Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE & Mozilla browsers hijacked by hao123.com [Solved]

Started by zennyboy1984 , Oct 08 2014 07:12 AM

  • This topic is locked This topic is locked

#1
zennyboy1984
Posted 08 October 2014 - 07:12 AM

zennyboy1984

    Member

  • Member
  • PipPip
  • 12 posts

Googled for the past 2 days for fixing this but after trying numerous method this hao123.com still cant be fixed. After opening both mozilla firefox and IE browser the hompage gets redirected to hao123.com. Saw the solution here but i not dare to try anything as i saw the expert here stated the method is purely for the specific pc. Please do help me to solve this as this is quite annoyed to see my IE & firefox homepage is hao123.com. Thanks in advance  xbiggrin.png.pagespeed.ic.XhpYJIv77v.png

 

 

OTL logfile created on: 10/8/2014 9:06:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\zenny\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.94 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 60.53% Memory free
7.89 Gb Paging File | 5.44 Gb Available in Paging File | 68.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244.96 Gb Total Space | 71.77 Gb Free Space | 29.30% Space Free | Partition Type: NTFS
Drive D: | 49.28 Gb Total Space | 49.16 Gb Free Space | 99.75% Space Free | Partition Type: NTFS
Drive E: | 62.50 Gb Total Space | 60.85 Gb Free Space | 97.36% Space Free | Partition Type: NTFS
Drive G: | 220.70 Gb Total Space | 180.62 Gb Free Space | 81.84% Space Free | Partition Type: NTFS
 
Computer Name: ZENNY-PC | User Name: zenny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/08 21:02:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\zenny\Desktop\OTL.exe
PRC - [2014/10/08 18:17:00 | 000,315,520 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
PRC - [2014/10/08 18:10:07 | 000,118,048 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
PRC - [2014/10/08 18:09:57 | 000,118,048 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
PRC - [2014/09/26 13:55:56 | 000,480,848 | ---- | M] (Baidu Inc.) -- G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\bpls.exe
PRC - [2014/09/26 13:55:48 | 001,575,504 | ---- | M] (Baidu Inc.) -- G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\bdyyService.exe
PRC - [2014/09/26 13:55:46 | 000,340,560 | ---- | M] (Baidu Inc.) -- G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\bdyyProtect.exe
PRC - [2014/09/26 13:55:08 | 000,913,488 | ---- | M] (Baidu.com, Inc.) -- G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\bdbtray.exe
PRC - [2014/09/26 13:54:52 | 000,933,968 | ---- | M] () -- G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\BaiduPlayer.exe
PRC - [2014/09/25 20:21:04 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/09/10 23:21:40 | 001,870,000 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
PRC - [2014/08/20 11:27:22 | 001,240,496 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe
PRC - [2014/06/27 11:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 15:38:12 | 000,014,256 | ---- | M] () -- C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe
PRC - [2014/06/24 10:42:12 | 004,101,576 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/06/24 10:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- E:\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- E:\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- E:\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/12/10 16:07:32 | 001,101,152 | ---- | M] (百度在线网络技术(北京)有限公司) -- C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe
PRC - [2013/11/28 17:25:16 | 001,332,672 | ---- | M] (www.guangsu.cn) -- C:\Program Files (x86)\gssoft\gswb\2.7.1.3126\Config.exe
PRC - [2013/05/11 18:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/20 01:53:16 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/20 01:53:10 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/06 05:23:34 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/05/21 00:26:26 | 000,291,648 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/06/30 02:52:34 | 001,074,496 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
PRC - [2010/07/13 06:39:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe
PRC - [2008/03/06 03:00:12 | 001,560,576 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\RALINK\Common\RaUI.exe
PRC - [2008/02/23 10:10:38 | 000,054,272 | ---- | M] () -- C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/08 18:10:08 | 000,065,696 | ---- | M] () -- C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
MOD - [2014/10/08 18:10:05 | 000,092,320 | ---- | M] () -- C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll
MOD - [2014/10/08 18:09:56 | 000,179,200 | ---- | M] () -- C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
MOD - [2014/09/26 13:59:00 | 000,581,712 | ---- | M] () -- G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\lu.dll
MOD - [2014/09/26 13:58:54 | 000,374,352 | ---- | M] () -- G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\live.dll
MOD - [2014/09/26 13:57:50 | 001,732,176 | ---- | M] () -- G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\BDPlayerEX.dll
MOD - [2014/09/26 13:54:52 | 000,933,968 | ---- | M] () -- G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\BaiduPlayer.exe
MOD - [2014/09/25 20:21:03 | 003,715,184 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/09/10 23:21:40 | 016,825,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
MOD - [2014/06/24 15:38:12 | 000,014,256 | ---- | M] () -- C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe
MOD - [2014/05/13 12:04:48 | 000,167,768 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/05/13 12:04:46 | 000,109,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/05/13 12:04:42 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/08/13 13:58:07 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-140 revB\ANPDApi.dll
MOD - [2012/11/29 06:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/29 06:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/14 02:58:00 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-140 revB\wlanapp.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/09 21:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/12/07 04:52:10 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/06/20 11:10:34 | 000,634,632 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/04/07 08:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/10/08 18:10:07 | 000,118,048 | ---- | M] (Elex do Brasil Participações Ltda) [Auto | Running] -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe -- (iSafeService)
SRV - [2014/09/25 20:21:03 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/25 18:21:10 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/01 05:46:52 | 000,542,400 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/17 09:32:42 | 001,861,936 | ---- | M] (Palo Alto Networks) [Auto | Running] -- E:\Palo Alto Networks\GlobalProtect\PanGPS.exe -- (PanGPS)
SRV - [2013/12/31 02:58:57 | 000,174,024 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [Auto | Running] -- C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll -- (XLServicePlatform)
SRV - [2013/12/10 16:07:32 | 001,101,152 | ---- | M] (百度在线网络技术(北京)有限公司) [Auto | Running] -- C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe -- (BDSGRTP)
SRV - [2013/11/28 17:25:16 | 001,332,672 | ---- | M] (www.guangsu.cn) [Auto | Running] -- C:\Program Files (x86)\gssoft\gswb\2.7.1.3126\Config.exe -- (GSService)
SRV - [2013/05/11 18:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/20 01:53:16 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/20 01:53:10 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/07/06 05:23:34 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2010/07/13 06:39:24 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe -- (D_Link_DWA-140_WPS)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/02/23 10:10:38 | 000,054,272 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/10/08 20:28:02 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/10/08 18:15:55 | 000,045,224 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys -- (iSafeKrnlBoot)
DRV:64bit: - [2014/09/22 20:13:46 | 000,049,320 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\iSafeNetFilter.sys -- (iSafeNetFilter)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/04/17 09:27:54 | 000,036,352 | ---- | M] (Palo Alto Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pangpd.sys -- (PanGpd)
DRV:64bit: - [2013/12/10 15:53:24 | 000,168,264 | ---- | M] (Baidu) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bd0004.sys -- (bd0004)
DRV:64bit: - [2013/12/10 15:53:24 | 000,104,264 | ---- | M] (Baidu) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bd0001.sys -- (bd0001)
DRV:64bit: - [2013/12/07 05:52:14 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/12/07 04:21:44 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/09/24 22:53:50 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/12/14 06:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/26 01:01:20 | 000,022,680 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2012/08/22 05:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/03 07:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/05/21 00:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/05/21 00:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/05/21 00:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/02 18:38:08 | 000,239,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2011/09/29 17:30:34 | 000,646,248 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/29 06:20:30 | 001,617,472 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/14 09:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 09:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 09:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/07 10:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2007/10/10 05:54:40 | 000,371,200 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7064.sys -- (rt70x64)
DRV - [2014/10/08 18:16:10 | 000,065,704 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | System | Running] -- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys -- (iSafeKrnlR3)
DRV - [2014/10/08 18:16:05 | 000,099,496 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | System | Running] -- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys -- (iSafeKrnlKit)
DRV - [2014/10/08 18:16:02 | 000,248,488 | ---- | M] (Elex do Brasil Participações Ltda) [File_System | System | Running] -- C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys -- (iSafeKrnl)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE:64bit: - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-sg/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 29 10 ED F3 E2 CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKCU\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@baidu.com/npBdyyPlugin: G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\npbdyy.dll ()
FF - HKLM\Software\MozillaPlugins\@baidu.com/npxbdyy: G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\npxbdyy.dll ()
FF - HKLM\Software\MozillaPlugins\@funshion.com/npFunshion: C:\Users\zenny\funshion\funshiontools\npFunshion.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@xfplay.com/xfplay: C:\Program Files (x86)\xfplay\npxfweb.dll (http://www.xfplay.com)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrl: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(560).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll File not found
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: G:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll File not found
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: G:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 18:36:14 | 000,010,691 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/05/20 14:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zenny\AppData\Roaming\Mozilla\Extensions
[2013/12/11 12:09:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zenny\AppData\Roaming\Mozilla\Firefox\Profiles\pogtaohm.default\extensions
[2013/12/11 12:09:16 | 000,000,000 | ---D | M] (Funshion Player Extension) -- C:\Users\zenny\AppData\Roaming\Mozilla\Firefox\Profiles\pogtaohm.default\extensions\{D119EDE5-84F2-4204-927D-D8811DC193B9}
[2014/10/07 22:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zenny\AppData\Roaming\Mozilla\Firefox\Profiles\q5qn4sq4.default-1412692487582\extensions
[2013/09/02 13:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zenny\AppData\Roaming\Mozilla\Firefox\Profilespogtaohm.default\extensions
[2013/09/02 13:08:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zenny\AppData\Roaming\Mozilla\Firefox\Profilespogtaohm.default\extensions\staged
[2014/10/08 20:53:39 | 000,002,393 | ---- | M] () -- C:\Users\zenny\AppData\Roaming\Mozilla\Firefox\Profiles\q5qn4sq4.default-1412692487582\searchplugins\Google.xml
[2014/06/18 21:44:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/25 20:21:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\zenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\zenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\zenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\zenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\zenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\zenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\zenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ѸÀ×ÏÂÔØÖ§³Ö) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - G:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.17.4698.dll (深圳市迅雷网络技术有限公司)
O2:64bit: - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (7CCA744D-8A17-62A0-F7AA-A540136CF894 Class) - {7CCA744D-8A17-62A0-F7AA-A540136CF894} - C:\Program Files (x86)\QvodPlayer\AddIn\{7CCA744D-8A17-62A0-F7AA-A540136CF894}\QvodAddr.dll ()
O2 - BHO: (no name) - {A8502600-B272-4F68-A67B-A0305D46D297} - No CLSID value found.
O2 - BHO: (ѸÀ×ÏÂÔØÖ§³Ö×é¼þ) - {DE05CF4A-7B0A-4775-B5E5-396244938679} - G:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll (深圳市迅雷网络技术有限公司)
O4:64bit: - HKLM..\Run: [GlobalProtect] E:\Palo Alto Networks\GlobalProtect\PanGPA.exe (Palo Alto Networks)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [D-Link D-Link DWA-140] C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [QvodTerminal] C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [BaiduMEDIA] G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\BaiduPlayer.exe ()
O4 - HKCU..\Run: [BaiduMEDIASERVICE] G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\bdyyService.exe (Baidu Inc.)
O4 - HKCU..\Run: [bdcalendar] C:\Users\zenny\AppData\Roaming\baidu\bdcalendar\1_1_0_186\bdcalendar.exe /autorun File not found
O4 - HKCU..\Run: [TTWeather] "C:\Program Files (x86)\TTWeather\TTWeather.exe" /autorun File not found
O4 - HKCU..\Run: [weatherTips] "C:\Program Files (x86)\TTWeather\weatherTips.exe" /autorun File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O9 - Extra 'Tools' menuitem : 启动迅雷看看播放器 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm ()
O9 - Extra Button: 启动迅雷看看播放器 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0018A5F5-90A2-4C02-9591-B93B4975D56D}: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5288348E-5BCB-498D-8A84-D8944532E2CD}: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/08 21:02:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\zenny\Desktop\OTL.exe
[2014/10/08 20:43:47 | 000,049,320 | ---- | C] (Elex do Brasil Participações Ltda) -- C:\Windows\SysNative\drivers\iSafeNetFilter.sys
[2014/10/08 20:43:47 | 000,045,224 | ---- | C] (Elex do Brasil Participações Ltda) -- C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys
[2014/10/08 20:43:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
[2014/10/08 20:43:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\log
[2014/10/08 20:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elex-tech
[2014/10/08 20:43:35 | 000,000,000 | ---D | C] -- C:\Users\zenny\AppData\Roaming\Elex-tech
[2014/10/07 23:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/10/07 23:36:59 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/10/07 23:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/10/07 23:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/10/07 22:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\GridinSoft
[2014/10/07 21:37:44 | 000,000,000 | ---D | C] -- C:\Users\zenny\AppData\Roaming\BindIconDir
[2014/10/07 21:33:23 | 000,000,000 | ---D | C] -- C:\Users\zenny\AppData\Roaming\Baidu
[2014/10/07 21:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu
[2014/10/07 20:51:30 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/07 20:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/07 20:51:00 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/10/07 20:51:00 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/10/07 20:51:00 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/10/07 20:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/10/07 20:40:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/10/07 20:31:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/06 22:22:03 | 000,000,000 | ---D | C] -- C:\Users\zenny\Desktop\Cat.Run.2.2014.720p.BluRay.x264.DTS-HDWinG
[2014/10/06 20:22:56 | 000,168,264 | ---- | C] (Baidu) -- C:\Windows\SysNative\drivers\bd0004.sys
[2014/10/06 20:22:39 | 000,104,264 | ---- | C] (Baidu) -- C:\Windows\SysNative\drivers\bd0001.sys
[2014/10/06 20:22:39 | 000,041,800 | ---- | C] (Baidu) -- C:\Windows\SysNative\bd64_x64.dll
[2014/10/06 20:22:39 | 000,039,056 | ---- | C] (Baidu) -- C:\Windows\SysNative\bd64_x86.dll
[2014/10/06 20:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Baidu
[2014/10/06 20:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BaiduPlayer
[2014/10/06 00:41:39 | 000,000,000 | ---D | C] -- C:\Users\zenny\Desktop\Hercules.Reborn.2014.720p.BluRay.X264-iNVANDRAREN[rarbg]
[2014/10/05 15:56:10 | 000,000,000 | ---D | C] -- C:\Users\zenny\AppData\Roaming\WinRAR
[2014/10/05 15:56:02 | 000,000,000 | ---D | C] -- C:\Users\zenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/10/05 15:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2014/10/05 15:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2014/10/05 15:16:23 | 000,000,000 | ---D | C] -- C:\Users\zenny\Desktop\IC stuffs
[2014/10/02 21:34:48 | 000,000,000 | ---D | C] -- C:\Users\zenny\Desktop\Blended.2014.BluRay.720p.DTS.x264-CHD
[2014/09/29 21:31:43 | 000,000,000 | ---D | C] -- C:\Users\zenny\Desktop\Brick.Mansions.2014.BluRay.720p.x264.DTS-HDWinG
[2014/09/23 20:26:14 | 000,000,000 | ---D | C] -- C:\Users\zenny\Desktop\Jarhead.2.Field.of.Fire.2014.BluRay.720p.DTS.x264-CHD
[2014/09/21 02:05:41 | 000,000,000 | ---D | C] -- C:\Users\zenny\Desktop\Captain.America.The.Winter.Soldier.2014.BluRay.720p.DTS.x264-CHD
[2014/09/21 01:03:26 | 000,000,000 | ---D | C] -- C:\iResearch
[2014/09/21 01:03:15 | 000,000,000 | ---D | C] -- C:\Users\zenny\AppData\Roaming\iy
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/08 21:03:45 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/08 21:02:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\zenny\Desktop\OTL.exe
[2014/10/08 20:43:47 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\YAC.lnk
[2014/10/08 20:32:27 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/08 20:32:26 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/08 20:28:02 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/08 20:27:04 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/10/08 20:26:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/08 20:26:54 | 3175,981,056 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/08 18:15:55 | 000,045,224 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys
[2014/10/08 00:21:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/07 23:42:48 | 000,001,042 | ---- | M] () -- C:\Users\zenny\AppData\Roaming\coreavc.ini
[2014/10/07 23:37:01 | 000,001,379 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/10/07 21:38:16 | 000,000,392 | ---- | M] () -- C:\Users\zenny\Application Data\Microsoft\Internet Explorer\Quick Launch\360°²È«µ¼º½.lnk
[2014/10/07 20:51:02 | 000,000,613 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/06 20:21:55 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\BaiduPlayer.lnk
[2014/09/27 02:41:15 | 2680,127,575 | ---- | M] () -- C:\Users\zenny\Desktop\X-Men Days of Future Past 2014 720p BluRay DTS x264-DNL.mkv
[2014/09/27 01:20:36 | 000,017,639 | -H-- | M] () -- C:\Users\zenny\Desktop\4B40EB265F7CD06886C4130DC65CA96333FDDC87.torrent
[2014/09/25 19:13:33 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/22 20:13:46 | 000,049,320 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Windows\SysNative\drivers\iSafeNetFilter.sys
 
========== Files Created - No Company Name ==========
 
[2014/10/08 20:43:47 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\YAC.lnk
[2014/10/07 23:37:01 | 000,001,391 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/10/07 23:37:01 | 000,001,379 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/10/07 21:38:16 | 000,000,392 | ---- | C] () -- C:\Users\zenny\Application Data\Microsoft\Internet Explorer\Quick Launch\360°²È«µ¼º½.lnk
[2014/10/07 20:51:02 | 000,000,613 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/06 20:21:55 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\BaiduPlayer.lnk
[2014/09/27 01:20:50 | 2680,127,575 | ---- | C] () -- C:\Users\zenny\Desktop\X-Men Days of Future Past 2014 720p BluRay DTS x264-DNL.mkv
[2014/09/27 01:20:43 | 000,017,639 | -H-- | C] () -- C:\Users\zenny\Desktop\4B40EB265F7CD06886C4130DC65CA96333FDDC87.torrent
[2014/08/24 23:42:36 | 000,003,760 | ---- | C] () -- C:\Users\zenny\PanPortalCfg_fd8237ba3c63fd73189dbfe98a3955c.dat
[2013/12/31 02:59:37 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat
[2013/12/29 22:31:48 | 000,000,598 | ---- | C] () -- C:\Windows\SysWow64\bdsecushr.dat
[2013/12/07 05:38:38 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/12/07 05:38:38 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/12/06 16:44:26 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/08/13 13:57:41 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe
[2013/05/28 08:45:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/05/20 14:40:12 | 000,001,042 | ---- | C] () -- C:\Users\zenny\AppData\Roaming\coreavc.ini
[2013/05/20 12:09:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/05/20 12:08:17 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/05/20 12:08:17 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/05/20 12:08:17 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/05/20 11:41:46 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/20 11:37:59 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 09:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/30 00:09:59 | 000,000,000 | -HSD | M] -- C:\Users\zenny\AppData\Roaming\2345Explorer
[2014/06/07 01:58:04 | 000,000,000 | ---D | M] -- C:\Users\zenny\AppData\Roaming\Animals
[2013/07/06 18:31:11 | 000,000,000 | ---D | M] -- C:\Users\zenny\AppData\Roaming\Awesomium
[2014/10/07 21:38:24 | 000,000,000 | ---D | M] -- C:\Users\zenny\AppData\Roaming\Baidu
[2014/10/07 21:38:15 | 000,000,000 | ---D | M] -- C:\Users\zenny\AppData\Roaming\BindIconDir
[2014/10/07 22:43:46 | 000,000,000 | ---D | M] -- C:\Users\zenny\AppData\Roaming\CloudMedia
[2014/06/05 20:51:54 | 000,000,000 | ---D | M] -- C:\Users\zenny\AppData\Roaming\DataRepair
[2014/10/08 20:43:35 | 000,000,000 | ---D | M] -- C:\Users\zenny\AppData\Roaming\Elex-tech
[2014/05/31 03:20:42 | 000,000,000 | ---D | M] -- C:\Users\zenny\AppData\Roaming\FunAir
[2014/10/07 21:01:31 | 000,000,000 | ---D | M] -- C:\Users\zenny\AppData\Roaming\Funshion
[2014/09/21 01:03:15 | 000,000,000 | ---D | M] -- C:\Users\zenny\AppData\Roaming\iy
[2014/04/29 21:31:52 | 000,000,000 | ---D | M] -- C:\Users\zenny\AppData\Roaming\xfplayer
[2013/12/31 02:59:08 | 000,000,000 | ---D | M] -- C:\Users\zenny\AppData\Roaming\Xunlei
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2014/10/06 20:47:25 | 007,336,335 | ---- | M] ()(C:\Users\zenny\Desktop\?????-???.mp3) -- C:\Users\zenny\Desktop\月半小夜曲-陈乐基.mp3
[2014/10/06 20:22:20 | 000,001,945 | ---- | M] ()(C:\Users\Public\Desktop\??.lnk) -- C:\Users\Public\Desktop\快播.lnk
[2014/10/06 20:22:20 | 000,001,945 | ---- | C] ()(C:\Users\Public\Desktop\??.lnk) -- C:\Users\Public\Desktop\快播.lnk
[2014/10/06 20:22:20 | 000,001,941 | ---- | M] ()(C:\Users\zenny\Application Data\Microsoft\Internet Explorer\Quick Launch\??.lnk) -- C:\Users\zenny\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk
[2014/10/06 20:22:20 | 000,001,941 | ---- | C] ()(C:\Users\zenny\Application Data\Microsoft\Internet Explorer\Quick Launch\??.lnk) -- C:\Users\zenny\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk
[2014/10/06 20:22:20 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\快播软件
[2014/10/05 23:30:19 | 505,575,519 | ---- | M] ()(C:\Users\zenny\Desktop\????.Z.Nation.S01E04.????.HDTVrip.1024X576.mkv) -- C:\Users\zenny\Desktop\僵尸国度.Z.Nation.S01E04.中英字幕.HDTVrip.1024X576.mkv
[2014/10/05 23:15:42 | 505,575,519 | ---- | C] ()(C:\Users\zenny\Desktop\????.Z.Nation.S01E04.????.HDTVrip.1024X576.mkv) -- C:\Users\zenny\Desktop\僵尸国度.Z.Nation.S01E04.中英字幕.HDTVrip.1024X576.mkv
[2014/10/05 15:56:32 | 007,336,335 | ---- | C] ()(C:\Users\zenny\Desktop\?????-???.mp3) -- C:\Users\zenny\Desktop\月半小夜曲-陈乐基.mp3
[2014/10/01 21:30:07 | 1945,158,196 | ---- | M] ()(C:\Users\zenny\Desktop\?6v??????,???www.6vhao.com???????.720p.BD????.mp4) -- C:\Users\zenny\Desktop\【6v电影域名被盗,新地址www.6vhao.com】母亲外出之夜.720p.BD中英双字.mp4
[2014/10/01 20:09:03 | 1945,158,196 | ---- | C] ()(C:\Users\zenny\Desktop\?6v??????,???www.6vhao.com???????.720p.BD????.mp4) -- C:\Users\zenny\Desktop\【6v电影域名被盗,新地址www.6vhao.com】母亲外出之夜.720p.BD中英双字.mp4
[2014/09/28 22:04:49 | 1157,300,820 | ---- | M] ()(C:\Users\zenny\Desktop\??????????.720p.HD?????6v??????,???www.6vhao.net?.mp4) -- C:\Users\zenny\Desktop\白发魔女传之明月天国.720p.HD国语中字【6v电影域名被盗,新地址www.6vhao.net】.mp4
[2014/09/28 21:44:59 | 1157,300,820 | ---- | C] ()(C:\Users\zenny\Desktop\??????????.720p.HD?????6v??????,???www.6vhao.net?.mp4) -- C:\Users\zenny\Desktop\白发魔女传之明月天国.720p.HD国语中字【6v电影域名被盗,新地址www.6vhao.net】.mp4
[2014/09/15 23:09:39 | 2155,173,743 | ---- | M] ()(C:\Users\zenny\Desktop\????.BD1280??????.mp4) -- C:\Users\zenny\Desktop\落魄大厨.BD1280超清中英双字.mp4
[2014/09/15 21:44:05 | 2155,173,743 | ---- | C] ()(C:\Users\zenny\Desktop\????.BD1280??????.mp4) -- C:\Users\zenny\Desktop\落魄大厨.BD1280超清中英双字.mp4
[2014/09/15 21:15:06 | 2132,872,818 | ---- | M] ()(C:\Users\zenny\Desktop\????.HD1280??????.mp4) -- C:\Users\zenny\Desktop\沉睡魔咒.HD1280超清中英双字.mp4
[2014/09/15 20:37:44 | 2132,872,818 | ---- | C] ()(C:\Users\zenny\Desktop\????.HD1280??????.mp4) -- C:\Users\zenny\Desktop\沉睡魔咒.HD1280超清中英双字.mp4
[2014/09/13 15:31:26 | 2263,291,287 | ---- | M] ()(C:\Users\zenny\Desktop\MR??.HD1280??????.mp4) -- C:\Users\zenny\Desktop\MR边缘.HD1280超清英语中字.mp4
[2014/09/13 14:55:32 | 2263,291,287 | ---- | C] ()(C:\Users\zenny\Desktop\MR??.HD1280??????.mp4) -- C:\Users\zenny\Desktop\MR边缘.HD1280超清英语中字.mp4
[2014/08/24 02:11:20 | 1158,867,455 | ---- | M] ()(C:\Users\zenny\Desktop\???2????.BD????1280???6v??????,???www.6vhao.com?.rmvb) -- C:\Users\zenny\Desktop\铁甲衣2浴血奋战.BD中英双字1280高清【6v电影域名被盗,新地址www.6vhao.com】.rmvb
[2014/08/24 01:08:59 | 1158,867,455 | ---- | C] ()(C:\Users\zenny\Desktop\???2????.BD????1280???6v??????,???www.6vhao.com?.rmvb) -- C:\Users\zenny\Desktop\铁甲衣2浴血奋战.BD中英双字1280高清【6v电影域名被盗,新地址www.6vhao.com】.rmvb
[2014/08/06 21:34:56 | 1251,265,606 | ---- | M] ()(C:\Users\zenny\Desktop\R?????2:?ZF??.HD1280??????.mp4) -- C:\Users\zenny\Desktop\R类清除计划2:无ZF状态.HD1280高清英语中字.mp4
[2014/08/06 21:22:59 | 1251,265,606 | ---- | C] ()(C:\Users\zenny\Desktop\R?????2:?ZF??.HD1280??????.mp4) -- C:\Users\zenny\Desktop\R类清除计划2:无ZF状态.HD1280高清英语中字.mp4
[2014/05/27 23:11:24 | 1399,289,541 | ---- | M] ()(C:\Users\zenny\Desktop\[????www.dy2018.com]?????BD????.rmvb) -- C:\Users\zenny\Desktop\[电影天堂www.dy2018.com]盟军夺宝队BD中英双字.rmvb
[2014/05/27 22:35:15 | 1399,289,541 | ---- | C] ()(C:\Users\zenny\Desktop\[????www.dy2018.com]?????BD????.rmvb) -- C:\Users\zenny\Desktop\[电影天堂www.dy2018.com]盟军夺宝队BD中英双字.rmvb
[2014/05/11 00:58:19 | 000,001,003 | ---- | M] ()(C:\Users\zenny\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Users\zenny\Application Data\Microsoft\Internet Explorer\Quick Launch\影音先锋.lnk
[2014/05/11 00:58:19 | 000,000,979 | ---- | M] ()(C:\Users\zenny\Desktop\????.lnk) -- C:\Users\zenny\Desktop\影音先锋.lnk
[2014/04/27 19:09:01 | 000,001,003 | ---- | C] ()(C:\Users\zenny\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Users\zenny\Application Data\Microsoft\Internet Explorer\Quick Launch\影音先锋.lnk
[2014/04/27 19:09:01 | 000,000,979 | ---- | C] ()(C:\Users\zenny\Desktop\????.lnk) -- C:\Users\zenny\Desktop\影音先锋.lnk
[2014/04/19 14:28:12 | 000,001,056 | ---- | M] ()(C:\Users\zenny\Desktop\???????.lnk) -- C:\Users\zenny\Desktop\迅雷看看播放器.lnk
[2014/04/19 14:28:12 | 000,001,056 | ---- | C] ()(C:\Users\zenny\Desktop\???????.lnk) -- C:\Users\zenny\Desktop\迅雷看看播放器.lnk
[2014/01/27 20:24:11 | 000,001,317 | ---- | M] ()(C:\Users\zenny\Application Data\Microsoft\Internet Explorer\Quick Launch\??.lnk) -- C:\Users\zenny\Application Data\Microsoft\Internet Explorer\Quick Launch\风行.lnk
[2013/12/30 15:54:18 | 000,001,161 | ---- | M] ()(C:\Users\zenny\Application Data\Microsoft\Internet Explorer\Quick Launch\????2013.lnk) -- C:\Users\zenny\Application Data\Microsoft\Internet Explorer\Quick Launch\百度音乐2013.lnk
[2013/12/30 15:54:18 | 000,001,161 | ---- | C] ()(C:\Users\zenny\Application Data\Microsoft\Internet Explorer\Quick Launch\????2013.lnk) -- C:\Users\zenny\Application Data\Microsoft\Internet Explorer\Quick Launch\百度音乐2013.lnk
[2013/09/24 12:57:35 | 000,001,317 | ---- | C] ()(C:\Users\zenny\Application Data\Microsoft\Internet Explorer\Quick Launch\??.lnk) -- C:\Users\zenny\Application Data\Microsoft\Internet Explorer\Quick Launch\风行.lnk
(C:\Users\zenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????2013) -- C:\Users\zenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度音乐2013
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\影音先锋

< End of report >
 


  • 0

Advertisements

#2
BrianDrab
Posted 12 October 2014 - 08:02 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Sorry for the delay in getting back to you. If you still need assistance please follow the instructions below to provide fresh logs. Thank you.

 

Step#1 - FRST Scan
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.


  • 0

#3
zennyboy1984
Posted 13 October 2014 - 06:21 AM

zennyboy1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hi BrianDrab,

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by zenny (administrator) on ZENNY-PC on 13-10-2014 20:15:01
Running from C:\Users\zenny\Downloads
Loaded Profiles: zenny &  (Available profiles: zenny)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(百度在线网络技术(北京)有限公司) C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe
() C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe
(Baidu Inc.) G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\bdyyProtect.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(www.guangsu.cn) C:\Program Files (x86)\gssoft\gswb\2.7.1.3126\Config.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) E:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) E:\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) E:\Malwarebytes Anti-Malware\mbam.exe
(Palo Alto Networks) E:\Palo Alto Networks\GlobalProtect\PanGPS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\BaiduPlayer.exe
(Baidu Inc.) G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\bdyyService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Palo Alto Networks) E:\Palo Alto Networks\GlobalProtect\PanGPA.exe
() C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\RALINK\Common\RaUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Baidu Inc.) G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\bpls.exe
(Baidu.com, Inc.) G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\bdbtray.exe
(Baidu Inc.) G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\bpls.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [GlobalProtect] => E:\Palo Alto Networks\GlobalProtect\PanGPA.exe [976688 2014-04-17] (Palo Alto Networks)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-20] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [D-Link D-Link DWA-140] => C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe [1074496 2011-06-30] (D-Link Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-14] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1862850717-2673517611-151062465-1000\...\Run: [TTWeather] => "C:\Program Files (x86)\TTWeather\TTWeather.exe" /autorun
HKU\S-1-5-21-1862850717-2673517611-151062465-1000\...\Run: [weatherTips] => "C:\Program Files (x86)\TTWeather\weatherTips.exe" /autorun
HKU\S-1-5-21-1862850717-2673517611-151062465-1000\...\Run: [BaiduMEDIA] => G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\BaiduPlayer.exe [933968 2014-09-26] ()
HKU\S-1-5-21-1862850717-2673517611-151062465-1000\...\Run: [bdcalendar] => C:\Users\zenny\AppData\Roaming\baidu\bdcalendar\1_1_0_186\bdcalendar.exe /autorun
HKU\S-1-5-21-1862850717-2673517611-151062465-1000\...\Run: [BaiduMEDIASERVICE] => G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\bdyyService.exe [1575504 2014-09-26] (Baidu Inc.)
HKU\S-1-5-21-1862850717-2673517611-151062465-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1862850717-2673517611-151062465-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TTWeather] => "C:\Program Files (x86)\TTWeather\TTWeather.exe" /autorun
HKU\S-1-5-21-1862850717-2673517611-151062465-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [weatherTips] => "C:\Program Files (x86)\TTWeather\weatherTips.exe" /autorun
HKU\S-1-5-21-1862850717-2673517611-151062465-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BaiduMEDIA] => G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\BaiduPlayer.exe [933968 2014-09-26] ()
HKU\S-1-5-21-1862850717-2673517611-151062465-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [bdcalendar] => C:\Users\zenny\AppData\Roaming\baidu\bdcalendar\1_1_0_186\bdcalendar.exe /autorun
HKU\S-1-5-21-1862850717-2673517611-151062465-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BaiduMEDIASERVICE] => G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\bdyyService.exe [1575504 2014-09-26] (Baidu Inc.)
HKU\S-1-5-21-1862850717-2673517611-151062465-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
ShellIconOverlayIdentifiers: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D298} => C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\Sniper.dll (Funshion)
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(559).dll (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers-x32: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D297} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-sg/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFE2910EDF3E2CF01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.co...q={searchTerms}
BHO: ѸÀ×ÏÂÔØÖ§³Ö -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> G:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.17.4698.dll (深圳市迅雷网络技术有限公司)
BHO: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D298} -> C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: No Name -> {A8502600-B272-4F68-A67B-A0305D46D297} ->  No File
BHO-x32: ѸÀ×ÏÂÔØÖ§³Ö×é¼þ -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> G:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll (深圳市迅雷网络技术有限公司)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 202.156.1.16 218.186.2.16 218.186.2.6

FireFox:
========
FF ProfilePath: C:\Users\zenny\AppData\Roaming\Mozilla\Firefox\Profiles\q5qn4sq4.default-1412692487582
FF NewTab: hxxp://www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @baidu.com/npBdyyPlugin -> G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\npbdyy.dll ()
FF Plugin-x32: @baidu.com/npxbdyy -> G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\npxbdyy.dll ()
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\zenny\funshion\funshiontools\npFunshion.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @xfplay.com/xfplay -> C:\Program Files (x86)\xfplay\npxfweb.dll (http://www.xfplay.com)
FF Plugin-x32: @xunlei.com/DapCtrl -> C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(560).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> G:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin HKCU: @xunlei.com/npxunlei;version=1.0.0.2 -> G:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\zenny\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\zenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-24]
CHR Extension: (Google Drive) - C:\Users\zenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\zenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-24]
CHR Extension: (YouTube) - C:\Users\zenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-24]
CHR Extension: (Google Search) - C:\Users\zenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-24]
CHR Extension: (Google Wallet) - C:\Users\zenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-24]
CHR Extension: (Gmail) - C:\Users\zenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-07] ()
R2 BDSGRTP; C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe [1101152 2013-12-10] (百度在线网络技术(北京)有限公司)
R2 D_Link_DWA-140_WPS; C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-07-13] () [File not signed]
R2 GSService; C:\Program Files (x86)\gssoft\gswb\2.7.1.3126\Config.exe [1332672 2013-11-28] (www.guangsu.cn)
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-10-08] (Elex do Brasil Participações Ltda)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-06] (Intel Corporation)
R2 MBAMScheduler; E:\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; E:\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PanGPS; E:\Palo Alto Networks\GlobalProtect\PanGPS.exe [1861936 2014-04-17] (Palo Alto Networks)
R2 RalinkRegistryWriter; C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe [54272 2008-02-23] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174024 2013-12-31] (ShenZhen Xunlei Networking Technologies,LTD)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2009-03-07] ()
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-26] ()
R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [104264 2013-12-10] (Baidu)
R1 bd0004; C:\Windows\System32\DRIVERS\bd0004.sys [168264 2013-12-10] (Baidu)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [248488 2014-10-08] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-09-22] (Elex do Brasil Participações Ltda)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-29] (Ralink Technology Corp.)
R3 PanGpd; C:\Windows\System32\DRIVERS\pangpd.sys [36352 2014-04-17] (Palo Alto Networks)
S3 rt70x64; C:\Windows\System32\DRIVERS\netr7064.sys [371200 2007-10-10] (Ralink Technology Corp.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-13 20:15 - 2014-10-13 20:15 - 00020232 _____ () C:\Users\zenny\Downloads\FRST.txt
2014-10-13 20:13 - 2014-10-13 20:15 - 00000000 ____D () C:\FRST
2014-10-13 20:11 - 2014-10-13 20:11 - 02110464 _____ (Farbar) C:\Users\zenny\Downloads\FRST64.exe
2014-10-12 22:33 - 2014-10-12 22:50 - 499507142 _____ () C:\Users\zenny\Desktop\始祖家族.The.Original.S02E01.中英字幕.HDTVrip.1024X576.mkv
2014-10-12 00:11 - 2014-10-12 01:15 - 1805483897 _____ () C:\Users\zenny\Desktop\少女灵异日记.HD1280超清国语中字.mp4
2014-10-09 22:12 - 2014-10-09 22:28 - 508535652 _____ () C:\Users\zenny\Desktop\哥谭.Gotham.S01E03.中英字幕.HDTVrip.1024X576.mkv
2014-10-08 21:53 - 2014-10-08 21:57 - 00001243 _____ () C:\Users\zenny\Desktop\百度音乐2014.lnk
2014-10-08 21:53 - 2014-10-08 21:53 - 00000000 ____D () C:\Users\zenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度音乐2014
2014-10-08 21:53 - 2014-10-08 21:53 - 00000000 ____D () C:\Program Files (x86)\Baidu
2014-10-08 21:43 - 2014-10-08 21:53 - 08915816 _____ (百度) C:\Users\zenny\Downloads\BaiduMusic-12345630.exe
2014-10-08 21:10 - 2014-10-08 21:10 - 00109002 _____ () C:\Users\zenny\Desktop\OTL.Txt
2014-10-08 21:10 - 2014-10-08 21:10 - 00102618 _____ () C:\Users\zenny\Desktop\Extras.Txt
2014-10-08 21:02 - 2014-10-08 21:02 - 00602112 _____ (OldTimer Tools) C:\Users\zenny\Desktop\OTL.exe
2014-10-08 21:01 - 2014-10-08 21:04 - 02498315 _____ (百度) C:\Users\zenny\Downloads\BaiduMusic-12345617(1).exe
2014-10-08 20:58 - 2014-10-08 21:00 - 02948875 _____ (百度) C:\Users\zenny\Downloads\BaiduMusic-12345617.exe
2014-10-08 20:43 - 2014-10-08 20:43 - 00001902 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-10-08 20:43 - 2014-10-08 20:43 - 00000000 ____D () C:\Windows\system32\log
2014-10-08 20:43 - 2014-10-08 20:43 - 00000000 ____D () C:\Users\zenny\AppData\Roaming\Elex-tech
2014-10-08 20:43 - 2014-10-08 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-10-08 20:43 - 2014-10-08 20:43 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2014-10-08 20:43 - 2014-10-08 18:15 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-10-08 20:43 - 2014-09-22 20:13 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2014-10-08 20:42 - 2014-10-08 20:43 - 15578360 _____ (Elex do Brasil Participações Ltda) C:\Users\zenny\Downloads\yet_another_cleaner_sk_42159.exe
2014-10-07 23:38 - 2014-10-07 23:38 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-10-07 23:37 - 2014-10-07 23:37 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-07 23:37 - 2014-10-07 23:37 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-07 23:37 - 2014-10-07 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-07 23:36 - 2014-10-08 00:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-07 23:36 - 2014-10-07 23:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-07 23:36 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-10-07 23:30 - 2014-10-07 23:32 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\zenny\Downloads\spybot-2.4.exe
2014-10-07 23:07 - 2014-10-07 23:07 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\zenny\Downloads\SpyHunter-Installer.exe
2014-10-07 22:07 - 2014-10-07 22:07 - 00003246 _____ () C:\Windows\System32\Tasks\Trojan Killer
2014-10-07 22:07 - 2014-10-07 22:07 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-10-07 22:03 - 2014-10-07 22:03 - 03026176 _____ (GridinSoft) C:\Users\zenny\Downloads\TrojanKillerInstallerST.exe
2014-10-07 21:37 - 2014-10-07 21:38 - 00000000 ____D () C:\Users\zenny\AppData\Roaming\BindIconDir
2014-10-07 21:33 - 2014-10-09 23:00 - 00000000 ____D () C:\Users\zenny\AppData\Roaming\Baidu
2014-10-07 21:33 - 2014-10-08 21:53 - 00000000 ____D () C:\ProgramData\Baidu
2014-10-07 20:51 - 2014-10-13 20:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-07 20:51 - 2014-10-07 20:51 - 00000613 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-07 20:51 - 2014-10-07 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-07 20:51 - 2014-10-07 20:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-07 20:51 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-07 20:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-07 20:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-07 20:49 - 2014-10-07 20:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\zenny\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-07 20:40 - 2014-10-07 20:40 - 00000000 ____D () C:\Windows\ERUNT
2014-10-07 20:39 - 2014-10-07 20:39 - 01705141 _____ (Thisisu) C:\Users\zenny\Downloads\JRT.exe
2014-10-07 20:31 - 2014-10-07 21:12 - 00000000 ____D () C:\AdwCleaner
2014-10-07 20:30 - 2014-10-07 20:30 - 01375089 _____ () C:\Users\zenny\Downloads\adwcleaner_3.311.exe
2014-10-06 22:22 - 2014-10-06 22:22 - 00000000 ____D () C:\Users\zenny\Desktop\Cat.Run.2.2014.720p.BluRay.x264.DTS-HDWinG
2014-10-06 20:22 - 2013-12-10 15:53 - 00168264 _____ (Baidu) C:\Windows\system32\Drivers\bd0004.sys
2014-10-06 20:22 - 2013-12-10 15:53 - 00104264 _____ (Baidu) C:\Windows\system32\Drivers\bd0001.sys
2014-10-06 20:22 - 2013-12-10 15:53 - 00041800 _____ (Baidu) C:\Windows\system32\bd64_x64.dll
2014-10-06 20:22 - 2013-12-10 15:53 - 00039056 _____ (Baidu) C:\Windows\system32\bd64_x86.dll
2014-10-06 20:21 - 2014-10-06 20:21 - 00003554 _____ () C:\Windows\System32\Tasks\ProtectBaiduPlayer
2014-10-06 20:21 - 2014-10-06 20:21 - 00001012 _____ () C:\Users\Public\Desktop\BaiduPlayer.lnk
2014-10-06 20:21 - 2014-10-06 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BaiduPlayer
2014-10-06 00:41 - 2014-10-06 02:44 - 00000000 ____D () C:\Users\zenny\Desktop\Hercules.Reborn.2014.720p.BluRay.X264-iNVANDRAREN[rarbg]
2014-10-05 15:56 - 2014-10-05 15:56 - 00000000 ____D () C:\Users\zenny\AppData\Roaming\WinRAR
2014-10-05 15:56 - 2014-10-05 15:56 - 00000000 ____D () C:\Users\zenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-05 15:56 - 2014-10-05 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-05 15:55 - 2014-10-05 15:56 - 00000000 ____D () C:\Program Files\WinRAR
2014-10-05 15:55 - 2014-10-05 15:55 - 01922688 _____ () C:\Users\zenny\Downloads\winrar-x64-511.exe
2014-10-05 15:48 - 2014-10-05 15:54 - 07146301 _____ () C:\Users\zenny\Downloads\月半小夜曲-陈乐基mp3【www.kpdown.com开辟软件站】.rar
2014-10-05 15:16 - 2014-10-05 15:16 - 00000000 ____D () C:\Users\zenny\Desktop\IC stuffs
2014-10-01 20:09 - 2014-10-01 21:30 - 1945158196 _____ () C:\Users\zenny\Desktop\【6v电影域名被盗,新地址www.6vhao.com】母亲外出之夜.720p.BD中英双字.mp4
2014-09-28 21:44 - 2014-09-28 22:04 - 1157300820 _____ () C:\Users\zenny\Desktop\白发魔女传之明月天国.720p.HD国语中字【6v电影域名被盗,新地址www.6vhao.net】.mp4
2014-09-27 01:20 - 2014-09-27 02:41 - 2680127576 _____ () C:\Users\zenny\Desktop\X-Men Days of Future Past 2014 720p BluRay DTS x264-DNL.mkv
2014-09-27 01:20 - 2014-09-27 01:20 - 00017639 ____H () C:\Users\zenny\Desktop\4B40EB265F7CD06886C4130DC65CA96333FDDC87.torrent
2014-09-23 20:26 - 2014-09-23 21:47 - 00000000 ____D () C:\Users\zenny\Desktop\Jarhead.2.Field.of.Fire.2014.BluRay.720p.DTS.x264-CHD
2014-09-21 02:05 - 2014-09-21 21:00 - 00000000 ____D () C:\Users\zenny\Desktop\Captain.America.The.Winter.Soldier.2014.BluRay.720p.DTS.x264-CHD
2014-09-21 01:03 - 2014-09-26 16:02 - 00000000 ____D () C:\iResearch
2014-09-21 01:03 - 2014-09-21 01:03 - 00000000 ____D () C:\Users\zenny\AppData\Roaming\iy
2014-09-15 21:44 - 2014-09-15 23:09 - 2155173743 _____ () C:\Users\zenny\Desktop\落魄大厨.BD1280超清中英双字.mp4
2014-09-15 20:37 - 2014-09-15 21:15 - 2132872818 _____ () C:\Users\zenny\Desktop\沉睡魔咒.HD1280超清中英双字.mp4
2014-09-13 14:55 - 2014-09-13 15:31 - 2263291287 _____ () C:\Users\zenny\Desktop\MR边缘.HD1280超清英语中字.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-13 20:14 - 2013-09-24 12:57 - 00000000 ___HD () C:\Users\Public\Fundata
2014-10-13 20:12 - 2009-07-14 12:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 20:12 - 2009-07-14 12:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-13 20:11 - 2013-05-20 11:34 - 02001184 _____ () C:\Windows\WindowsUpdate.log
2014-10-13 20:11 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-10-13 20:07 - 2014-08-24 23:41 - 00481385 _____ () C:\Users\zenny\PanGPA.log
2014-10-13 20:07 - 2014-08-24 22:58 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-13 20:06 - 2013-05-21 12:54 - 00227298 _____ () C:\Windows\PFRO.log
2014-10-13 20:06 - 2013-05-20 14:29 - 00000000 ____D () C:\Program Files (x86)\QvodPlayer
2014-10-13 20:06 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-13 20:06 - 2009-07-14 12:51 - 00061570 _____ () C:\Windows\setupact.log
2014-10-13 00:32 - 2013-05-20 14:13 - 00000000 ____D () C:\Users\zenny\AppData\Roaming\vlc
2014-10-13 00:21 - 2013-11-25 13:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 00:11 - 2013-05-20 14:29 - 00000000 ____D () C:\ProgramData\QvodPlayer
2014-10-13 00:03 - 2014-08-24 22:58 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-12 22:39 - 2013-05-20 14:40 - 00001042 _____ () C:\Users\zenny\AppData\Roaming\coreavc.ini
2014-10-11 14:36 - 2013-08-09 08:21 - 00000000 ____D () C:\mp3
2014-10-11 13:38 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\PLA
2014-10-09 20:52 - 2014-04-21 19:50 - 00000000 ____D () C:\Users\zenny\AppData\Roaming\CloudMedia
2014-10-09 20:36 - 2009-07-14 12:45 - 00000000 ____D () C:\Windows\Setup
2014-10-08 22:50 - 2014-05-19 17:05 - 00000000 ____D () C:\Users\zenny\Desktop\docs
2014-10-07 21:13 - 2013-05-20 14:29 - 00000000 ___HD () C:\Users\Public\Device
2014-10-07 21:01 - 2014-07-15 21:10 - 00000000 ____D () C:\Users\zenny\AppData\Roaming\Funshion
2014-10-07 21:01 - 2014-07-04 22:38 - 00000000 ___HD () C:\Users\Public\FunAcce
2014-10-07 21:01 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Resources
2014-10-07 20:41 - 2013-05-20 11:36 - 00000000 ____D () C:\Users\zenny
2014-10-06 20:24 - 2013-12-24 20:05 - 00000000 ____D () C:\Windows\Minidump
2014-10-05 14:40 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-09-27 17:31 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-26 15:55 - 2013-05-20 14:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 20:21 - 2014-06-18 21:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 19:13 - 2014-08-24 22:58 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-25 18:21 - 2014-09-10 23:21 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-25 18:21 - 2013-11-25 13:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-25 18:21 - 2013-05-20 15:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-25 18:21 - 2013-05-20 15:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\zenny\PanPortalCfg_fd8237ba3c63fd73189dbfe98a3955c.dat


Some content of TEMP:
====================
C:\Users\zenny\AppData\Local\Temp\Mutual.exe
C:\Users\zenny\AppData\Local\Temp\_isB0D7.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-07 22:58

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
Ran by zenny at 2014-10-13 20:15:39
Running from C:\Users\zenny\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BaiduPlayer4.0.1.85 (HKLM-x32\...\BaiduPlayer) (Version: 4.0.1 - Baidu Online Network Technology (Beijing) Co., Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
D-Link DWA-140 (HKLM-x32\...\{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}) (Version:  - D-Link)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
GlobalProtect (HKLM\...\{19C89B1F-E08F-497D-9F03-539ED8730BA4}) (Version: 2.0.2 - Palo Alto Networks)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
ѸÀ×7 (HKLM-x32\...\thunder_is1) (Version:  - ѸÀ×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Ralink Wireless LAN (HKLM-x32\...\{E91E8912-769D-42F0-8408-0E329443BABC}) (Version: 1.00.0000 - RaLink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
光速输入法 2.7 (HKLM-x32\...\光速输入法) (Version: 2.7.1.3126 - 光速输入法)
影音先锋 8.6.0 P2P 云3D版 (HKLM-x32\...\yyxfplayer_is1) (Version:  - 零与壹软件)
时光日历 (HKCU\...\bdcalendar) (Version: 1.1.0.186 - 百度在线网络技术(北京)有限公司)
百度音乐2014 9.0.10.16 (HKLM-x32\...\BaiduMusic) (Version: 9.0.10.16 - 百度)
迅雷看看播放器 (HKLM-x32\...\迅雷软件) (Version: 4.9.12.1930 - 迅雷网络技术有限公司)
迅雷看看高清播放组件 (HKLM-x32\...\迅雷看看高清播放组件) (Version:  - 迅雷网络技术有限公司)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2009-06-11 05:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0BC733EC-2832-437B-A431-73A050CCB409} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {10295ADE-0A2A-4B25-9676-C9C290F838D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.)
Task: {34D413E4-D766-4BDA-B745-27BBC45EF976} - System32\Tasks\Funshion\FSPlatform => C:\Users\zenny\funshion\funshiontools\FSPAP.exe
Task: {3C0270FB-1615-41AF-8714-A3E6F039EC33} - System32\Tasks\ProtectBaiduPlayer => G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\bdyyProtect.exe [2014-09-26] (Baidu Inc.)
Task: {550674DA-B8B2-46EC-98DB-11B67D48B380} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {8164D5A8-FC39-4E74-BDFF-02FF7923793B} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {89A0014E-8DA2-4A56-896D-FF1F278FFE85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-24] (Google Inc.)
Task: {934D2A57-3DF7-4041-A51C-BA15C5627386} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {CBE63109-1989-476A-A426-9AB892308410} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-10-06 20:22 - 2013-12-10 15:53 - 00426824 _____ () C:\Program Files (x86)\Common Files\Baidu\BaiduProtect\1.1.0.34\bdsg0002.dll
2013-08-13 13:57 - 2010-07-13 06:39 - 00053248 _____ () C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe
2014-06-24 15:38 - 2014-06-24 15:38 - 00014256 _____ () C:\ProgramData\QvodPlayer\QvodWebBase\1.0.0.52\QvodWebService.exe
2014-09-26 13:54 - 2014-09-26 13:54 - 00933968 _____ () G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\BaiduPlayer.exe
2013-05-20 13:58 - 2008-02-23 10:10 - 00054272 _____ () C:\Program Files (x86)\RALINK\Common\RalinkRegistryWriter.exe
2014-10-08 20:43 - 2014-10-08 18:10 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2014-10-08 20:43 - 2014-10-08 18:10 - 00092320 _____ () C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll
2014-10-08 20:43 - 2014-09-22 20:13 - 00176976 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
2014-10-08 20:43 - 2014-09-22 20:13 - 00087744 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
2012-11-29 06:13 - 2012-11-29 06:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-29 06:13 - 2012-11-29 06:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-08 20:43 - 2014-10-08 18:09 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2014-09-26 13:58 - 2014-09-26 13:58 - 00374352 _____ () G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\live.dll
2014-09-26 13:59 - 2014-09-26 13:59 - 00581712 _____ () G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\lu.dll
2014-09-26 13:57 - 2014-09-26 13:57 - 01732176 _____ () G:\Program Files (x86)\Baidu\BaiduPlayer\4.0.1.85\BDPlayerEx.dll
2013-08-13 13:58 - 2013-08-13 13:58 - 00315392 _____ () C:\Program Files (x86)\D-Link\DWA-140 revB\ANPDApi.dll
2013-08-13 13:57 - 2010-05-14 02:58 - 00294912 _____ () C:\Program Files (x86)\D-Link\DWA-140 revB\WlanApp.dll
2014-10-07 23:36 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-10-07 23:36 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-10-07 23:36 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-10-07 23:36 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-10-07 23:36 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-12-31 02:59 - 2013-12-31 02:58 - 00021504 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\minizip.dll
2013-12-31 02:59 - 2013-12-31 02:58 - 00684032 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\libexpat.dll
2013-05-20 11:42 - 2012-07-19 03:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-09-25 19:13 - 2014-09-23 12:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 19:13 - 2014-09-23 12:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 19:13 - 2014-09-23 12:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 19:13 - 2014-09-23 12:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 19:13 - 2014-09-23 12:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1862850717-2673517611-151062465-500 - Administrator - Disabled)
Guest (S-1-5-21-1862850717-2673517611-151062465-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1862850717-2673517611-151062465-1002 - Limited - Enabled)
zenny (S-1-5-21-1862850717-2673517611-151062465-1000 - Administrator - Enabled) => C:\Users\zenny

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2014 08:12:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (10/13/2014 08:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (10/13/2014 08:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (10/13/2014 08:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (10/13/2014 08:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (10/13/2014 08:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (10/13/2014 08:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (10/13/2014 08:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (10/13/2014 08:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (10/13/2014 08:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (10/13/2014 00:10:15 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/12/2014 08:50:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (10/12/2014 08:50:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (10/07/2014 11:07:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The XLServicePlatform service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (10/13/2014 08:12:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/13/2014 08:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/13/2014 08:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/13/2014 08:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/13/2014 08:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/13/2014 08:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/13/2014 08:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/13/2014 08:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/13/2014 08:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/13/2014 08:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G2120 @ 3.10GHz
Percentage of memory in use: 47%
Total physical RAM: 4038.47 MB
Available physical RAM: 2102.05 MB
Total Pagefile: 8075.09 MB
Available Pagefile: 5711.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:244.96 GB) (Free:87.06 GB) NTFS
Drive d: () (Fixed) (Total:49.28 GB) (Free:49.16 GB) NTFS
Drive e: () (Fixed) (Total:62.5 GB) (Free:60.85 GB) NTFS
Drive g: () (Fixed) (Total:220.7 GB) (Free:180.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F50F74CB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=245 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 99621D45)
Partition 1: (Active) - (Size=49.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=62.5 GB) - (Type=OF Extended)

==================== End Of Log ============================


  • 0

#4
BrianDrab
Posted 13 October 2014 - 01:26 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi. My name is Brian, and I would be happy to look into your issue.

 

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.
 

- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 

- Finally Before We Start-

 

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

Thank you. I've reviewed the logs and have a fix. Before I can provide it, can you answer the following questions?

 

1. Do you currently use the program called BaiduPlayer ?

2. Do you currently use the program called TTWeather ?

3. Do you currently use the program called QvodPlayer ?

4. Do you currently use the program called YAC(Yet Another Cleaner!) ?

5. Do you have the free version or paid version of Malwarebytes installed?

 

 

 


  • 0

#5
zennyboy1984
Posted 14 October 2014 - 07:06 AM

zennyboy1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hi Brian,

 

1. I am using the baidu player

2. No I am not using TTWeather

3. I have already un-installed QvodPlayer last week

4. I am not actively using the YAC, some website recommended me to download and scan my computer as I was finding solution to remove hao123.com. I have only ran the scan once so far.

5. Yes I have the free version of Malwarebytes installed

 

Rgds,

 

Zen


  • 0

#6
BrianDrab
Posted 14 October 2014 - 02:10 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Step#1 - Create Restore Point
1. Please click your start button, right-click on the Computer menu item and select Properties as show below.

ComputerProperties.JPG

 

2. Click on the Advanced system settings link.

AdvancedSystemSettings.JPG

 

3. Click the System Protection tab and then click the Create button.

 

SystemProperties.JPG

 

4. You will be asked to provide a description. Please type G2G and click Create

 

SystemProtection.JPG

 

5. You will get a message telling you when it's complete. Click Close on the message.

 

 

Step#2 - FRST Fix

No Antivirus Detected
It's critical that you have a reputable antivirus software installed on your machine at all times. One AV is a must have! But never more than one, as this can and will cause conflicts and false readings. I have listed a couple recommended free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves. Before continuing on you need to download and install one to prevent any infections from spreading. I use Microsoft Security Essentials on my home machines but the choice is yours.
 
Microsoft Security Essentials
Avast! (If you decide on this one, please ensure you uncheck the Google Toolbar and Google Chrome that is offered on the first screen of the install...unless you want them for some reason). In addition if you choose Avast!, please ensure that Windows Defender is disabled. Instructions for doing so are here.

 

Let me know what you decide to install and then we can get you all fixed up.


  • 0

#7
zennyboy1984
Posted 15 October 2014 - 06:54 AM

zennyboy1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hi Brian,

 

Do i need to uninstall malwarebytes, YAC and spyboysearch & destroy before installing the antivirus recommended by you.

 

When running the microsoft security essentials installer, it states to uninstall other security programmes, therefore I have not completed the installation yet.

 

Rgds,

 

Zen


Edited by zennyboy1984, 15 October 2014 - 06:55 AM.

  • 0

#8
BrianDrab
Posted 15 October 2014 - 07:46 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

No you should not have to.


  • 0

#9
zennyboy1984
Posted 15 October 2014 - 09:27 AM

zennyboy1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hi Brian,

 

i have installed the microsoft security essentials AV, updated the definition and it autoran a quick scan.

 

Rgds,

 

Zen


  • 0

#10
BrianDrab
Posted 15 October 2014 - 09:40 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Step#1 - Warnings
 

The Dangers of P2P Programs

IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

 

FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers

 

I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

 

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.

 

Please uninstall the following Peer-to-Peer program(s): ѸÀ×7, 迅雷看看播放器, 迅雷看看高清播放组件  <---All three are related to Thunder Player

To uninstall on Windows 7, you can:

  • Click your Start Orb in the lower left corner of your computer and select Control Panel.
  • Select Uninstall a program from the Programs Category.
  • Locate the program(s) in the list and click Uninstall.

 

Spybot Search & Destroy
I see that you have Spybot Search & Destroy. To avoid conflicts with any of our fixes please uninstall this program. Undo your immunization before uninstalling. You can do that by clicking the Undo button with Spybot S&D and then remove from Add/Remove programs. You may re-install the program when your machine is declared clean if you wish although it's not required.
immunize.JPG

 

 

Step#2 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot.

 Ñ¸À×7 (Optional)

迅雷看看播放器 (Optional)

迅雷看看高清播放组件 (Optional)

Spybot - Search & Destroy
YAC(Yet Another Cleaner!)

 

 

Step#3 - FRST Fix (Only do this step if you decided to remove Spybot Search & Destroy)!!!
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   5.79KB   275 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
 
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#4 - JRT
 
Note: Please disable your Antivirus Software before doing Step#1. Info on how to do this is here if you decided on Microsoft Security Essentials and here for Avast.
1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3, The tool will open and start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. After your machine is rebooted, please re-enable your antivirus.
8. Post the contents of JRT.txt into your next message.

 

 Step#5 - FRST Scan
 
1. Right click on FRST64 to run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form (if it's not already) before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. The tool will generate another log (Addition.txt - also located in the same directory as FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 
  
 
Items for your next post
1. FRST Fix Log

2. JRT Log

3. FRST & Addition logs

4. How's your machine doing?


  • 0

Advertisements

#11
zennyboy1984
Posted 16 October 2014 - 07:01 AM

zennyboy1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

hi brian,

 

do i need to uninstall malwarebytes anti malware program as well before doing step 3.

 

Rgds,

 

Zen


  • 0

#12
BrianDrab
Posted 16 October 2014 - 07:20 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

No. Keep that one installed.


  • 0

#13
zennyboy1984
Posted 18 October 2014 - 12:34 AM

zennyboy1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

hi brian,

 

I was doing step 3 as instructed and while the farbar recovery tool was in the process of fixing, an windows explorer error pop up and i click close. The farbar recovery tool seems to have hanged, showing the fixing is in progress message but the status bar is not moving, however i can see a fixlog.txt file on my desktop. I have closed the farbar recovery tool as it had stopped responding.

 

How should i proceed?

 

Zen


Edited by zennyboy1984, 18 October 2014 - 01:11 AM.

  • 0

#14
BrianDrab
Posted 18 October 2014 - 07:17 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Let's start with posting the contents of the fixlog.txt that is on you desktop and then we'll go from there. Thanks.


  • 0

#15
zennyboy1984
Posted 19 October 2014 - 05:37 AM

zennyboy1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

hi brian,

 

the hao123.com homepage hijack is gone from both my firefox and ie explorer. I have not performed step #4 and #5 yet.

 

Here's the fixlog contents:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2014
Ran by zenny at 2014-10-18 14:21:36 Run:1
Running from C:\Users\zenny\Desktop
Loaded Profile: zenny (Available profiles: zenny)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:

HKU\S-1-5-21-1862850717-2673517611-151062465-1000\...\Run: [TTWeather] => "C:\Program Files (x86)\TTWeather\TTWeather.exe" /autorun
HKU\S-1-5-21-1862850717-2673517611-151062465-1000\...\Run: [weatherTips] => "C:\Program Files (x86)\TTWeather\weatherTips.exe" /autorun
C:\Program Files (x86)\TTWeather
HKU\S-1-5-21-1862850717-2673517611-151062465-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TTWeather] => "C:\Program Files (x86)\TTWeather\TTWeather.exe" /autorun
HKU\S-1-5-21-1862850717-2673517611-151062465-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [weatherTips] => "C:\Program Files (x86)\TTWeather\weatherTips.exe" /autorun
ShellIconOverlayIdentifiers: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D298} => C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\Sniper.dll (Funshion)
C:\Users\Public\Fundata
ShellIconOverlayIdentifiers-x32: [DownloadIcon] -> {A8502600-B272-4F68-A67B-A0305D46D297} =>  No File
BHO: ѸÀ×ÏÂÔØÖ§³Ö -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> G:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.17.4698.dll (?????????????)
BHO: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D298} -> C:\ProgramData\QvodPlayer\QvodExtend\5.0.100.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO-x32: No Name -> {A8502600-B272-4F68-A67B-A0305D46D297} ->  No File
BHO-x32: ѸÀ×ÏÂÔØÖ§³Ö×é¼þ -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> G:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll (?????????????)
Task: {34D413E4-D766-4BDA-B745-27BBC45EF976} - System32\Tasks\Funshion\FSPlatform => C:\Users\zenny\funshion\funshiontools\FSPAP.exe
Task: {8164D5A8-FC39-4E74-BDFF-02FF7923793B} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
C:\ProgramData\QvodPlayer\
C:\Program Files (x86)\Elex-tech\
2014-10-08 20:43 - 2014-10-08 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\zenny\funshion\funshiontools\npFunshion.dll No File
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [248488 2014-10-08] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-09-22] (Elex do Brasil Participações Ltda)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
2014-10-08 20:43 - 2014-10-08 20:43 - 00001902 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-10-08 20:43 - 2014-10-08 20:43 - 00000000 ____D () C:\Users\zenny\AppData\Roaming\Elex-tech
2014-10-08 20:43 - 2014-10-08 18:15 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-10-08 20:43 - 2014-09-22 20:13 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2014-10-08 20:42 - 2014-10-08 20:43 - 15578360 _____ (Elex do Brasil Participações Ltda) C:\Users\zenny\Downloads\yet_another_cleaner_sk_42159.exe
2014-10-07 23:07 - 2014-10-07 23:07 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\zenny\Downloads\SpyHunter-Installer.exe
2014-10-07 22:07 - 2014-10-07 22:07 - 00003246 _____ () C:\Windows\System32\Tasks\Trojan Killer
2014-10-07 22:07 - 2014-10-07 22:07 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-10-07 22:03 - 2014-10-07 22:03 - 03026176 _____ (GridinSoft) C:\Users\zenny\Downloads\TrojanKillerInstallerST.exe
2014-10-07 21:01 - 2014-07-15 21:10 - 00000000 ____D () C:\Users\zenny\AppData\Roaming\Funshion
Task: {0BC733EC-2832-437B-A431-73A050CCB409} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {550674DA-B8B2-46EC-98DB-11B67D48B380} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {CBE63109-1989-476A-A426-9AB892308410} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
BootExecute: autocheck autochk * sdnclean64.exe
2014-10-07 23:38 - 2014-10-07 23:38 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-10-07 23:37 - 2014-10-07 23:37 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-07 23:37 - 2014-10-07 23:37 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-07 23:37 - 2014-10-07 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-07 23:36 - 2014-10-08 00:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-07 23:36 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-10-07 23:30 - 2014-10-07 23:32 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\zenny\Downloads\spybot-2.4.exe

EmptyTemp:
*****************

Processes closed successfully.
HKU\S-1-5-21-1862850717-2673517611-151062465-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TTWeather => value deleted successfully.
HKU\S-1-5-21-1862850717-2673517611-151062465-1000\Software\Microsoft\Windows\CurrentVersion\Run\\weatherTips => value deleted successfully.
C:\Program Files (x86)\TTWeather => Moved successfully.
HKU\S-1-5-21-1862850717-2673517611-151062465-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\TTWeather => Value not found.
HKU\S-1-5-21-1862850717-2673517611-151062465-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\weatherTips => Value not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DownloadIcon" => Key deleted successfully.
"HKCR\CLSID\{A8502600-B272-4F68-A67B-A0305D46D298}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\FunOverlay" => Key deleted successfully.
"HKCR\CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}" => Key deleted successfully.
C:\Users\Public\Fundata => Moved successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DownloadIcon" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{A8502600-B272-4F68-A67B-A0305D46D297}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}" => Key deleted successfully.
"HKCR\CLSID\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D298}" => Key deleted successfully.
"HKCR\CLSID\{A8502600-B272-4F68-A67B-A0305D46D298}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8502600-B272-4F68-A67B-A0305D46D297}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{A8502600-B272-4F68-A67B-A0305D46D297}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE05CF4A-7B0A-4775-B5E5-396244938679}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DE05CF4A-7B0A-4775-B5E5-396244938679}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{34D413E4-D766-4BDA-B745-27BBC45EF976}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34D413E4-D766-4BDA-B745-27BBC45EF976}" => Key deleted successfully.
C:\Windows\System32\Tasks\Funshion\FSPlatform => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funshion\FSPlatform" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8164D5A8-FC39-4E74-BDFF-02FF7923793B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8164D5A8-FC39-4E74-BDFF-02FF7923793B}" => Key deleted successfully.
C:\Windows\System32\Tasks\Trojan Killer => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Trojan Killer" => Key deleted successfully.
C:\ProgramData\QvodPlayer => Moved successfully.
"C:\Program Files (x86)\Elex-tech" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC" => File/Directory not found.
"HKCR\PROTOCOLS\Filter\text/xml" => Key deleted successfully.
"HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}" => Key not found.
"HKLM\Software\MozillaPlugins\@qvod.com/QvodShare" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@funshion.com/npFunshion" => Key deleted successfully.
iSafeKrnl => Service not found.
iSafeKrnlBoot => Service not found.
iSafeKrnlKit => Service not found.
iSafeKrnlR3 => Service not found.
iSafeNetFilter => Service not found.
gdrv => Service deleted successfully.
"C:\Users\Public\Desktop\YAC.lnk" => File/Directory not found.
"C:\Users\zenny\AppData\Roaming\Elex-tech" => File/Directory not found.
"C:\Windows\system32\Drivers\iSafeKrnlBoot.sys" => File/Directory not found.
"C:\Windows\system32\Drivers\iSafeNetFilter.sys" => File/Directory not found.
C:\Users\zenny\Downloads\yet_another_cleaner_sk_42159.exe => Moved successfully.
C:\Users\zenny\Downloads\SpyHunter-Installer.exe => Moved successfully.
"C:\Windows\System32\Tasks\Trojan Killer" => File/Directory not found.
C:\ProgramData\GridinSoft => Moved successfully.
C:\Users\zenny\Downloads\TrojanKillerInstallerST.exe => Moved successfully.
C:\Users\zenny\AppData\Roaming\Funshion => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BC733EC-2832-437B-A431-73A050CCB409}" => Key not found.
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{550674DA-B8B2-46EC-98DB-11B67D48B380}" => Key not found.
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBE63109-1989-476A-A426-9AB892308410}" => Key not found.
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" => Key not found.
C:\Program Files (x86)\Spybot - Search & Destroy 2 => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SDTray => Value not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key not found.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
C:\Windows\System32\Tasks\Safer-Networking => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk" => File/Directory not found.
"C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk" => File/Directory not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2" => File/Directory not found.
C:\ProgramData\Spybot - Search & Destroy => Moved successfully.
"C:\Windows\system32\sdnclean64.exe" => File/Directory not found.
C:\Users\zenny\Downloads\spybot-2.4.exe => Moved successfully.
 


Edited by zennyboy1984, 19 October 2014 - 05:39 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP