?????.lnk) -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\优酷客户端.lnk
[2013-09-15 04:00:30 | 000,010,388 | ---- | M] ()(C:\Documents and Settings\user\Desktop\??????.docx) -- C:\Documents and Settings\user\Desktop\作为裆的干部.docx
[2013-09-15 04:00:29 | 000,010,388 | ---- | C] ()(C:\Documents and Settings\user\Desktop\??????.docx) -- C:\Documents and Settings\user\Desktop\作为裆的干部.docx
[2013-09-01 00:48:26 | 000,014,108 | ---- | M] ()(C:\Documents and Settings\user\Desktop\??????????????.docx) -- C:\Documents and Settings\user\Desktop\太极大师王培生手指保健祛病法.docx
[2013-09-01 00:48:26 | 000,014,108 | ---- | C] ()(C:\Documents and Settings\user\Desktop\??????????????.docx) -- C:\Documents and Settings\user\Desktop\太极大师王培生手指保健祛病法.docx
[2013-01-22 22:27:41 | 000,000,000 | ---D | M](C:\Documents and Settings\user\Desktop\2012-08-23 ??? - ???) -- C:\Documents and Settings\user\Desktop\2012-08-23 關詩敏 - 關在家
[2012-09-22 23:56:34 | 000,000,000 | ---D | C](C:\Documents and Settings\user\Desktop\2012-08-23 ??? - ???) -- C:\Documents and Settings\user\Desktop\2012-08-23 關詩敏 - 關在家
[2012-07-22 03:58:26 | 000,001,898 | ---- | M] ()(C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\??7.lnk) -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\迅雷7.lnk
[2012-07-22 03:58:26 | 000,001,898 | ---- | C] ()(C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\??7.lnk) -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\迅雷7.lnk
[2012-04-18 23:26:13 | 002,085,489 | ---- | M] ()(C:\Documents and Settings\user\Desktop\???????(2011?3?)3.0.b.07.pdf) -- C:\Documents and Settings\user\Desktop\把时间当作朋友2011第3版3.0.b.07.pdf
[2012-04-18 23:26:10 | 002,085,489 | ---- | C] ()(C:\Documents and Settings\user\Desktop\???????(2011?3?)3.0.b.07.pdf) -- C:\Documents and Settings\user\Desktop\把时间当作朋友2011第3版3.0.b.07.pdf
[2012-01-24 06:27:56 | 000,000,000 | ---D | C](C:\Documents and Settings\user\Desktop\???) -- C:\Documents and Settings\user\Desktop\童小芯
 
< End of report >
 
2. FRST log
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by user (administrator) on INTUITIONS on 21-09-2014 10:14:20
Running from C:\Documents and Settings\user\My Documents\Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Google Inc.) C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
() C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(ShenZhen Thunder Networking Technologies,Ltd.) C:\DOCUME~1\user\LOCALS~1\Temp\~nsu.tmp\Cu_.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Google Inc.) C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
(Google Inc.) C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [6656 2006-05-06] ()
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2005-11-24] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-04] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [Google Pinyin 2 Autoupdater] => C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe [1528376 2011-12-26] (Google Inc.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19722344 2010-11-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Winlogon\Notify\TPSvc: TPSvc.dll [X]
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!
HKU\.DEFAULT\...\Run: [MsnMsgr] => "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
HKU\S-1-5-19\...\Run: [MsnMsgr] => "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
HKU\S-1-5-19\...\RunOnce: [nlpo_01] => cmd.exe /c md "%USERPROFILE%\Local Settings\Temp"
HKU\S-1-5-19\...\RunOnce: [nlpo_02] => rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg
HKU\S-1-5-19\...\RunOnce: [nlpo_03] => rundll32 advpack.dll,LaunchINFSection nlite.inf,S
HKU\S-1-5-20\...\Run: [MsnMsgr] => "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
HKU\S-1-5-20\...\RunOnce: [nlpo_01] => cmd.exe /c md "%USERPROFILE%\Local Settings\Temp"
HKU\S-1-5-20\...\RunOnce: [nlpo_02] => rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg
HKU\S-1-5-20\...\RunOnce: [nlpo_03] => rundll32 advpack.dll,LaunchINFSection nlite.inf,S
HKU\S-1-5-21-515967899-1390067357-839522115-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-06-01] (Nero AG)
HKU\S-1-5-21-515967899-1390067357-839522115-1003\...\Run: [Google Update] => C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2012-01-02] (Google Inc.)
HKU\S-1-5-21-515967899-1390067357-839522115-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-515967899-1390067357-839522115-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4796696 2014-08-21] (Piriform Ltd)
HKU\S-1-5-21-515967899-1390067357-839522115-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6690072 2014-09-10] (SUPERAntiSpyware)
HKU\S-1-5-21-515967899-1390067357-839522115-1003\...\MountPoints2: {7d4939f2-75c1-11e2-b199-5404a6a0a050} - H:\StartUse.exe
HKU\S-1-5-21-515967899-1390067357-839522115-1003\...\MountPoints2: {b0be24eb-f2ab-11e1-b118-5404a6a0a050} - H:\P14GSetup.exe
HKU\S-1-5-21-515967899-1390067357-839522115-1003\...\MountPoints2: {cd055cc7-f1e4-11e1-9ef5-5404a6a0a050} - H:\P14GSetup.exe
Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: AAADesktopTips -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\reghelper\xappex.1.1.1.78.(417).dll (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers: DownloadIcon -> {A8502600-B272-4F68-A67B-A0305D46D297} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,start page = http://www.microsoft...er=6&ar=msnhome
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: IE2EMBHO Class -> {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} -> C:\Program Files\easyMule\modules\IE2EM.dll (VeryCD.com)
BHO: WebDetectorBHO Class -> {43BEAFD9-E005-483D-A367-146BA6C8A32E} -> C:\Documents and Settings\user\Local Settings\Application Data\Tudou\FeisuTudou\tudouDetector.dll (土豆网)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: FlashGetBHO -> {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} -> C:\Documents and Settings\user\Application Data\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\zaq598pg.default-1411150770890
FF Plugin: @56.com/iCan -> C:\Program Files\iCan3\npiCan3plugin.dll (www.56.com)
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @cuminas.jp/DjVuPlugin -> C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll (Cuminas Corporation)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @qq.com/npqscall -> C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF Plugin: @qq.com/QQPhotoDrawEx -> C:\Program Files\Tencent\Qzone\npQQPhotoDrawEx.dll No File
FF Plugin: @qq.com/QzoneMusic -> C:\Program Files\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @xunlei.com/npaplayer -> C:\Documents and Settings\All Users\Application Data\Thunder Network\APlayer\codecs\npaplayer.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @qvod.com/QvodInsert -> C:\Program Files\QvodPlayer\npQvodInsert.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: KuaiWanInsert -> C:\Program Files\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\user\Application Data\mozilla\plugins\ieatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\user\Application Data\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-26]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-02-23]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-02-23]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-02-23]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-02-23]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\[email protected] [2014-02-23]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}.xpi [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR CustomProfile: C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (YouTube) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-02]
CHR Extension: (Google Search) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-02]
CHR Extension: (Kaspersky URL Advisor) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-03-11]
CHR Extension: (Safe Money) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-03-07]
CHR Extension: (Dangerous Websites Blocker) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-03-02]
CHR Extension: (Virtual Keyboard) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2012-03-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Google Chrome to Phone Extension) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-01-20]
CHR Extension: (Gmail) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-02]
CHR Extension: (Anti-Banner) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2012-03-11]
CHR CustomProfile: C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-21]
CHR Extension: (Google Docs) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-21]
CHR Extension: (Google Drive) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-21]
CHR Extension: (Kaspersky Protection) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-09-21]
CHR Extension: (YouTube) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-21]
CHR Extension: (Google Search) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-21]
CHR Extension: (Kaspersky URL Advisor) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-09-21]
CHR Extension: (Google Sheets) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-21]
CHR Extension: (Google Wallet) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-21]
CHR Extension: (Google Chrome to Phone Extension) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-09-21]
CHR Extension: (Gmail) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-21]
CHR Extension: (Anti-Banner) - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-09-21]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.googl...mnlhhddbepgkeaa []
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-07-26]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-07-26]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\user\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-18]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-02-23] (Kaspersky Lab ZAO)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 EfiMon; C:\WINDOWS\System32\Drivers\Efimon.sys [19800 2011-08-31] (360安全中心)
R1 FsVga; C:\WINDOWS\System32\DRIVERS\fsvga.sys [12160 2006-05-19] (Microsoft Corporation)
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [138752 2005-10-14] (Windows ® Server 2003 DDK provider) [File not signed]
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [135776 2014-02-23] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [576096 2014-03-24] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [24672 2014-02-23] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2014-02-23] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [144992 2014-02-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-21] (Malwarebytes Corporation)
R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 nusb3hub; C:\WINDOWS\System32\DRIVERS\nusb3hub.sys [62336 2010-12-10] (Renesas Electronics Corporation)
R3 nusb3xhc; C:\WINDOWS\System32\DRIVERS\nusb3xhc.sys [141440 2010-12-10] (Renesas Electronics Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [100456 2010-11-09] (NVIDIA Corporation)
R3 rt2870; C:\WINDOWS\System32\DRIVERS\Drt2870.sys [724736 2010-01-29] (Ralink Technology, Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ssudserd; C:\WINDOWS\System32\DRIVERS\ssudserd.sys [181344 2012-09-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S1 bd0001; system32\DRIVERS\bd0001.sys [X]
S1 bd0004; system32\DRIVERS\bd0004.sys [X]
R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 EverestDriver; \??\G:\New Folder\kerneld.wnt [X]
S4 IntelIde; No ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [93792 2014-03-24] (Kaspersky Lab ZAO)
S1 sbaphd; system32\drivers\sbaphd.sys [X]
S2 sbapifs; system32\drivers\sbapifs.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-05-06] () [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 10:14 - 2014-09-21 10:14 - 00000000 ____D () C:\FRST
2014-09-21 10:10 - 2014-09-21 10:10 - 00119374 _____ () C:\Documents and Settings\user\Desktop\OTL.Txt
2014-09-21 10:00 - 2014-09-21 10:00 - 00025862 _____ () C:\Documents and Settings\user\Desktop\SystemLook.txt
2014-09-21 06:42 - 2014-09-21 06:42 - 00000000 ____D () C:\Documents and Settings\user\Start Menu\Programs\Notepad++
2014-09-21 06:42 - 2014-09-21 06:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
2014-09-21 06:41 - 2014-09-21 06:43 - 00002289 _____ () C:\DelFix.txt
2014-09-21 06:40 - 2014-09-21 06:40 - 00001274 _____ () C:\Documents and Settings\user\Desktop\checkup.txt
2014-09-21 06:37 - 2014-09-21 06:37 - 00000629 _____ () C:\WINDOWS\setupapi.log
2014-09-21 06:37 - 2014-09-21 06:37 - 00000000 ____D () C:\Program Files\ESET
2014-09-21 06:05 - 2014-09-21 06:05 - 00000000 ____D () C:\SUPERDelete
2014-09-21 05:54 - 2014-09-21 05:54 - 00000508 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 8e6e8d92-1206-4a49-84f2-87315a62c23c.job
2014-09-21 05:54 - 2014-09-21 05:54 - 00000508 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 008bceca-8d95-4a2e-bff5-7b51a9f5ec7b.job
2014-09-21 05:54 - 2014-09-21 05:54 - 00000000 ____D () C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2014-09-21 05:53 - 2014-09-21 05:53 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
2014-09-21 05:53 - 2014-09-21 05:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-09-21 05:52 - 2014-09-21 05:54 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-21 05:52 - 2014-09-21 05:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-09-21 05:32 - 2001-08-24 05:00 - 00000734 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140921-053243.backup
2014-09-21 05:22 - 2014-09-21 05:22 - 00035400 _____ () C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-09-21 03:53 - 2014-09-21 03:53 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-09-21 03:53 - 2014-09-21 03:53 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-09-21 03:53 - 2014-09-21 03:53 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-09-21 03:51 - 2014-09-21 03:51 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-09-21 03:51 - 2014-09-21 03:51 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-09-21 03:51 - 2014-09-21 03:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-21 03:51 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-09-21 03:50 - 2014-09-21 05:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-09-21 03:50 - 2014-09-21 05:31 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-21 03:43 - 2014-09-21 03:46 - 00413742 _____ () C:\Documents and Settings\user\Desktop\cc_20140921_034350.reg
2014-09-21 02:22 - 2014-09-21 03:27 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP
2014-09-21 02:22 - 2014-09-21 02:22 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-09-21 02:02 - 2014-09-21 03:26 - 00000000 ____D () C:\WINDOWS\LastGood
2014-09-20 19:53 - 2014-09-20 19:53 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2014-09-20 19:46 - 2014-09-20 19:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-09-20 13:45 - 2014-09-21 06:20 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-20 13:45 - 2014-09-20 13:45 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-20 13:45 - 2014-09-20 13:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-20 13:45 - 2014-09-20 13:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-09-20 13:45 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-20 13:45 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-20 13:33 - 2014-09-21 06:41 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-20 13:32 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-09-20 02:16 - 2014-09-20 02:16 - 37242171 _____ () C:\Documents and Settings\user\Desktop\bookmarks.html
2014-09-19 00:21 - 2014-09-21 01:59 - 00008192 _____ () C:\WINDOWS\system32\WDPABKP.dat
2014-08-25 13:01 - 2014-08-25 13:01 - 00000000 ____D () C:\Documents and Settings\user\Local Settings\Application Data\Adobe
2014-08-24 22:53 - 2014-08-24 22:53 - 00000000 ____D () C:\Documents and Settings\user\Application Data\JPEXS
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-21 10:14 - 2014-09-21 10:14 - 00000000 ____D () C:\FRST
2014-09-21 10:14 - 2012-01-02 23:40 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1390067357-839522115-1003UA.job
2014-09-21 10:14 - 2011-12-26 19:29 - 00000000 ____D () C:\Documents and Settings\user\Local Settings\Temp
2014-09-21 10:10 - 2014-09-21 10:10 - 00119374 _____ () C:\Documents and Settings\user\Desktop\OTL.Txt
2014-09-21 10:00 - 2014-09-21 10:00 - 00025862 _____ () C:\Documents and Settings\user\Desktop\SystemLook.txt
2014-09-21 09:28 - 2014-01-18 22:52 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-21 09:26 - 2012-03-05 00:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2014-09-21 09:16 - 2012-04-01 18:42 - 00000536 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-21 07:28 - 2013-02-28 22:28 - 00032654 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-21 06:43 - 2014-09-21 06:41 - 00002289 _____ () C:\DelFix.txt
2014-09-21 06:42 - 2014-09-21 06:42 - 00000000 ____D () C:\Documents and Settings\user\Start Menu\Programs\Notepad++
2014-09-21 06:42 - 2014-09-21 06:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
2014-09-21 06:42 - 2013-04-27 00:37 - 00000000 ____D () C:\Program Files\Notepad++
2014-09-21 06:41 - 2014-09-20 13:33 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-21 06:40 - 2014-09-21 06:40 - 00001274 _____ () C:\Documents and Settings\user\Desktop\checkup.txt
2014-09-21 06:37 - 2014-09-21 06:37 - 00000629 _____ () C:\WINDOWS\setupapi.log
2014-09-21 06:37 - 2014-09-21 06:37 - 00000000 ____D () C:\Program Files\ESET
2014-09-21 06:20 - 2014-09-20 13:45 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 06:05 - 2014-09-21 06:05 - 00000000 ____D () C:\SUPERDelete
2014-09-21 05:55 - 2011-12-27 03:11 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\Temp
2014-09-21 05:54 - 2014-09-21 05:54 - 00000508 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 8e6e8d92-1206-4a49-84f2-87315a62c23c.job
2014-09-21 05:54 - 2014-09-21 05:54 - 00000508 _____ () C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 008bceca-8d95-4a2e-bff5-7b51a9f5ec7b.job
2014-09-21 05:54 - 2014-09-21 05:54 - 00000000 ____D () C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2014-09-21 05:54 - 2014-09-21 05:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-21 05:53 - 2014-09-21 05:53 - 00001678 _____ () C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
2014-09-21 05:53 - 2014-09-21 05:53 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2014-09-21 05:52 - 2014-09-21 05:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2014-09-21 05:51 - 2014-09-21 03:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-09-21 05:48 - 2011-12-26 19:24 - 01418155 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-21 05:31 - 2014-09-21 03:50 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-21 05:31 - 2012-01-02 23:19 - 00000000 ____D () C:\Documents and Settings\user\Desktop\Software
2014-09-21 05:31 - 2011-12-26 19:28 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-09-21 05:28 - 2012-07-22 03:54 - 00000000 ____D () C:\Program Files\Thunder Network
2014-09-21 05:28 - 2012-07-22 03:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Thunder Network
2014-09-21 05:22 - 2014-09-21 05:22 - 00035400 _____ () C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-09-21 04:28 - 2014-01-18 22:52 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-21 04:03 - 2014-03-04 23:34 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Freemake
2014-09-21 03:53 - 2014-09-21 03:53 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-09-21 03:53 - 2014-09-21 03:53 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-09-21 03:53 - 2014-09-21 03:53 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-09-21 03:51 - 2014-09-21 03:51 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-09-21 03:51 - 2014-09-21 03:51 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-09-21 03:51 - 2014-09-21 03:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-21 03:46 - 2014-09-21 03:43 - 00413742 _____ () C:\Documents and Settings\user\Desktop\cc_20140921_034350.reg
2014-09-21 03:41 - 2011-12-26 23:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-21 03:27 - 2014-09-21 02:22 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP
2014-09-21 03:26 - 2014-09-21 02:02 - 00000000 ____D () C:\WINDOWS\LastGood
2014-09-21 02:39 - 2011-12-26 19:25 - 00001599 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2014-09-21 02:39 - 2011-12-26 19:25 - 00001563 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-09-21 02:39 - 2011-12-26 19:25 - 00001507 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2014-09-21 02:39 - 2011-12-26 19:22 - 00001574 _____ () C:\Documents and Settings\All Users\Start Menu\Microsoft Update.lnk
2014-09-21 02:22 - 2014-09-21 02:22 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-09-21 01:59 - 2014-09-19 00:21 - 00008192 _____ () C:\WINDOWS\system32\WDPABKP.dat
2014-09-21 01:58 - 2014-03-13 03:21 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-21 01:58 - 2012-01-16 01:52 - 00000159 ____N () C:\WINDOWS\wiadebug.log
2014-09-21 01:58 - 2012-01-16 01:52 - 00000049 ____N () C:\WINDOWS\wiaservc.log
2014-09-21 01:58 - 2011-12-26 19:28 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-21 01:57 - 2012-08-15 23:09 - 06356926 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-1390067357-839522115-1003-0.dat
2014-09-21 01:57 - 2012-08-15 23:09 - 00186502 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-09-20 19:55 - 2014-09-20 19:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-09-20 19:53 - 2014-09-20 19:53 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2014-09-20 13:45 - 2014-09-20 13:45 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-20 13:45 - 2014-09-20 13:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-20 13:45 - 2014-09-20 13:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-09-20 13:01 - 2011-12-26 22:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Internet
2014-09-20 12:55 - 2011-12-27 03:11 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-20 12:14 - 2012-01-02 23:40 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1390067357-839522115-1003Core.job
2014-09-20 02:16 - 2014-09-20 02:16 - 37242171 _____ () C:\Documents and Settings\user\Desktop\bookmarks.html
2014-09-20 01:54 - 2012-01-02 21:54 - 00000000 ____D () C:\Documents and Settings\user\Application Data\Azureus
2014-09-20 01:38 - 2012-08-02 22:31 - 00000954 _____ () C:\Documents and Settings\user\Application Data\CoreAVC.ini
2014-09-20 01:21 - 2012-01-02 19:40 - 00000000 ____D () C:\Documents and Settings\All Users\QvodPlayer
2014-09-20 01:21 - 2001-08-24 05:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-19 00:23 - 2012-08-14 19:33 - 00000000 ____D () C:\Documents and Settings\user\Application Data\Dropbox
2014-09-17 18:38 - 2012-01-03 21:35 - 00000000 ____D () C:\Documents and Settings\user\Application Data\vlc
2014-09-16 20:30 - 2014-06-26 00:17 - 04947968 _____ () C:\WINDOWS\system32\㩣摜捯浵湥獴愠摮猠瑥楴杮屳污獵牥屳灡汰捩瑡潩慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
2014-09-10 20:16 - 2012-04-01 18:42 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-10 20:16 - 2011-12-26 22:58 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-08 15:00 - 2014-03-13 03:21 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-08-31 23:57 - 2012-08-04 22:40 - 00000480 _____ () C:\Documents and Settings\user\Desktop\NovaSpace.lnk
2014-08-26 15:59 - 2011-12-29 19:39 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-08-25 13:01 - 2014-08-25 13:01 - 00000000 ____D () C:\Documents and Settings\user\Local Settings\Application Data\Adobe
2014-08-24 22:53 - 2014-08-24 22:53 - 00000000 ____D () C:\Documents and Settings\user\Application Data\JPEXS
2014-08-24 22:33 - 2013-04-27 00:37 - 00000000 ____D () C:\Documents and Settings\user\Application Data\Notepad++
 
Some content of TEMP:
====================
C:\Documents and Settings\user\Local Settings\Temp\npp.6.6.9.Installer.exe
C:\Documents and Settings\user\Local Settings\Temp\xmlUpdater.exe
C:\Documents and Settings\user\Local Settings\Temp\XmpSetupHelper.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
3. Addition log from FRST
 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by user at 2014-09-21 10:14:42
Running from C:\Documents and Settings\user\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: 360杀毒 (Disabled - Up to date) {D737F2DE-FA43-4036-AF5B-911612E2D674}
AV: Kaspersky Internet Security (Disabled - Up to date) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security (Disabled) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACDSee Photo Editor 2008 (HKLM\...\{A6142247-58B1-40C7-B8E0-965C1A8026A5}) (Version: 5.00.291 - ACD Systems International Inc.)
ACDSee Photo Manager 2009 (HKLM\...\{300578F9-9EFF-4B93-9AB1-C0E5707EF463}) (Version: 11.0.113 - ACD Systems International)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Anki (HKLM\...\Anki) (Version:  - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Configuration Utility (HKLM\...\{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}) (Version: 1.0.12.1 - DeviceVM, Inc.) <==== ATTENTION
calibre (HKLM\...\{04DA2FBD-B750-4070-90DE-D387DAC13C71}) (Version: 1.21.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
DjVuLibre DjView  3.5.25.4+4.9.2 (HKLM\...\DjVuLibre+DjView) (Version: 3.5.25.4+4.9.2 - DjVuZone)
Document Express DjVu Plug-in (HKLM\...\{6917F75F-9CB8-4FC5-AA62-480B0C104619}) (Version: 6.1.33592 - Cuminas Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Easy Exif Delete (HKLM\...\{6C8DEC9C-A45D-4E15-87B8-4AF104CC2586}) (Version: 1.0 - ConsumerSoft)
easyMule (HKLM\...\easyMule) (Version:  - )
Evernote v. 4.6.7 (HKLM\...\{A6563D7C-F3AD-11E2-A4DB-984BE15F174E}) (Version: 4.6.7.8409 - Evernote Corp.)
Extended Asian Language font pack for Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
FastStone Image Viewer 4.9 (HKLM\...\FastStone Image Viewer) (Version: 4.9 - FastStone Soft)
FlashGet3.7 (HKLM\...\FlashGet3.7) (Version: 3.7.0.1203 - http://www.FlashGet.com)
Free MP3 Cutter and Editor 2.5 (HKLM\...\Free MP3 Cutter and Editor_is1) (Version:  - musetips.com)
Free YouTube Download version 3.2.12.827 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.12.827 - DVDVideoSoft Ltd.)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
HelpNDoc 4.2.0.299 Personal Edition (HKLM\...\HelpNDoc_is1) (Version: 4.2.0.299 Personal Edition - IBE Software)
iCan3 (HKLM\...\iCan3) (Version: 1.0 - )
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5328 - Intel Corporation)
iTudou (HKLM\...\iTudou) (Version: 3.7.2.11262 - www.tudou.com)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Kaspersky Internet Security 2014 (HKLM\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security 2014 (Version: 14.0.0.4651 - Kaspersky Lab) Hidden
K-Lite Codec Pack 10.5.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.5.5 - )
Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft AppLocale (HKLM\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft RAW Image Thumbnailer and Viewer for Windows XP (HKLM\...\{B94AA0EE-8F75-4773-A25C-E986D94134B2}) (Version: 01.00.0309.00 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
Mp3tag v2.61a (HKLM\...\Mp3tag) (Version: v2.61a - Florian Heidenreich)
MpcStar 5.4 (HKLM\...\MpcStar) (Version: 5.4 - www.mpcstar.com)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Nero 7 Essentials (HKLM\...\{66EBD70F-A42C-475F-AEDF-277378151033}) (Version: 7.02.9491 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA Control Panel 263.14 (Version: 263.14 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 263.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 263.14 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.12.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.12.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.36.0 - NVIDIA Corporation) Hidden
NVIDIA nView 135.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.36 - NVIDIA Corporation)
NVIDIA PhysX (Version: 9.10.0514 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
RapeLay (HKLM\...\{CA31F991-DBD2-4DE1-B6D2-30105F23CBBC}) (Version: 1.03 - ILLUSION)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.24.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6251 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Software Update for Web Folders (Version: 9.60.6715.0 - Microsoft Corporation) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unicode Super-CJK Fonts V6.0 (HKLM\...\UniFonts_is1) (Version:  - okuc.net)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC Streamer 4.23 (HKLM\...\VLC Streamer_is1) (Version:  - )
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
WD Drive Utilities (HKLM\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM\...\{D0A3A97D-7918-4B0B-B91E-775E00C36122}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6EE644CD-FC7F-424C-83EA-9C0285C4FB7F}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{2d588de7-f4f6-4d6d-8719-32cbb9637e9e}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
优酷客户端 (HKLM\...\YoukuClient) (Version: 4.6.0.4221 - youkutudou, Inc.)
谷歌拼音输入法 2.7 (HKLM\...\GooglePinyin2) (Version:  - Google Inc.)
迅雷看看高清播放组件 (HKLM\...\迅雷看看高清播放组件) (Version: 1.0.0.161 - 迅雷网络技术有限公司)
飞速土豆 2.2.0.11260 (HKLM\...\飞速土豆) (Version: 2.2.0.11260 - 土豆网)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\user\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{0B5F2CC8-5E1E-44F9-899B-3B789705AFCA}\InprocServer32 -> C:\Program Files\Pro Imaging Powertoys\Microsoft RAW Image Thumbnailer and Viewer for Windows XP\wiaaut.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{0C5672F9-3EDC-4B24-95B5-A6C54C0B79AD}\InprocServer32 -> C:\Program Files\Pro Imaging Powertoys\Microsoft RAW Image Thumbnailer and Viewer for Windows XP\wiaaut.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{4DD1D1C3-B36A-4EB4-AAEF-815891A58A30}\InprocServer32 -> C:\Program Files\Pro Imaging Powertoys\Microsoft RAW Image Thumbnailer and Viewer for Windows XP\wiaaut.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.120\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{850D1D11-70F3-4BE5-9A11-77AA6B2BB201}\InprocServer32 -> C:\Program Files\Pro Imaging Powertoys\Microsoft RAW Image Thumbnailer and Viewer for Windows XP\wiaaut.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{A2E6DDA0-06EF-4DF3-B7BD-5AA224BB06E8}\InprocServer32 -> C:\Program Files\Pro Imaging Powertoys\Microsoft RAW Image Thumbnailer and Viewer for Windows XP\wiaaut.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{BD0D38E4-74C8-4904-9B5A-269F8E9994E9}\InprocServer32 -> C:\Program Files\Pro Imaging Powertoys\Microsoft RAW Image Thumbnailer and Viewer for Windows XP\wiaaut.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{E1C5D730-7E97-4D8A-9E42-BBAE87C2059F}\InprocServer32 -> C:\Program Files\Pro Imaging Powertoys\Microsoft RAW Image Thumbnailer and Viewer for Windows XP\wiaaut.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\user\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\user\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\user\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\user\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\user\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\user\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\user\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\user\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1390067357-839522115-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\user\Application Data\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
20-09-2014 22:42:12 System Checkpoint
20-09-2014 22:42:13 System Checkpoint
20-09-2014 22:42:13 System Checkpoint
20-09-2014 22:42:13 System Checkpoint
20-09-2014 22:42:13 System Checkpoint
20-09-2014 22:42:13 System Checkpoint
20-09-2014 22:42:13 System Checkpoint
20-09-2014 22:42:14 System Checkpoint
20-09-2014 22:42:14 System Checkpoint
20-09-2014 22:42:15 Removed Windows Live Upload Tool
20-09-2014 22:42:16 Removed Windows Live Sign-in Assistant
20-09-2014 22:42:17 Checkpoint by HitmanPro
20-09-2014 22:42:18 Checkpoint by HitmanPro
20-09-2014 22:42:18 Software Distribution Service 3.0
20-09-2014 22:42:18 Installed SpyHunter
20-09-2014 22:42:18 Installed STOPzilla
20-09-2014 22:42:18 Removed SpyHunter
20-09-2014 22:42:19 Removed STOPzilla
20-09-2014 22:42:19 Removed PDF Architect
20-09-2014 22:42:42 End of disinfection
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2001-08-24 05:00 - 2001-08-24 05:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1390067357-839522115-1003Core.job => C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1390067357-839522115-1003UA.job => C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 008bceca-8d95-4a2e-bff5-7b51a9f5ec7b.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 8e6e8d92-1206-4a49-84f2-87315a62c23c.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-02-19 02:18 - 2009-11-05 08:39 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2011-12-26 19:21 - 2006-05-06 09:29 - 00006656 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2011-12-26 19:21 - 2006-05-06 09:29 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2011-12-26 23:18 - 2011-12-26 23:18 - 00845880 _____ () C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
2012-09-08 13:16 - 2012-09-08 13:16 - 00433664 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll
2012-09-08 13:16 - 2012-09-08 13:16 - 00315392 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll
2012-01-22 18:09 - 2012-01-09 19:44 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2011-12-26 19:21 - 2006-05-06 09:29 - 00008704 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2001-08-24 05:00 - 2005-11-01 13:07 - 00061440 _____ () C:\WINDOWS\system32\CopyToSendTo.dll
2014-05-12 17:49 - 2014-05-12 17:49 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2014-04-15 03:41 - 2014-04-15 03:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-09-21 03:50 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-21 03:50 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-21 03:50 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-21 05:28 - 2014-09-21 05:28 - 00011264 _____ () C:\Documents and Settings\user\Local Settings\Temp\nsk45F.tmp\System.dll
2012-05-08 20:52 - 2013-11-08 19:50 - 00051592 _____ () C:\Program Files\Common Files\Thunder Network\Kankan\StreamI.cfg
2014-09-21 03:50 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-21 03:50 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2004-08-04 09:56 - 2008-04-14 08:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 09:56 - 2008-04-14 08:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-09-13 02:16 - 2014-09-04 11:01 - 08577864 _____ () C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-13 02:16 - 2014-09-04 11:01 - 00331592 _____ () C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-13 02:16 - 2014-09-04 11:01 - 01660232 _____ () C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-13 02:16 - 2014-09-04 11:01 - 14891848 _____ () C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
 
HKU\S-1-5-21-515967899-1390067357-839522115-1003\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-515967899-1390067357-839522115-1003\Software\Classes\exefile:  <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/21/2014 01:26:33 AM) (Source: JavaQuickStarterService) (EventID: 1) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10044)
 
Error: (09/20/2014 08:06:30 PM) (Source: JavaQuickStarterService) (EventID: 1) (User: )
Description: Unable to create JQS API server: socket() failed (Socket error 10044)
 
Error: (09/19/2014 00:22:43 AM) (Source: .NET Runtime 4.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 wdbackupengine.exe, P2 2.0.0.15, P3 53cee30c, P4 wdregistry, P5 1.0.0.7, P6 53cee2f1, P7 a, P8 3a, P9 clr20r30, P10 clr20r31.
 
Error: (09/10/2014 03:38:51 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AggregateException
Stack:
   at System.Threading.Tasks.TaskExceptionHolder.Finalize()
 
Error: (09/10/2014 03:38:32 PM) (Source: .NET Runtime 4.0 Error Reporting) (EventID: 5000) (User: )
Description: EventType clr20r3, P1 wdbackupengine.exe, P2 2.0.0.15, P3 53cee30c, P4 wdregistry, P5 1.0.0.7, P6 53cee2f1, P7 a, P8 3a, P9 clr20r30, P10 clr20r31.
 
Error: (09/06/2014 05:16:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 31.0.0.5310, faulting module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]
 
Error: (08/24/2014 10:54:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application flashplayer.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x01251001.
Processing media-specific event for [flashplayer.exe!ws!]
 
Error: (08/24/2014 10:01:14 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 381200440.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (08/24/2014 10:01:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 31.0.0.5310, faulting module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]
 
Error: (08/21/2014 01:45:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 31.0.0.5310, faulting module mozalloc.dll, version 31.0.0.5310, fault address 0x0000141b.
Processing media-specific event for [plugin-container.exe!ws!]
 
 
System errors:
=============
Error: (09/21/2014 08:50:19 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk1\D
 
Error: (09/21/2014 07:50:52 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk1\D
 
Error: (09/21/2014 06:43:03 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk1\D
 
Error: (09/21/2014 06:01:26 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk1\D
 
Error: (09/21/2014 05:22:57 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk1\D
 
Error: (09/21/2014 05:21:43 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk1\D
 
Error: (09/21/2014 04:56:22 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk1\D
 
Error: (09/21/2014 03:52:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: 
%%1053
 
Error: (09/21/2014 03:52:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
 
Error: (09/21/2014 03:52:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor:  Intel® Core™ i5-2500 CPU @ 3.30GHz
Percentage of memory in use: 62%
Total physical RAM: 3573.17 MB
Available physical RAM: 1343.24 MB
Total Pagefile: 5450.57 MB
Available Pagefile: 3116.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.5 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.65 GB) (Free:20.91 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:736.19 GB) (Free:9.25 GB) NTFS
Drive e: () (Fixed) (Total:97.65 GB) (Free:30.95 GB) NTFS
Drive g: (My Book) (Fixed) (Total:1862.98 GB) (Free:85.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CA3CCA3C)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=833.8 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00021365)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
4. System Look Report
 

SystemLook 30.07.11 by jpshortstuff
Log created at 09:52 on 21/09/2014 by user
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*hao123*"
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.hao123.com_0.localstorage --a---- 3072 bytes [05:14 20/09/2014] [05:14 20/09/2014] 3646B8630862EFE7986B7CD35052D895
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.hao123.com_0.localstorage-journal --a---- 3608 bytes [05:14 20/09/2014] [05:14 20/09/2014] E26F74B2AB6DF2DEB13D78B69FCAF220
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KU8JCAN7\s1.hao123img.com\index\swf\LocalStorage.swf\$hao123$.sol --a---- 78 bytes [05:14 20/09/2014] [05:14 20/09/2014] 19F00A2CEFED26F3305238CF29C78E07
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9MDDEQAR\tw.hao123.com\static\web\base\swf\LocalStorage.swf\$hao123$.sol --a---- 78 bytes [18:31 20/09/2014] [18:31 20/09/2014] AB8F65C6E1A0D6A467E87020E8659EEA
 
Searching for "*hao*"
C:\Documents and Settings\user\Application Data\Azureus\torrents\[BakaBT.154758v0] [Chaos-MII]_Eve_no_Jikan_Gekijouban_(720p_FLAC)_[2502D0B4].mkv.torrent --a---- 17328 bytes [05:01 15/11/2012] [05:01 15/11/2012] 168B251FACC5C327ECB826D9F145B175
C:\Documents and Settings\user\Application Data\Azureus\torrents\[IENE429] SEX Mizuno Chaoyang Kotomi Asakura Of Cancer Warp Switch Port ○ Man Erection Lasting World [mp4].torrent --a---- 124575 bytes [15:09 09/09/2014] [15:09 09/09/2014] 4EBC4129E090E83F982B75D183466898
C:\Documents and Settings\user\Application Data\Azureus\torrents\[IPZ049] The chaos cross ~ Anjou Anna [wmv].torrent --a---- 11432 bytes [03:45 15/02/2013] [03:45 15/02/2013] DC1DE4BE62C9F75DBEE701A29BE840FE
C:\Documents and Settings\user\Application Data\Azureus\torrents\[SERO0250]  1 Mizuno Chaoyang Out 14 Shots In Without Disconnecting [avi].torrent --a---- 82275 bytes [18:26 01/09/2014] [18:26 01/09/2014] 9173E2FAC4CFA1915E0333A0EFC47C29
C:\Documents and Settings\user\Application Data\Azureus\torrents\[SOE899] Going At It Chaotically! Human Bullet Piston ~ Hana Haruna [avi].torrent --a---- 77896 bytes [17:55 09/06/2013] [17:55 09/06/2013] 6ED6C46E66F5C1D0B86420E7209D8027
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.hao123.com_0.localstorage --a---- 3072 bytes [05:14 20/09/2014] [05:14 20/09/2014] 3646B8630862EFE7986B7CD35052D895
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.hao123.com_0.localstorage-journal --a---- 3608 bytes [05:14 20/09/2014] [05:14 20/09/2014] E26F74B2AB6DF2DEB13D78B69FCAF220
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KU8JCAN7\s1.hao123img.com\index\swf\LocalStorage.swf\$hao123$.sol --a---- 78 bytes [05:14 20/09/2014] [05:14 20/09/2014] 19F00A2CEFED26F3305238CF29C78E07
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9MDDEQAR\tw.hao123.com\static\web\base\swf\LocalStorage.swf\$hao123$.sol --a---- 78 bytes [18:31 20/09/2014] [18:31 20/09/2014] AB8F65C6E1A0D6A467E87020E8659EEA
C:\Documents and Settings\user\My Documents\Anki\User 1\collection.media\chaos.mp3 --a---- 2377 bytes [19:39 04/10/2013] [19:39 04/10/2013] 4651D94C6F8ED5D01F76048B9D5A5713
C:\Program Files\Common Files\Ahead\NAS\nas\presets\Chaos.nvp --a---- 3625 bytes [05:25 17/01/2001] [05:25 17/01/2001] 3FF8D3242A0FED4F6C0787D70C469F71
 
========== folderfind ==========
 
Searching for "*hao123*"
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KU8JCAN7\s1.hao123img.com d------ [05:14 20/09/2014]
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KU8JCAN7\macromedia.com\support\flashplayer\sys\#s1.hao123img.com d------ [05:14 20/09/2014]
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9MDDEQAR\tw.hao123.com d------ [18:31 20/09/2014]
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9MDDEQAR\macromedia.com\support\flashplayer\sys\#tw.hao123.com d------ [18:31 20/09/2014]
 
Searching for "*hao*"
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KU8JCAN7\s1.hao123img.com d------ [05:14 20/09/2014]
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\KU8JCAN7\macromedia.com\support\flashplayer\sys\#s1.hao123img.com d------ [05:14 20/09/2014]
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9MDDEQAR\tw.hao123.com d------ [18:31 20/09/2014]
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\9MDDEQAR\macromedia.com\support\flashplayer\sys\#tw.hao123.com d------ [18:31 20/09/2014]
 
========== regfind ==========
 
Searching for "hao"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\haoyuming.net]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\rezepte-chaos.de]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\haoyuming.net]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\rezepte-chaos.de]
[HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Windows\CurrentVersion\internet settings\ZoneMap\Domains\haoyuming.net]
[HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Windows\CurrentVersion\internet settings\ZoneMap\Domains\rezepte-chaos.de]
[HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Windows\CurrentVersion\internet settings\ZoneMap\EscDomains\haoyuming.net]
[HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Windows\CurrentVersion\internet settings\ZoneMap\EscDomains\rezepte-chaos.de]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\Chinese]
"PhoneMap"="- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 + 0008 * 0009 1 000A 2 000B 3 000C 4 000D 5 000E a 000F ai 0010 an 0011 ang 0012 ao 0013 ba 0014 bai 0015 ban 0016 bang 0017 bao 0018 bei 0019 ben 001A beng 001B bi 001C bian 001D biao 001E bie 001F bin 0020 bing 0021 bo 0022 bu 0023 ca 0024 cai 0025 can 0026 cang 0027 cao 0028 ce 0029 cen 002A ceng 002B cha 002C chai 002D chan 002E chang 002F chao 0030 che 0031 chen 0032 cheng 0033 chi 0034  chong 0035 chou 0036 chu 0037 chuai 0038 chuan 0039 chuang 003A chui 003B chun 003C chuo 003D ci 003E cong 003F cou 0040 cu 0041 cuan 0042 cui 0043 cun 0044 cuo 0045 da 0046 dai 0047 dan 0048 dang 0049 dao 004A de 004B dei 004C den 004D deng 004E di 004F dia 0050 dian 0051 diao 0052 die 0053 ding 0054 diu 0055 dong 0056 dou 0057 du 0058 duan 0059 dui 005A dun 005B duo 005C e 005D ei 005E en 005F er 0060 fa 0061 fan 0062 fang 0063 fei 0064 fen  0065 feng 0066 fo 0067 fou 0068 fu 0069 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\80CB791C28D3156488686EC81275A883\Features]
"iTunes"="jQ9jsb5r0@]6YQx=3485p[-tfn}en=MCS'sfb@bL=FFgr@Ojd8}`2h98(`S()h9idqIdW@lZECy0u$GyoPtypKSZn9K6Ho@?kX_GU2[p=n+7YA(D~CnWx3g?Vyj3mic$?9V0w]z[By,P@Tl9soU]r=kj0f@?}RQ!'TZx.qM]h()CG2$u3MzY@V[zER4cO9nDwowDX%}t_pGGkZzLh9r3NU)LvJSVSkCIHffW`@Xg7l2d2''UQCj*zCQQz8oUZ5(fRDLY0L0c.J.Pt?p^g$mCOr5odFsVxY,_3?t3axt)YZJAZ[Il'f`C.?a~f-xmu.JuEkcIr]70~98ufRSxITDzVzO*_2dt,Ai@SrsbWH*hv9h@VbudQ9Vm(S-yyVM7+1*w%l]Cz=}Cm?t^oWW7!Es`1i3ph@CdCJWfQ``wmVun,Wme2@8=tSt7),`PjUmpC=k2`A8%19C]2_O4VPQzF2_U293&Qcg]4[laDdyzU_7l)?fgWNHc5QLt)='[Ll4y!@YV`riTeol&7rMC+vAJh(2`uG'-lVnY3!nmMupd^?Wl^BAMmje(EH]pPD6Hr?f'VlgR&KeqM5pfL_Ktg(l*d=J%lrLWGseJ3%dyV9_6Eha8hfVzI.=?_w*3]9wpw2TNA2j!MR(K&gwxF?)-tP6upAq$2s9yT=&oJ?p(@S+mRqFecx{VnRa{L=1Pkrz@ZLQFDEZrMy!E19.Iikyt+X!56yhKIN5]a=v?Vp@]3L7xry2a86}Bj8ob.J.Q5S_&t2HIY=^8?9$fzxArf&rsr(7L0^QhQ=1n~3!arsg*{W{$2+6=k?e0{PX_4kuTTC+jXR~M(A$,'+b^G5i+%R1Du]MHm@cB7O_&`J&=+Wb6dh!Wm=p
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9F875003FFE939B4A91B0C5E07E74F36\Features]
"Templates"="}x)gD+dvA9eA%W72PNjKIU@`98D3A=G]da,WC33@h&-gA4Bm`b[VPD%3&nvVYE64bVBPhao~qgM(HUuo!SGxFFH%?Mn0k@$+SI2rg66)sTQhWl[nL8a8MpniTm%~GIM88jA`%~T&p^BZ=qjGMhK=&8knmIdlziJ8%R`zFf}^LfdGmZ'EJ[l(4.{Jg4O02$BBd--K={T^9$lo04TQsAi{@9=8_HBbjy,wi]g*nGw&wGWe^I'CVCDWizard"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F07DBE66C24AF574EAFD723787510133\Features]
"NrPoonapViewerLanguageNls_PLK94BD480D"="HAON2^y(}.ZW&hN$LjKnNeroPhotoSnapViewerLanguageNls2313C650"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\haoyuming.net]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rezepte-chaos.de]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\haoyuming.net]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\rezepte-chaos.de]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\haoyuming.net]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rezepte-chaos.de]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\haoyuming.net]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\rezepte-chaos.de]
[HKEY_USERS\S-1-5-21-515967899-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\haoyuming.net]
[HKEY_USERS\S-1-5-21-515967899-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\rezepte-chaos.de]
[HKEY_USERS\S-1-5-21-515967899-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\haoyuming.net]
[HKEY_USERS\S-1-5-21-515967899-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\rezepte-chaos.de]
[HKEY_USERS\S-1-5-21-515967899-1390067357-839522115-1003\Software\Classes\Software\Microsoft\Windows\CurrentVersion\internet settings\ZoneMap\Domains\haoyuming.net]
[HKEY_USERS\S-1-5-21-515967899-1390067357-839522115-1003\Software\Classes\Software\Microsoft\Windows\CurrentVersion\internet settings\ZoneMap\Domains\rezepte-chaos.de]
[HKEY_USERS\S-1-5-21-515967899-1390067357-839522115-1003\Software\Classes\Software\Microsoft\Windows\CurrentVersion\internet settings\ZoneMap\EscDomains\haoyuming.net]
[HKEY_USERS\S-1-5-21-515967899-1390067357-839522115-1003\Software\Classes\Software\Microsoft\Windows\CurrentVersion\internet settings\ZoneMap\EscDomains\rezepte-chaos.de]
[HKEY_USERS\S-1-5-21-515967899-1390067357-839522115-1003_Classes\Software\Microsoft\Windows\CurrentVersion\internet settings\ZoneMap\Domains\haoyuming.net]
[HKEY_USERS\S-1-5-21-515967899-1390067357-839522115-1003_Classes\Software\Microsoft\Windows\CurrentVersion\internet settings\ZoneMap\Domains\rezepte-chaos.de]
[HKEY_USERS\S-1-5-21-515967899-1390067357-839522115-1003_Classes\Software\Microsoft\Windows\CurrentVersion\internet settings\ZoneMap\EscDomains\haoyuming.net]
[HKEY_USERS\S-1-5-21-515967899-1390067357-839522115-1003_Classes\Software\Microsoft\Windows\CurrentVersion\internet settings\ZoneMap\EscDomains\rezepte-chaos.de]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\haoyuming.net]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rezepte-chaos.de]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\haoyuming.net]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\rezepte-chaos.de]
 
Searching for "hao123"
No data found.
 
-= EOF =-
 
5. Security Check log
 

 Results of screen317's Security Check version 0.99.87  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
360??                       
Kaspersky Internet Security   
 Antivirus up to date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 SUPERAntiSpyware     
 CCleaner     
 JavaFX 2.1.1    
 Java 7 Update 55  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Spybot Teatimer.exe is disabled! 
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 plugin-nm-server.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 8% 
````````````````````End of Log`````````````````````` 
 
Thanks and kindly advise for further action. Thank you.
 

  • 0

Advertisements

#2
intuitions
Posted 23 September 2014 - 10:55 AM

intuitions

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Hi,

 

the hao123 url has disappeared (confused). Kindly close down this thread. Tq.


  • 0

#3
Biscuithd
Posted 02 October 2014 - 08:48 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, thanks for letting us know :)


  • 0

#4
Biscuithd
Posted 02 October 2014 - 08:48 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: hao123, malware, spyware, hijack, browser

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP