Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE,Firefox&Chrome browsers hijacked by hao123.com [Solved]


  • This topic is locked This topic is locked

#1
jrjayz

jrjayz

    New Member

  • Member
  • Pip
  • 6 posts

OTL logfile created on: 11/9/2014 3:15:10 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.60 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 40.66% Memory free
3.20 Gb Paging File | 2.04 Gb Available in Paging File | 63.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 318.57 Gb Free Space | 68.41% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 71.66 Mb Free Space | 71.67% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/09 12:25:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2014/11/06 19:09:04 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/10/23 23:21:34 | 004,825,880 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2014/10/01 14:40:28 | 001,349,576 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2014/10/01 14:40:14 | 005,088,456 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/10/01 11:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2012/08/06 12:07:30 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2012/04/23 18:06:04 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/04/23 18:05:34 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/06 19:09:28 | 003,649,648 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- E:\HitmanPro.exe /crusader:boot -- (HitmanPro37CrusaderBoot)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe -- (BDKVRTP)
SRV - [2014/11/09 13:00:44 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/06 19:09:21 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/10/01 14:40:28 | 001,349,576 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/07/12 14:51:08 | 000,174,024 | ---- | M] (ShenZhen Xunlei Networking Technologies,LTD) [Auto | Running] -- C:\Program Files\Common Files\Thunder Network\ServicePlatform\XLSP.dll -- (XLServicePlatform)
SRV - [2014/04/23 18:04:58 | 001,425,864 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\tdservicedelegate.dll -- (ThunderSecurityDoctor)
SRV - [2012/08/06 12:07:30 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012/04/23 18:05:34 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/10/23 11:52:36 | 000,635,416 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\xiongchumopg\bin\xcm3dklehvita89ad.sys -- (xcmvidamlpqgda8dk)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\BDAntiExp.sys -- (BDAntiExp)
DRV - File not found [File_System | System | Stopped] -- system32\DRIVERS\bd0003.sys -- (bd0003)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\bd0002.sys -- (bd0002)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\bd0001.sys -- (bd0001)
DRV - [2014/11/09 15:10:14 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/10/01 11:11:24 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/10/01 11:11:10 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/09/29 23:13:53 | 000,063,304 | ---- | M] (Baidu) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\BDSafeBrowser.sys -- (BDSafeBrowser)
DRV - [2014/09/25 16:13:00 | 000,125,256 | ---- | M] (Baidu) [Kernel | System | Running] -- C:\Windows\System32\drivers\BDMWrench.sys -- (BDMWrench)
DRV - [2014/09/18 12:38:22 | 000,123,424 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2014/08/18 10:28:32 | 000,191,928 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2014/08/18 10:28:32 | 000,135,296 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012/04/23 18:35:26 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/04/23 17:03:48 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/02/23 20:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012/01/30 14:03:38 | 000,195,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV - [2011/12/14 01:44:18 | 000,044,160 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2011/12/13 04:52:42 | 000,034,944 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV - [2011/12/13 04:52:40 | 000,070,784 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.hao123.com/?tn=99327113_hao_pg
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF - HKLM\Software\MozillaPlugins\@baidu.com/npBdyyPlugin: C:\Program Files\baidu\BaiduPlayer\4.0.1.85\npbdyy.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@kingsfot.com/npkws: C:\Program Files\kingsoft\kingsoft antivirus\npkws.dll File not found
FF - HKLM\Software\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1:  File not found
FF - HKLM\Software\MozillaPlugins\@rising.com.cn/nprising:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@wandoujia.com: C:\Program Files\WandouLabs\npWandoujiaHelper.dll File not found
FF - HKLM\Software\MozillaPlugins\@xunlei.com/DapCtrl: C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(635).dll File not found
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxunlei;version=1.0.0.2: C:\Program Files\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll File not found
FF - HKCU\Software\MozillaPlugins\@rising.com.cn/nprising:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/09/27 10:46:45 | 000,000,000 | ---D | M]
 
[2014/11/09 06:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2014/11/09 10:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\coppgtq3.default\extensions
[2014/11/09 11:31:17 | 000,000,609 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\coppgtq3.default\searchplugins\Google.xml
[2014/11/09 10:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/11/09 15:07:52 | 000,000,035 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O9 - Extra 'Tools' menuitem : 启动迅雷看看播放器 - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolMenu.htm ()
O9 - Extra Button: 启动迅雷看看播放器 - {24c1d00e-0b92-4379-880b-444fa2d740dd} - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEToolBar.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B852182-989B-4588-84A4-1D92585A057F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8738BAB7-0063-44CF-BB07-A030719C41DD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/09 14:27:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/11/09 13:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2014/11/09 12:57:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe
[2014/11/09 12:42:49 | 000,000,000 | ---D | C] -- C:\FRST
[2014/11/09 12:40:25 | 001,107,968 | ---- | C] (Farbar) -- C:\Users\user\Desktop\FRST.exe
[2014/11/09 12:29:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\DataRepair
[2014/11/09 12:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/11/09 12:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/11/09 07:22:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/11/09 06:58:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/09 06:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/11/09 06:29:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Mozilla
[2014/11/09 06:29:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Mozilla
[2014/11/09 06:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/11/09 06:07:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\VS Revo Group
[2014/11/09 06:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2014/11/09 06:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2014/11/09 06:07:11 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2014/11/09 06:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/11/09 06:05:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Google
[2014/11/08 22:58:16 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/11/07 18:30:35 | 000,125,256 | ---- | C] (Baidu) -- C:\Windows\System32\drivers\BDMWrench.sys
[2014/11/06 00:02:00 | 000,000,000 | ---D | C] -- C:\ShedtDownLoad
[2014/11/04 13:23:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\TaoTaoSou
[2014/11/03 20:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\diignoahjmtijp
[2014/11/02 11:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\pptassist
[2014/11/02 11:19:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\PPTAssist
[2014/10/28 23:54:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\ESET
[2014/10/28 23:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2014/10/28 23:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2014/10/28 23:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/10/28 21:52:39 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/10/28 21:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/28 21:51:57 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/10/28 21:51:57 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/10/28 21:51:57 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/10/28 21:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/10/28 21:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/10/28 21:29:50 | 000,231,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/10/28 21:22:21 | 000,045,128 | ---- | C] (Baidu) -- C:\Windows\System32\drivers\BDEnhanceBoost.sys
[2014/10/28 21:08:14 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthservs.dll
[2014/10/28 20:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/10/28 20:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/10/28 19:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\KRSHistory
[2014/10/28 19:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\KSafeCommon
[2014/10/28 18:53:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Kingsoft
[2014/10/28 08:48:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\MediaViewer
[2014/10/27 08:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SQ PlatForm
[2014/10/27 08:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\XXM Software
[2014/10/27 08:55:00 | 000,040,568 | ---- | C] (Tan Lin) -- C:\Windows\System32\diactks.dll
[2014/10/27 08:52:58 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Universal
[2014/10/27 08:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\JisuInput
[2014/10/25 11:06:50 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Lxedt365
[2014/10/21 18:34:54 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Livedt365
[2014/10/21 18:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Icons
[2014/10/15 19:37:51 | 000,000,000 | ---D | C] -- C:\Users\user\.android
[2014/10/14 21:58:40 | 000,091,928 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\vpatch.dll
[2014/10/14 21:58:32 | 000,000,000 | R--D | C] -- C:\RavBin
[2014/10/14 19:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Rising
[2014/10/12 14:26:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\bfcloud
[2014/10/12 14:26:11 | 000,000,000 | --SD | C] -- C:\CloudCache
[2014/10/11 10:10:19 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\刲緒荌秞
[2014/10/11 10:10:13 | 000,000,000 | -H-D | C] -- C:\sohucache
[2014/10/10 16:57:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\anote
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/09 15:16:37 | 000,019,488 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/09 15:16:37 | 000,019,488 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/09 15:11:04 | 000,000,170 | ---- | M] () -- C:\Users\Public\Desktop\9輸9婦蚘.url
[2014/11/09 15:11:00 | 000,001,491 | ---- | M] () -- C:\Windows\r.lnk
[2014/11/09 15:10:14 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/11/09 15:09:43 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/09 15:08:58 | 1290,035,200 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/09 15:07:52 | 000,000,035 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/11/09 14:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/09 14:35:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/09 13:00:44 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/11/09 13:00:44 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/11/09 12:40:35 | 001,107,968 | ---- | M] (Farbar) -- C:\Users\user\Desktop\FRST.exe
[2014/11/09 11:49:52 | 000,000,574 | ---- | M] () -- C:\Windows\System32\.crusader
[2014/11/09 11:13:10 | 000,001,471 | ---- | M] () -- C:\Users\user\Desktop\IE.lnk
[2014/11/09 10:41:12 | 000,001,996 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\wnternet Lxplorei.lnk
[2014/11/09 10:41:11 | 000,001,996 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\I6ternUt ErplorHr.lnk
[2014/11/09 10:41:11 | 000,001,996 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\HnterneE 4xploreS.lnk
[2014/11/09 10:41:11 | 000,001,946 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\hao123.lnk
[2014/11/09 07:04:57 | 000,002,229 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/09 07:04:27 | 000,412,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/11/09 06:42:00 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/09 06:29:33 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/11/09 06:12:51 | 000,001,085 | ---- | M] () -- C:\Users\user\Desktop\Documents.lnk
[2014/11/09 06:07:15 | 000,001,258 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014/11/09 05:59:54 | 000,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/11/09 05:59:54 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/11/08 20:33:06 | 000,000,035 | ---- | M] () -- C:\Users\user\AppData\Roaming\CoreAVC.ini
[2014/11/02 11:18:16 | 000,070,712 | ---- | M] () -- C:\Windows\System32\drivers\vparam.bin
[2014/11/01 14:00:16 | 000,000,305 | ---- | M] () -- C:\Windows\System32\bdsecushr.dat
[2014/10/28 23:49:37 | 000,000,264 | ---- | M] () -- C:\Users\user\AppData\Roaming\SogouPinyin.local
[2014/10/28 20:02:51 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/10/28 15:31:28 | 003,921,920 | ---- | M] () -- C:\Windows\System32\ksime.ime
[2014/10/14 21:47:34 | 000,091,928 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Windows\System32\vpatch.dll
[2014/10/13 19:22:00 | 000,040,568 | ---- | M] (Tan Lin) -- C:\Windows\System32\diactks.dll
 
========== Files Created - No Company Name ==========
 
[2014/11/09 13:59:25 | 000,000,170 | ---- | C] () -- C:\Users\Public\Desktop\9輸9婦蚘.url
[2014/11/09 11:13:10 | 000,001,471 | ---- | C] () -- C:\Users\user\Desktop\IE.lnk
[2014/11/09 09:50:17 | 000,000,574 | ---- | C] () -- C:\Windows\System32\.crusader
[2014/11/09 06:42:00 | 000,002,229 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/09 06:42:00 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/09 06:30:38 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/09 06:30:37 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/09 06:29:33 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/11/09 06:29:32 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/11/09 06:07:15 | 000,001,258 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2014/11/08 17:01:48 | 000,000,035 | ---- | C] () -- C:\Users\user\AppData\Roaming\CoreAVC.ini
[2014/11/07 18:18:56 | 000,001,491 | ---- | C] () -- C:\Windows\r.lnk
[2014/11/02 11:18:16 | 000,070,712 | ---- | C] () -- C:\Windows\System32\drivers\vparam.bin
[2014/10/29 00:12:59 | 000,000,305 | ---- | C] () -- C:\Windows\System32\bdsecushr.dat
[2014/10/28 20:02:51 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/10/28 15:31:28 | 003,921,920 | ---- | C] () -- C:\Windows\System32\ksime.ime
[2014/10/28 08:48:16 | 000,000,264 | ---- | C] () -- C:\Users\user\AppData\Roaming\SogouPinyin.local
[2014/10/27 08:39:19 | 000,001,946 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\hao123.lnk
[2014/10/16 19:36:44 | 000,001,996 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\HnterneE 4xploreS.lnk
[2014/10/11 09:18:08 | 000,001,996 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\I6ternUt ErplorHr.lnk
[2014/10/11 09:18:07 | 000,001,996 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\wnternet Lxplorei.lnk
[2014/07/12 14:52:47 | 000,000,020 | ---- | C] () -- C:\Windows\System32\pub_store.dat
[2014/06/05 18:59:04 | 000,276,384 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2014/06/05 18:59:04 | 000,113,568 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2014/05/29 10:12:18 | 000,000,021 | ---- | C] () -- C:\Windows\KwYlx.dat
[2013/11/04 19:20:47 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/11/04 19:20:47 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/11/04 19:20:47 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013/11/04 19:20:46 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2013/11/04 19:20:42 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013/11/04 10:55:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/11/04 10:46:37 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2014/11/08 20:27:04 | 000,000,000 | ---D | M](C:\迅雷下?) -- C:\迅雷下载
[2014/10/13 12:39:32 | 000,000,000 | ---D | M](C:\美???) -- C:\美图图库
[2014/10/13 12:39:32 | 000,000,000 | ---D | C](C:\美???) -- C:\美图图库
[2014/09/28 16:15:20 | 000,000,000 | ---D | C](C:\迅雷下?) -- C:\迅雷下载
[2014/07/06 21:21:33 | 000,001,057 | ---- | M] ()(C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\美?秀秀.lnk) -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\美图秀秀.lnk
[2014/07/06 21:21:33 | 000,001,057 | ---- | C] ()(C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\美?秀秀.lnk) -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\美图秀秀.lnk
[2014/07/06 21:21:33 | 000,001,033 | ---- | M] ()(C:\Users\Public\Desktop\美?秀秀.lnk) -- C:\Users\Public\Desktop\美图秀秀.lnk
[2014/07/06 21:21:33 | 000,001,033 | ---- | C] ()(C:\Users\Public\Desktop\美?秀秀.lnk) -- C:\Users\Public\Desktop\美图秀秀.lnk
[2013/11/04 19:19:51 | 000,000,941 | ---- | M] ()(C:\Users\Public\Desktop\音?.lnk) -- C:\Users\Public\Desktop\音乐.lnk
[2013/11/04 19:19:51 | 000,000,941 | ---- | C] ()(C:\Users\Public\Desktop\音?.lnk) -- C:\Users\Public\Desktop\音乐.lnk
(C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\美?) -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\美图
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷?件) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\美?) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\美图

< End of report >
 


  • 0

Advertisements


#2
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

Hello, jrjayz. Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:

  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.

Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

Let's get started :)

 
I'd like to have another look at the system.

I can see that you have FRST.exe on your desktop. Please, use it to do the following:

FRST Scan

  • Right click FRST.exe on your Desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.

 
Things that should appear in your next post:

  • FRST.txt log content
  • Addition.txt log content

  • 0

#3
jrjayz

jrjayz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

I have readed everything above and i dun mind in training or not :spoton: *Here's the txt u requested.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-11-2014 01
Ran by user (administrator) on USER-PC on 09-11-2014 17:22:44
Running from C:\Users\user\Desktop
Loaded Profile: user (Available profiles: user)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(OldTimer Tools) C:\Users\user\Downloads\OTL.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-02-27] (Nero AG)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2014-10-01] (ESET)
HKU\S-1-5-21-1063732510-2684093475-4160272198-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-1063732510-2684093475-4160272198-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.hao123.com/?tn=99327113_hao_pg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\coppgtq3.default
FF NewTab: hxxp://www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @baidu.com/npBdyyPlugin -> C:\Program Files\baidu\BaiduPlayer\4.0.1.85\npbdyy.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin: @kingsfot.com/npkws -> C:\Program Files\kingsoft\kingsoft antivirus\npkws.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin: @wandoujia.com -> C:\Program Files\WandouLabs\npWandoujiaHelper.dll No File
FF Plugin: @xunlei.com/DapCtrl -> C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(635).dll No File
FF Plugin: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll No File

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-09]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-09]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-09]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-09]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-09]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-09]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-09]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2014-10-01] (ESET)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S4 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
S4 ThunderSecurityDoctor; C:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\tdservicedelegate.dll [1425864 2014-04-23] ()
R2 XLServicePlatform; C:\Program Files\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174024 2014-07-12] (ShenZhen Xunlei Networking Technologies,LTD)
S2 BDKVRTP; "C:\Program Files\Baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe" -r [X]
S2 HitmanPro37CrusaderBoot; "E:\HitmanPro.exe" /crusader:boot [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 Acceler; C:\Windows\System32\drivers\Acceler.sys [18632 2014-11-02] (Disk Editor.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70784 2011-12-13] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34944 2011-12-13] (Advanced Micro Devices)
R1 BDMWrench; C:\Windows\System32\DRIVERS\BDMWrench.sys [125256 2014-09-25] (Baidu)
S2 BDSafeBrowser; C:\Windows\system32\drivers\BDSafeBrowser.sys [63304 2014-09-29] (Baidu)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [191928 2014-08-18] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135296 2014-08-18] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123424 2014-09-18] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [195176 2012-01-30] (Realtek Semiconductor Corp.)
S1 bd0001; system32\DRIVERS\bd0001.sys [X]
S1 bd0002; system32\DRIVERS\bd0002.sys [X]
S1 bd0003; system32\DRIVERS\bd0003.sys [X]
S1 BDAntiExp; system32\DRIVERS\BDAntiExp.sys [X]
S1 xcmvidamlpqgda8dk; \??\C:\Program Files\xiongchumopg\bin\xcm3dklehvita89ad.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 17:22 - 2014-11-09 17:23 - 00009312 _____ () C:\Users\user\Desktop\FRST.txt
2014-11-09 14:27 - 2014-11-09 14:27 - 00000000 ____D () C:\_OTL
2014-11-09 13:59 - 2014-11-09 15:11 - 00000170 _____ () C:\Users\Public\Desktop\9輸9婦蚘.url
2014-11-09 13:41 - 2014-11-09 13:42 - 00000228 _____ () C:\Users\user\Downloads\Search.txt
2014-11-09 13:28 - 2014-11-09 13:28 - 00047260 _____ () C:\Users\user\Downloads\Shortcut.txt
2014-11-09 13:27 - 2014-11-09 13:28 - 00025756 _____ () C:\Users\user\Downloads\Addition.txt
2014-11-09 13:26 - 2014-11-09 13:28 - 00028254 _____ () C:\Users\user\Downloads\FRST.txt
2014-11-09 13:00 - 2014-11-09 13:42 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-11-09 12:57 - 2014-11-09 13:01 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-11-09 12:42 - 2014-11-09 17:22 - 00000000 ____D () C:\FRST
2014-11-09 12:40 - 2014-11-09 12:40 - 01107968 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-11-09 12:35 - 2014-11-09 15:24 - 00066144 _____ () C:\Users\user\Downloads\OTL.Txt
2014-11-09 12:29 - 2014-11-09 12:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\DataRepair
2014-11-09 12:25 - 2014-11-09 12:25 - 00602112 _____ (OldTimer Tools) C:\Users\user\Downloads\OTL.exe
2014-11-09 12:20 - 2014-11-09 12:20 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu.exe
2014-11-09 12:19 - 2014-11-09 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-11-09 12:19 - 2014-11-09 12:19 - 00000000 ____D () C:\Program Files\7-Zip
2014-11-09 12:18 - 2014-11-09 12:18 - 01138397 _____ () C:\Users\user\Downloads\7z922.exe
2014-11-09 12:16 - 2014-11-09 12:16 - 01110476 _____ () C:\Users\user\Downloads\7z920.exe
2014-11-09 11:28 - 2014-11-09 11:29 - 02145792 _____ () C:\Users\user\Downloads\adwcleaner_4.100.exe
2014-11-09 11:20 - 2014-11-09 15:21 - 00005290 _____ () C:\Windows\WindowsUpdate.log
2014-11-09 11:15 - 2014-11-09 15:09 - 00000504 _____ () C:\Windows\setupact.log
2014-11-09 11:15 - 2014-11-09 11:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-09 11:13 - 2014-11-09 11:13 - 00001471 _____ () C:\Users\user\Desktop\IE.lnk
2014-11-09 11:09 - 2014-11-09 14:10 - 00004082 _____ () C:\Windows\PFRO.log
2014-11-09 10:31 - 2014-11-09 10:37 - 17417312 _____ (Elex do Brasil Participações Ltda) C:\Users\user\Downloads\yet_another_cleaner_sk_1522290.exe
2014-11-09 09:50 - 2014-11-09 11:49 - 00000574 _____ () C:\Windows\system32\.crusader
2014-11-09 07:22 - 2014-11-09 07:22 - 00000000 ____D () C:\Windows\ERUNT
2014-11-09 06:58 - 2014-11-09 11:37 - 00000000 ____D () C:\AdwCleaner
2014-11-09 06:42 - 2014-11-09 06:42 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-09 06:42 - 2014-11-09 06:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-09 06:30 - 2014-11-09 16:35 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-09 06:30 - 2014-11-09 15:09 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-09 06:29 - 2014-11-09 06:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2014-11-09 06:29 - 2014-11-09 06:30 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2014-11-09 06:29 - 2014-11-09 06:29 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-09 06:29 - 2014-11-09 06:29 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-09 06:29 - 2014-11-09 06:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-09 06:07 - 2014-11-09 06:07 - 00000000 ____D () C:\Users\user\AppData\Local\VS Revo Group
2014-11-09 06:07 - 2014-11-09 06:07 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-11-09 06:07 - 2014-11-09 06:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-11-09 06:07 - 2014-11-09 06:07 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-11-09 06:07 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-11-09 06:05 - 2014-11-09 06:05 - 00000000 ____D () C:\Users\user\AppData\Roaming\Google
2014-11-08 22:58 - 2014-11-08 22:58 - 00000000 ____D () C:\Windows\pss
2014-11-08 17:01 - 2014-11-08 20:33 - 00000035 _____ () C:\Users\user\AppData\Roaming\CoreAVC.ini
2014-11-08 16:00 - 2014-11-08 16:00 - 00018104 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(57).torrent
2014-11-08 15:58 - 2014-11-08 15:58 - 00017576 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(56).torrent
2014-11-08 15:57 - 2014-11-08 15:57 - 00017596 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(55).torrent
2014-11-07 18:30 - 2014-09-25 16:13 - 00125256 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench.sys
2014-11-07 18:18 - 2014-11-09 15:11 - 00001491 _____ () C:\Windows\r.lnk
2014-11-06 00:27 - 2014-11-06 00:27 - 00066256 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(54).torrent
2014-11-06 00:02 - 2014-11-06 00:02 - 00000000 ____D () C:\ShedtDownLoad
2014-11-04 13:23 - 2014-11-04 13:26 - 00000000 ____D () C:\Users\user\AppData\Local\TaoTaoSou
2014-11-03 20:56 - 2014-11-03 20:56 - 00000000 ____D () C:\Program Files\diignoahjmtijp
2014-11-02 17:00 - 2014-11-02 17:00 - 00068654 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(53).torrent
2014-11-02 16:56 - 2014-11-02 16:56 - 00017466 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(51).torrent
2014-11-02 16:56 - 2014-11-02 16:56 - 00017444 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(52).torrent
2014-11-02 11:28 - 2014-11-02 11:28 - 00000000 ____D () C:\ProgramData\pptassist
2014-11-02 11:19 - 2014-11-05 23:47 - 00000000 ____D () C:\Users\user\AppData\Local\PPTAssist
2014-11-02 11:18 - 2014-11-02 11:18 - 00070712 _____ () C:\Windows\system32\Drivers\vparam.bin
2014-11-02 11:18 - 2014-11-02 11:18 - 00018632 _____ (Disk Editor.) C:\Windows\system32\Drivers\Acceler.sys
2014-10-29 19:03 - 2014-10-29 19:03 - 00029254 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(49).torrent
2014-10-29 19:03 - 2014-10-29 19:03 - 00029056 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(50).torrent
2014-10-29 19:02 - 2014-10-29 19:02 - 00017956 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(48).torrent
2014-10-29 00:12 - 2014-11-01 14:00 - 00000305 _____ () C:\Windows\system32\bdsecushr.dat
2014-10-28 23:54 - 2014-10-28 23:54 - 00000000 ____D () C:\Users\user\AppData\Local\ESET
2014-10-28 23:23 - 2014-11-09 13:41 - 00000000 ____D () C:\Program Files\ESET
2014-10-28 23:23 - 2014-10-28 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-10-28 23:23 - 2014-10-28 23:23 - 00000000 ____D () C:\ProgramData\ESET
2014-10-28 21:52 - 2014-11-09 15:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-28 21:52 - 2014-10-28 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-28 21:51 - 2014-10-28 21:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-28 21:51 - 2014-10-28 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-28 21:51 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-28 21:51 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-28 21:51 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-28 21:36 - 2014-10-28 21:43 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-28 21:29 - 2014-10-02 15:53 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 21:22 - 2014-06-19 11:40 - 00045128 _____ (Baidu) C:\Windows\system32\Drivers\BDEnhanceBoost.sys
2014-10-28 21:21 - 2014-10-28 21:22 - 00029254 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(47).torrent
2014-10-28 21:18 - 2014-10-28 21:18 - 00017956 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(46).torrent
2014-10-28 21:08 - 2014-02-08 15:34 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\bthservs.dll
2014-10-28 20:02 - 2014-10-28 20:02 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-28 20:02 - 2014-10-28 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-28 20:02 - 2014-10-28 20:02 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-28 19:59 - 2014-10-28 20:00 - 04974864 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup419.exe
2014-10-28 19:09 - 2014-10-28 19:09 - 00000000 ____D () C:\ProgramData\KSafeCommon
2014-10-28 18:55 - 2014-11-09 06:28 - 00110256 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-10-28 18:53 - 2014-11-05 23:40 - 00000000 ____D () C:\ProgramData\Kingsoft
2014-10-28 15:31 - 2014-10-28 15:31 - 03921920 _____ () C:\Windows\system32\ksime.ime
2014-10-28 08:48 - 2014-10-29 18:18 - 00000000 ____D () C:\Users\user\AppData\Roaming\MediaViewer
2014-10-28 08:48 - 2014-10-28 23:49 - 00000264 _____ () C:\Users\user\AppData\Roaming\SogouPinyin.local
2014-10-27 08:59 - 2014-10-27 22:20 - 00000000 ____D () C:\ProgramData\SQ PlatForm
2014-10-27 08:57 - 2014-10-27 08:57 - 00000000 ____D () C:\ProgramData\XXM Software
2014-10-27 08:55 - 2014-10-13 19:22 - 00040568 _____ (Tan Lin) C:\Windows\system32\diactks.dll
2014-10-27 08:52 - 2014-10-28 09:07 - 00000000 ____D () C:\Users\user\Documents\Universal
2014-10-27 08:43 - 2014-11-05 22:34 - 00000000 ____D () C:\ProgramData\JisuInput
2014-10-25 11:06 - 2014-10-25 11:06 - 00000000 ____D () C:\Users\user\Documents\Lxedt365
2014-10-21 20:32 - 2014-10-21 20:32 - 00068016 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(45).torrent
2014-10-21 18:48 - 2014-10-21 18:49 - 00066864 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(44).torrent
2014-10-21 18:34 - 2014-10-21 18:34 - 00000000 ____D () C:\Users\user\Documents\Livedt365
2014-10-21 18:33 - 2014-10-28 19:48 - 00000000 ____D () C:\ProgramData\Icons
2014-10-18 18:02 - 2014-10-18 18:03 - 01202032 _____ (Unity Technologies ApS) C:\Users\user\Downloads\UnityWebPlayer.exe
2014-10-17 21:53 - 2014-10-17 21:53 - 00067932 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(43).torrent
2014-10-17 21:50 - 2014-10-17 21:50 - 00017364 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(42).torrent
2014-10-17 20:46 - 2014-10-17 20:46 - 00192803 _____ () C:\Users\user\Downloads\▽場壅▼溫扻樑賸.rar
2014-10-17 20:37 - 2014-10-17 20:38 - 00192696 _____ () C:\Users\user\Downloads\▽場壅▼溫扻樑賸.ssf
2014-10-17 20:28 - 2014-10-17 20:28 - 00102776 _____ () C:\Users\user\Downloads\▽劓霾▼MOLANG﹞俙撿.ssf
2014-10-17 20:19 - 2014-10-17 20:20 - 00342632 _____ () C:\Users\user\Downloads\▽場壅▼疑庤狟敁脰.ssf
2014-10-16 20:24 - 2014-10-16 20:24 - 00029118 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(41).torrent
2014-10-16 20:23 - 2014-10-16 20:23 - 00029316 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(40).torrent
2014-10-16 20:23 - 2014-10-16 20:23 - 00017506 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(39).torrent
2014-10-15 20:34 - 2014-10-15 20:50 - 03883832 _____ (staSoft2) C:\Users\user\Downloads\setup_2948-172862(2).exe
2014-10-15 20:34 - 2014-10-15 20:48 - 03883832 _____ (staSoft2) C:\Users\user\Downloads\setup_2948-172862.exe
2014-10-15 19:37 - 2014-10-15 19:37 - 00000000 ____D () C:\Users\user\.android
2014-10-14 21:58 - 2014-10-16 20:17 - 00000000 ___RD () C:\RavBin
2014-10-14 21:58 - 2014-10-14 21:47 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\vpatch.dll
2014-10-14 19:33 - 2014-10-14 19:37 - 00000000 ____D () C:\ProgramData\Rising
2014-10-13 13:01 - 2014-10-13 13:02 - 00515392 _____ () C:\Users\user\Downloads\狗皮.rar
2014-10-13 12:39 - 2014-10-13 12:39 - 00000000 ____D () C:\美图图库
2014-10-12 14:26 - 2014-10-12 14:26 - 00000000 ___SD () C:\CloudCache
2014-10-12 14:26 - 2014-10-12 14:26 - 00000000 ____D () C:\Users\user\AppData\Local\bfcloud
2014-10-11 10:10 - 2014-10-11 10:11 - 00000000 ___HD () C:\sohucache
2014-10-11 10:10 - 2014-10-11 10:10 - 00000000 ____D () C:\Users\user\Documents\刲緒荌秞
2014-10-10 21:40 - 2014-10-10 21:40 - 00017164 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(38).torrent
2014-10-10 16:57 - 2014-10-11 09:22 - 00000000 ____D () C:\Users\user\AppData\Roaming\anote
2014-10-10 16:04 - 2014-10-10 16:06 - 03883832 _____ (staSoft2) C:\Users\user\Downloads\setup_2948-172862(1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 16:40 - 2014-07-06 11:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-09 15:16 - 2009-07-14 12:34 - 00019488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-09 15:16 - 2009-07-14 12:34 - 00019488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-09 15:09 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-09 15:07 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public
2014-11-09 13:13 - 2014-10-04 08:21 - 00000000 ___HD () C:\Users\Public\Fundata
2014-11-09 13:00 - 2013-11-04 19:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-09 13:00 - 2013-11-04 19:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-09 11:30 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\tracing
2014-11-09 11:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-09 11:13 - 2013-11-05 02:22 - 00000000 ____D () C:\Windows\Panther
2014-11-09 10:47 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-11-09 07:04 - 2014-07-12 14:50 - 00000000 ____D () C:\ProgramData\Thunder Network
2014-11-09 07:04 - 2009-07-14 12:33 - 00412352 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-09 06:42 - 2014-07-12 13:37 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2014-11-09 06:40 - 2014-07-12 13:37 - 00000000 ____D () C:\Program Files\Google
2014-11-09 06:29 - 2014-09-27 10:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-09 06:12 - 2013-11-29 16:47 - 00001085 _____ () C:\Users\user\Desktop\Documents.lnk
2014-11-09 06:11 - 2014-10-01 19:49 - 00000000 ____D () C:\ProgramData\Google
2014-11-09 05:59 - 2013-11-04 10:38 - 00717892 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 23:30 - 2013-11-06 15:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\Media Player Classic
2014-11-08 23:22 - 2014-10-05 14:33 - 00000000 ___SD () C:\kankan
2014-11-08 23:05 - 2013-11-17 18:13 - 00000000 ____D () C:\Windows\Minidump
2014-11-08 20:27 - 2014-09-28 16:15 - 00000000 ____D () C:\迅雷下载
2014-11-08 19:00 - 2013-11-13 19:19 - 00000000 ____D () C:\連續集
2014-11-08 18:52 - 2014-07-05 19:58 - 00000000 ____D () C:\Media
2014-11-08 17:30 - 2014-09-02 12:05 - 00000000 ____D () C:\2014投稿件
2014-11-08 17:30 - 2014-05-31 18:59 - 00000000 ____D () C:\song
2014-11-08 17:05 - 2014-09-26 20:35 - 00000000 ____D () C:\KwDownload
2014-11-08 15:43 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Globalization
2014-11-07 23:28 - 2009-07-14 12:53 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-05 22:35 - 2014-09-26 20:35 - 00000000 ____D () C:\Program Files\kuwo
2014-10-28 22:28 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help
2014-10-28 20:41 - 2013-11-04 19:25 - 00000000 ____D () C:\Program Files\Avira
2014-10-17 20:24 - 2014-07-06 20:35 - 00000000 ____D () C:\Users\user\Downloads\New folder
2014-10-12 19:17 - 2013-11-06 15:25 - 00000000 ____D () C:\Users\user\Documents\Youcam

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-09 00:56

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-11-2014 01
Ran by user at 2014-11-09 17:23:53
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E9D77810-CA65-EE82-69D1-5E4E7310CE04}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Artweaver Free 4 (HKLM\...\{6567E404-A019-4D0C-BD18-10564126A579}_is1) (Version: 4.0 - Boris Eyrich Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
ESET NOD32 Antivirus (HKLM\...\{A1A01D26-AF53-42C0-9DAE-1BC2FCC68812}) (Version: 8.0.304.0 - ESET, spol s r. o.)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Java™ 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
K-Lite Mega Codec Pack 9.9.0 (HKLM\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
Nero 7 Essentials (HKLM\...\{EF3E420F-2DCF-4C24-8E37-896801902052}) (Version: 7.03.1055 - Nero AG)
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.112 - PDF Complete, Inc)
Ralink RT5390R 802.11bgn 1x1 Wi-Fi Adapter (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.13.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29011 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated)
Winamp (HKLM\...\Winamp) (Version: 5.581  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
捃濘7 (HKLM\...\thunder_is1) (Version: 7.9.22.4780 - 捃濘厙釐撮扲衄癹鼠侗)
美图秀秀 3.1.6  (HKLM\...\美图秀秀) (Version:  - 美图网)
藝芞艘艘 2.2.7 (HKCU\...\藝芞艘艘) (Version: 2.2.7 - Meitu, Inc.)
蹄扂秞氈 2014 (HKLM\...\KwMusic7) (Version: 7.7.1.3 - 蹄扂褪撮)
迅雷看看播放器 (HKLM\...\迅雷看看播放器) (Version: 4.9.15.2177 - 迅雷网络技术有限公司)
迅雷看看高清播放组件 (HKLM\...\迅雷看看高清播放组件) (Version:  - 迅雷网络技术有限公司)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

==================== Restore Points  =========================

03-10-2014 10:26:27 Windows Update
28-10-2014 13:29:04 Windows Update
28-10-2014 13:57:39 Removed Microsoft Visual C++ 2005 Redistributable

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:04 - 2014-11-09 15:07 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {18E34A77-E22E-4C9F-A323-1542F8956B8F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {7D0FC5F8-DAA6-4E25-A813-9D8BDCB1D13E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-09] (Google Inc.)
Task: {89028C2A-A26A-4FBD-A67A-08C9CA10F095} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\Program Files\Rising\RMC\rsdelaylauncher.exe
Task: {8C83EFE5-AE53-45A0-ADB7-C438DCAA1A40} - System32\Tasks\ProtectBaiduPlayer => C:\Program Files\baidu\BaiduPlayer\4.0.1.85\bdyyProtect.exe
Task: {8CBBB500-5BCC-453A-B2EE-4BF1D2CD1B94} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-09] (Adobe Systems Incorporated)
Task: {DCBC3EB9-5680-4788-BBF9-16C2F043BD03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-09] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-06 12:07 - 2012-08-06 12:07 - 00065024 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-07-12 14:52 - 2014-07-12 14:51 - 00021504 _____ () c:\program files\common files\thunder network\serviceplatform\minizip.dll
2014-07-12 14:52 - 2014-07-12 14:51 - 00684032 _____ () c:\program files\common files\thunder network\serviceplatform\libexpat.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BITS => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: ThunderSecurityDoctor => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AqyltgcSqbj.lnk => C:\Windows\pss\AqyltgcSqbj.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LZNewWeather.lnk => C:\Windows\pss\LZNewWeather.lnk.Startup

========================= Accounts: ==========================

Administrator (S-1-5-21-1063732510-2684093475-4160272198-500 - Administrator - Disabled)
Guest (S-1-5-21-1063732510-2684093475-4160272198-501 - Limited - Disabled)
user (S-1-5-21-1063732510-2684093475-4160272198-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============

Name: bd0002
Description: bd0002
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: bd0002
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: BDSafeBrowser
Description: BDSafeBrowser
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BDSafeBrowser
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: xcmvidamlpqgda8dk
Description: xcmvidamlpqgda8dk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: xcmvidamlpqgda8dk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: bd0001
Description: bd0001
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: bd0001
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/09/2014 05:23:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {bb1df738-9b10-45df-b62a-79ab26a03752}

Error: (11/09/2014 05:23:57 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {bb1df738-9b10-45df-b62a-79ab26a03752}

Error: (11/09/2014 05:23:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {23f061ba-10d3-417a-a252-fd191fbb76f6}

Error: (11/09/2014 05:23:57 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {23f061ba-10d3-417a-a252-fd191fbb76f6}

Error: (11/09/2014 05:23:57 PM) (Source: VSS) (EventID: 12346) (User: )
Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 was encountered while trying to initialize the Registry Writer.  This may cause
future shadow-copy creations to fail.

Error: (11/09/2014 05:23:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {7788fd64-6b74-4954-827a-017801d2fb4b}

Error: (11/09/2014 05:23:57 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {7788fd64-6b74-4954-827a-017801d2fb4b}

Error: (11/09/2014 05:23:57 PM) (Source: VSS) (EventID: 12342) (User: )
Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 was encountered while trying to initialize the Registry Writer.  This may cause
future shadow-copy creations to fail.

Error: (11/09/2014 05:23:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine Subscribing the Registry server writer failed. hr = 8004230208lx.  hr = 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
.

Error: (11/09/2014 05:23:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {c004cd05-147e-4a0b-b295-ab8858a008d5}


System errors:
=============
Error: (11/09/2014 03:09:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bd0003
BDAntiExp
xcmvidamlpqgda8dk

Error: (11/09/2014 03:09:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BDSafeBrowser service failed to start due to the following error:
%%31

Error: (11/09/2014 03:09:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error:
%%2

Error: (11/09/2014 03:09:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BDKVRTP Service service failed to start due to the following error:
%%2

Error: (11/09/2014 03:01:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/09/2014 02:28:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bd0003
BDAntiExp
xcmvidamlpqgda8dk

Error: (11/09/2014 02:28:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BDSafeBrowser service failed to start due to the following error:
%%31

Error: (11/09/2014 02:28:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error:
%%2

Error: (11/09/2014 02:28:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BDKVRTP Service service failed to start due to the following error:
%%2

Error: (11/09/2014 02:27:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD E1-1200 APU with Radeon™ HD Graphics
Percentage of memory in use: 49%
Total physical RAM: 1640.37 MB
Available physical RAM: 825.01 MB
Total Pagefile: 3280.73 MB
Available Pagefile: 2283.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1923.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:318.47 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B3FCCC9C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Thanks in Advanced for Helping :)


  • 0

#4
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, jrjayz.

Please tell me if either you or anyone else who is using your computer speaks Chinese. I'm asking as there are lots of files on your computer that are somehow connected to it.

Also, tell me if these programs were installed intentionally:
  • Thunder Network
  • BaiduPlayer
Please, do the following:

Step #1
FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   190bytes   69 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
Systemlook

Download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
    C:\Program Files\diignoahjmtijp /s
    
    :filefind
    *hao123*
    *hao*
    
    :folderfind
    *hao123*
    *hao*
    
    :regfind
    hao123
    hao
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

 
Step #3
FRST Scan
  • Right click FRST.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Things that should appear in your next post:
  • Fixlog.txt log content
  • SystemLook.txt log content
  • FRST.txt log content
  • Addition.txt log content

  • 0

#5
jrjayz

jrjayz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Because this is my friend's computer i cannot confirm you,but the Thunder Network should be Thunder's file similiar as Bittorrent and the BaiduPlayer i m not sure but baidu is something like google.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-11-2014 01
Ran by user at 2014-11-10 08:34:39 Run:8
Running from C:\Users\user\Desktop
Loaded Profile: user (Available profiles: user)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.hao123.com/?tn=99327113_hao_pg
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

==== End of Fixlog ====

 

SystemLook 30.07.11 by jpshortstuff
Log created at 08:39 on 10/11/2014 by user
Administrator - Elevation successful

========== dir ==========

C:\Program Files\diignoahjmtijp - Parameters: "/s"

---Files---
zcsbgmaq.exe    --a---- 147800 bytes    [10:01 27/10/2014]    [10:01 27/10/2014]

No folders found.

========== filefind ==========

Searching for "*hao123*"
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.hao123.com_0.localstorage    --a---- 3072 bytes    [05:56 09/11/2014]    [05:56 09/11/2014] 04021B33AEE0B5CA9C5A7EC92618B2D7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\EHZQDAF7\s1.hao123img.com\index\swf\LocalStorage.swf\$hao123$.sol    --a---- 78 bytes    [05:56 09/11/2014]    [05:56 09/11/2014] EC2F82C7DCF1C4DEF720563B40A90113
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RJ3E7DCN\s1.hao123img.com\index\swf\LocalStorage.swf\$hao123$.sol    --a---- 78 bytes    [07:12 09/11/2014]    [07:12 09/11/2014] 69CD92F231CD879AF09BCBB814735BDE
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\hao123.lnk    --a---- 1946 bytes    [00:39 27/10/2014]    [02:41 09/11/2014] 4830BA7E84103E8052C2391DB81ABF00

Searching for "*hao*"
C:\Program Files\Common Files\Ahead\NAS\nas\presets\Chaos.nvp    --a---- 3625 bytes    [04:25 17/01/2001]    [04:25 17/01/2001] 3FF8D3242A0FED4F6C0787D70C469F71
C:\Program Files\Meitu\XiuXiu\Effects\mtxx_laozhaop2_wenli1.jpg    --a---- 60162 bytes    [11:24 06/04/2012]    [11:24 06/04/2012] 0109500AAB678C232B36293D216A7893
C:\Program Files\Meitu\XiuXiu\Effects\mtxx_laozhaop2_wenli2.jpg    --a---- 71113 bytes    [11:24 06/04/2012]    [11:24 06/04/2012] 7F4A1FF25ED9B33E9B00D091A3925B54
C:\Program Files\Winamp\Plugins\Milkdrop2\presets\Flexi - age of shading chaos.milk    --a---- 17167 bytes    [20:18 28/04/2009]    [20:18 28/04/2009] 979CEC1761B2A985887CA52B9D27FE73
C:\Program Files\Winamp\Plugins\Milkdrop2\presets\Flexi - gold plated maelstrom of chaos [mirrorized].milk    --a---- 13726 bytes    [20:18 28/04/2009]    [20:18 28/04/2009] 61734B10FD74AF082F313E47FA1246FE
C:\Program Files\Winamp\Plugins\Milkdrop2\presets\Flexi - gold plated maelstrom of chaos.milk    --a---- 12266 bytes    [20:18 28/04/2009]    [20:18 28/04/2009] 04669133D4F0EA548EAE8D4F8EB92F4D
C:\Program Files\Winamp\Plugins\Milkdrop2\presets\Rovastar - Harlequin's & Jester's Dual Delight (Chaotic Nightmare Mix).milk    --a---- 4159 bytes    [20:18 28/04/2009]    [20:18 28/04/2009] CF3D3B7A5DAC2C5FF9DE023848C7EF47
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.hao123.com_0.localstorage    --a---- 3072 bytes    [05:56 09/11/2014]    [05:56 09/11/2014] 04021B33AEE0B5CA9C5A7EC92618B2D7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\EHZQDAF7\s1.hao123img.com\index\swf\LocalStorage.swf\$hao123$.sol    --a---- 78 bytes    [05:56 09/11/2014]    [05:56 09/11/2014] EC2F82C7DCF1C4DEF720563B40A90113
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RJ3E7DCN\s1.hao123img.com\index\swf\LocalStorage.swf\$hao123$.sol    --a---- 78 bytes    [07:12 09/11/2014]    [07:12 09/11/2014] 69CD92F231CD879AF09BCBB814735BDE
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\hao123.lnk    --a---- 1946 bytes    [00:39 27/10/2014]    [02:41 09/11/2014] 4830BA7E84103E8052C2391DB81ABF00

========== folderfind ==========

Searching for "*hao123*"
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\EHZQDAF7\s1.hao123img.com    d------    [05:56 09/11/2014]
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\EHZQDAF7\macromedia.com\support\flashplayer\sys\#s1.hao123img.com    d------    [05:56 09/11/2014]
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RJ3E7DCN\s1.hao123img.com    d------    [07:12 09/11/2014]
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s1.hao123img.com    d------    [07:12 09/11/2014]

Searching for "*hao*"
C:\Program Files\Meitu\Sucai\Shipin\Fuzhuang\Kouzhao    d------    [13:21 06/07/2014]
C:\Program Files\Meitu\Sucai\Shipin\Fuzhuang\Zhengjianzhao    d------    [13:21 06/07/2014]
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\EHZQDAF7\s1.hao123img.com    d------    [05:56 09/11/2014]
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\EHZQDAF7\macromedia.com\support\flashplayer\sys\#s1.hao123img.com    d------    [05:56 09/11/2014]
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RJ3E7DCN\s1.hao123img.com    d------    [07:12 09/11/2014]
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s1.hao123img.com    d------    [07:12 09/11/2014]

========== regfind ==========

Searching for "hao123"
[HKEY_CURRENT_USER\Software\Classes\Software\Classes\clsid\{871C5380-42A0-1069-A2EA-08002B30309D}\Shell\OpenHomePage\Command]
@="C:\Program Files\Internet Explorer\iexplore.exe www.hao123.com/?tn=99327113_hao_pg"
[HKEY_USERS\S-1-5-21-1063732510-2684093475-4160272198-1000\Software\Classes\Software\Classes\clsid\{871C5380-42A0-1069-A2EA-08002B30309D}\Shell\OpenHomePage\Command]
@="C:\Program Files\Internet Explorer\iexplore.exe www.hao123.com/?tn=99327113_hao_pg"
[HKEY_USERS\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\Software\Classes\clsid\{871C5380-42A0-1069-A2EA-08002B30309D}\Shell\OpenHomePage\Command]
@="C:\Program Files\Internet Explorer\iexplore.exe www.hao123.com/?tn=99327113_hao_pg"

Searching for "hao"
[HKEY_CURRENT_USER\Software\kingsoft\KVip]
"0BB8BCAE"="2013-08-29 11:40:00|vQnAYWnBl/5qL4WNB7WyU3v0pwLXu3ctjc0jJ/Ojj5KQVZS90Q+W3J/0q9ipFENOeyNMyT3XmoTXfmwm3/eNpQSThyeSozukOIYBzrWpwIRGoVbVLWVc5Fo79wqkGVH+TaFRuPJ7W5LBMSwR1O2w9sWYuvM0crA4e40zI4Z4V/iGnPJcULFLjrFdCpod4E11NJYcxccIGdWf9JFQEKxy4+mzjxq5NKo2PHUSk2GVHqrRiE/NEHlThOhNmuwkOPD3UXPBDi0d/7SkBpcTGECzsc+RwjMBhGWHG5I7z46SN4IwQfXzmFIx5rvwoXdTGFQstHgp/aNSTwo7seQAnx+0fFj6LKBoKUr4mfJKfEvCQSmpYKQ5n5d+bFcAL0uQjRrhOUygnPz5Xb+RPzqITJVla6+KSlk/1q4d5k5h1pdMGBPZ+lEVCXkY5uwl6Q+KJNzw3ze0iEIugGzYN4xyL+lpxTgtr8k/I49+rop3NSx/8lj4JVVb+5pAkIvAZsMJuPCWCTQMWH5X3Qqxi6m9zagq2W/cXFbJWYp75GLG2BCRAixmeuMScCGtwZIPHd5lpYfWz5ERAhq5efbvKPY0mRnuH0u/yxQyApKPaGZ+qY7NoD7CiDZrZoheYUNCZ3r9RkuHgFGur+/pN12/8N7cTv1Qch/Iep60/LTAq9sd0fbp+JpTVqud/HmhyPNGysImvo64jnVcKdftO1Fj0u6zbFJPFs8yi48+1SAb5W1RBW4ftOgbA/XEtVM6SWJ5+4wYs5OULRXkWrM/l4wH50+5Mu9X5NzjIiFkhtKaSue0TUBoCzUTEN/BrsaUiaBVvw67G5CUeXRWiJFyGwc1AOHBMYi/ggfRWuAzdtCI79C5mkZLJWaqF7tOrnVoL1PIal69Qky5AR17B6OzKlyanaYTRReF+YNLXNvklOR4wQozBStZ7QYKblW1udj5
[HKEY_CURRENT_USER\Software\quzhao]
[HKEY_CURRENT_USER\Software\quzhaoBar]
[HKEY_CURRENT_USER\Software\Classes\Software\Classes\clsid\{871C5380-42A0-1069-A2EA-08002B30309D}\Shell\OpenHomePage\Command]
@="C:\Program Files\Internet Explorer\iexplore.exe www.hao123.com/?tn=99327113_hao_pg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\Chinese]
"PhoneMap"="- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 + 0008 * 0009 1 000A 2 000B 3 000C 4 000D 5 000E a 000F ai 0010 an 0011 ang 0012 ao 0013 ba 0014 bai 0015 ban 0016 bang 0017 bao 0018 bei 0019 ben 001A beng 001B bi 001C bian 001D biao 001E bie 001F bin 0020 bing 0021 bo 0022 bu 0023 ca 0024 cai 0025 can 0026 cang 0027 cao 0028 ce 0029 cen 002A ceng 002B cha 002C chai 002D chan 002E chang 002F chao 0030 che 0031 chen 0032 cheng 0033 chi 0034 chong 0035 chou 0036 chu 0037 chuai 0038 chuan 0039 chuang 003A chui 003B chun 003C chuo 003D ci 003E cong 003F cou 0040 cu 0041 cuan 0042 cui 0043 cun 0044 cuo 0045 da 0046 dai 0047 dan 0048 dang 0049 dao 004A de 004B dei 004C den 004D deng 004E di 004F dia 0050 dian 0051 diao 0052 die 0053 ding 0054 diu 0055 dong 0056 dou 0057 du 0058 duan 0059 dui 005A dun 005B duo 005C e 005D ei 005E en 005F er 0060 fa 0061 fan 0062 fang 0063 fei 0064 fen 0065 feng 0066 fo 0067 fou 0068 fu 0069 ga
[HKEY_USERS\S-1-5-21-1063732510-2684093475-4160272198-1000\Software\kingsoft\KVip]
"0BB8BCAE"="2013-08-29 11:40:00|vQnAYWnBl/5qL4WNB7WyU3v0pwLXu3ctjc0jJ/Ojj5KQVZS90Q+W3J/0q9ipFENOeyNMyT3XmoTXfmwm3/eNpQSThyeSozukOIYBzrWpwIRGoVbVLWVc5Fo79wqkGVH+TaFRuPJ7W5LBMSwR1O2w9sWYuvM0crA4e40zI4Z4V/iGnPJcULFLjrFdCpod4E11NJYcxccIGdWf9JFQEKxy4+mzjxq5NKo2PHUSk2GVHqrRiE/NEHlThOhNmuwkOPD3UXPBDi0d/7SkBpcTGECzsc+RwjMBhGWHG5I7z46SN4IwQfXzmFIx5rvwoXdTGFQstHgp/aNSTwo7seQAnx+0fFj6LKBoKUr4mfJKfEvCQSmpYKQ5n5d+bFcAL0uQjRrhOUygnPz5Xb+RPzqITJVla6+KSlk/1q4d5k5h1pdMGBPZ+lEVCXkY5uwl6Q+KJNzw3ze0iEIugGzYN4xyL+lpxTgtr8k/I49+rop3NSx/8lj4JVVb+5pAkIvAZsMJuPCWCTQMWH5X3Qqxi6m9zagq2W/cXFbJWYp75GLG2BCRAixmeuMScCGtwZIPHd5lpYfWz5ERAhq5efbvKPY0mRnuH0u/yxQyApKPaGZ+qY7NoD7CiDZrZoheYUNCZ3r9RkuHgFGur+/pN12/8N7cTv1Qch/Iep60/LTAq9sd0fbp+JpTVqud/HmhyPNGysImvo64jnVcKdftO1Fj0u6zbFJPFs8yi48+1SAb5W1RBW4ftOgbA/XEtVM6SWJ5+4wYs5OULRXkWrM/l4wH50+5Mu9X5NzjIiFkhtKaSue0TUBoCzUTEN/BrsaUiaBVvw67G5CUeXRWiJFyGwc1AOHBMYi/ggfRWuAzdtCI79C5mkZLJWaqF7tOrnVoL1PIal69Qky5AR17B6OzKlya
[HKEY_USERS\S-1-5-21-1063732510-2684093475-4160272198-1000\Software\quzhao]
[HKEY_USERS\S-1-5-21-1063732510-2684093475-4160272198-1000\Software\quzhaoBar]
[HKEY_USERS\S-1-5-21-1063732510-2684093475-4160272198-1000\Software\Classes\Software\Classes\clsid\{871C5380-42A0-1069-A2EA-08002B30309D}\Shell\OpenHomePage\Command]
@="C:\Program Files\Internet Explorer\iexplore.exe www.hao123.com/?tn=99327113_hao_pg"
[HKEY_USERS\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\Software\Classes\clsid\{871C5380-42A0-1069-A2EA-08002B30309D}\Shell\OpenHomePage\Command]
@="C:\Program Files\Internet Explorer\iexplore.exe www.hao123.com/?tn=99327113_hao_pg"

-= EOF =-

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-11-2014 01
Ran by user (administrator) on USER-PC on 10-11-2014 08:43:50
Running from C:\Users\user\Desktop
Loaded Profile: user (Available profiles: user)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\user\Downloads\SystemLook.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-02-27] (Nero AG)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2014-10-01] (ESET)
HKU\S-1-5-21-1063732510-2684093475-4160272198-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-1063732510-2684093475-4160272198-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\coppgtq3.default
FF NewTab: hxxp://www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @baidu.com/npBdyyPlugin -> C:\Program Files\baidu\BaiduPlayer\4.0.1.85\npbdyy.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin: @kingsfot.com/npkws -> C:\Program Files\kingsoft\kingsoft antivirus\npkws.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin: @wandoujia.com -> C:\Program Files\WandouLabs\npWandoujiaHelper.dll No File
FF Plugin: @xunlei.com/DapCtrl -> C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(635).dll No File
FF Plugin: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll No File

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-09]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-09]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-09]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-09]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-09]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-09]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-09]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2014-10-01] (ESET)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S4 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
S4 ThunderSecurityDoctor; C:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\tdservicedelegate.dll [1425864 2014-04-23] ()
R2 XLServicePlatform; C:\Program Files\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174024 2014-07-12] (ShenZhen Xunlei Networking Technologies,LTD)
S2 BDKVRTP; "C:\Program Files\Baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe" -r [X]
S2 HitmanPro37CrusaderBoot; "E:\HitmanPro.exe" /crusader:boot [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 Acceler; C:\Windows\System32\drivers\Acceler.sys [18632 2014-11-02] (Disk Editor.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70784 2011-12-13] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34944 2011-12-13] (Advanced Micro Devices)
R1 BDMWrench; C:\Windows\System32\DRIVERS\BDMWrench.sys [125256 2014-09-25] (Baidu)
S2 BDSafeBrowser; C:\Windows\system32\drivers\BDSafeBrowser.sys [63304 2014-09-29] (Baidu)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [191928 2014-08-18] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135296 2014-08-18] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123424 2014-09-18] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [195176 2012-01-30] (Realtek Semiconductor Corp.)
S1 bd0001; system32\DRIVERS\bd0001.sys [X]
S1 bd0002; system32\DRIVERS\bd0002.sys [X]
S1 bd0003; system32\DRIVERS\bd0003.sys [X]
S1 BDAntiExp; system32\DRIVERS\BDAntiExp.sys [X]
S1 xcmvidamlpqgda8dk; \??\C:\Program Files\xiongchumopg\bin\xcm3dklehvita89ad.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 08:43 - 2014-11-10 08:44 - 00009277 _____ () C:\Users\user\Desktop\FRST.txt
2014-11-10 08:36 - 2014-11-10 08:41 - 00019510 _____ () C:\Users\user\Downloads\SystemLook.txt
2014-11-10 08:36 - 2014-11-10 08:36 - 00139264 _____ () C:\Users\user\Downloads\SystemLook.exe
2014-11-09 14:27 - 2014-11-09 14:27 - 00000000 ____D () C:\_OTL
2014-11-09 13:59 - 2014-11-10 08:30 - 00000170 _____ () C:\Users\Public\Desktop\9輸9婦蚘.url
2014-11-09 13:41 - 2014-11-09 13:42 - 00000228 _____ () C:\Users\user\Downloads\Search.txt
2014-11-09 13:28 - 2014-11-09 13:28 - 00047260 _____ () C:\Users\user\Downloads\Shortcut.txt
2014-11-09 13:27 - 2014-11-09 13:28 - 00025756 _____ () C:\Users\user\Downloads\Addition.txt
2014-11-09 13:26 - 2014-11-09 13:28 - 00028254 _____ () C:\Users\user\Downloads\FRST.txt
2014-11-09 13:00 - 2014-11-09 13:42 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-11-09 12:57 - 2014-11-09 13:01 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-11-09 12:42 - 2014-11-10 08:43 - 00000000 ____D () C:\FRST
2014-11-09 12:40 - 2014-11-09 12:40 - 01107968 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-11-09 12:35 - 2014-11-09 15:24 - 00066144 _____ () C:\Users\user\Downloads\OTL.Txt
2014-11-09 12:29 - 2014-11-09 12:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\DataRepair
2014-11-09 12:25 - 2014-11-09 12:25 - 00602112 _____ (OldTimer Tools) C:\Users\user\Downloads\OTL.exe
2014-11-09 12:20 - 2014-11-09 12:20 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu.exe
2014-11-09 12:19 - 2014-11-09 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-11-09 12:19 - 2014-11-09 12:19 - 00000000 ____D () C:\Program Files\7-Zip
2014-11-09 12:18 - 2014-11-09 12:18 - 01138397 _____ () C:\Users\user\Downloads\7z922.exe
2014-11-09 12:16 - 2014-11-09 12:16 - 01110476 _____ () C:\Users\user\Downloads\7z920.exe
2014-11-09 11:28 - 2014-11-09 11:29 - 02145792 _____ () C:\Users\user\Downloads\adwcleaner_4.100.exe
2014-11-09 11:20 - 2014-11-10 08:31 - 00007406 _____ () C:\Windows\WindowsUpdate.log
2014-11-09 11:15 - 2014-11-10 08:29 - 00000616 _____ () C:\Windows\setupact.log
2014-11-09 11:15 - 2014-11-09 11:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-09 11:13 - 2014-11-09 11:13 - 00001471 _____ () C:\Users\user\Desktop\IE.lnk
2014-11-09 11:09 - 2014-11-09 14:10 - 00004082 _____ () C:\Windows\PFRO.log
2014-11-09 10:31 - 2014-11-09 10:37 - 17417312 _____ (Elex do Brasil Participações Ltda) C:\Users\user\Downloads\yet_another_cleaner_sk_1522290.exe
2014-11-09 09:50 - 2014-11-09 11:49 - 00000574 _____ () C:\Windows\system32\.crusader
2014-11-09 07:22 - 2014-11-09 07:22 - 00000000 ____D () C:\Windows\ERUNT
2014-11-09 06:58 - 2014-11-09 11:37 - 00000000 ____D () C:\AdwCleaner
2014-11-09 06:42 - 2014-11-09 06:42 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-09 06:42 - 2014-11-09 06:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-09 06:30 - 2014-11-10 08:36 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-09 06:30 - 2014-11-10 08:31 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-09 06:29 - 2014-11-09 06:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2014-11-09 06:29 - 2014-11-09 06:30 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2014-11-09 06:29 - 2014-11-09 06:29 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-09 06:29 - 2014-11-09 06:29 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-09 06:29 - 2014-11-09 06:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-09 06:07 - 2014-11-09 06:07 - 00000000 ____D () C:\Users\user\AppData\Local\VS Revo Group
2014-11-09 06:07 - 2014-11-09 06:07 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-11-09 06:07 - 2014-11-09 06:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-11-09 06:07 - 2014-11-09 06:07 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-11-09 06:07 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-11-09 06:05 - 2014-11-09 06:05 - 00000000 ____D () C:\Users\user\AppData\Roaming\Google
2014-11-08 22:58 - 2014-11-08 22:58 - 00000000 ____D () C:\Windows\pss
2014-11-08 17:01 - 2014-11-08 20:33 - 00000035 _____ () C:\Users\user\AppData\Roaming\CoreAVC.ini
2014-11-08 16:00 - 2014-11-08 16:00 - 00018104 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(57).torrent
2014-11-08 15:58 - 2014-11-08 15:58 - 00017576 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(56).torrent
2014-11-08 15:57 - 2014-11-08 15:57 - 00017596 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(55).torrent
2014-11-07 18:30 - 2014-09-25 16:13 - 00125256 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench.sys
2014-11-07 18:18 - 2014-11-10 08:30 - 00001521 _____ () C:\Windows\r.lnk
2014-11-06 00:27 - 2014-11-06 00:27 - 00066256 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(54).torrent
2014-11-06 00:02 - 2014-11-06 00:02 - 00000000 ____D () C:\ShedtDownLoad
2014-11-04 13:23 - 2014-11-04 13:26 - 00000000 ____D () C:\Users\user\AppData\Local\TaoTaoSou
2014-11-03 20:56 - 2014-11-03 20:56 - 00000000 ____D () C:\Program Files\diignoahjmtijp
2014-11-02 17:00 - 2014-11-02 17:00 - 00068654 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(53).torrent
2014-11-02 16:56 - 2014-11-02 16:56 - 00017466 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(51).torrent
2014-11-02 16:56 - 2014-11-02 16:56 - 00017444 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(52).torrent
2014-11-02 11:28 - 2014-11-02 11:28 - 00000000 ____D () C:\ProgramData\pptassist
2014-11-02 11:19 - 2014-11-05 23:47 - 00000000 ____D () C:\Users\user\AppData\Local\PPTAssist
2014-11-02 11:18 - 2014-11-02 11:18 - 00070712 _____ () C:\Windows\system32\Drivers\vparam.bin
2014-11-02 11:18 - 2014-11-02 11:18 - 00018632 _____ (Disk Editor.) C:\Windows\system32\Drivers\Acceler.sys
2014-10-29 19:03 - 2014-10-29 19:03 - 00029254 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(49).torrent
2014-10-29 19:03 - 2014-10-29 19:03 - 00029056 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(50).torrent
2014-10-29 19:02 - 2014-10-29 19:02 - 00017956 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(48).torrent
2014-10-29 00:12 - 2014-11-01 14:00 - 00000305 _____ () C:\Windows\system32\bdsecushr.dat
2014-10-28 23:54 - 2014-10-28 23:54 - 00000000 ____D () C:\Users\user\AppData\Local\ESET
2014-10-28 23:23 - 2014-11-09 13:41 - 00000000 ____D () C:\Program Files\ESET
2014-10-28 23:23 - 2014-10-28 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-10-28 23:23 - 2014-10-28 23:23 - 00000000 ____D () C:\ProgramData\ESET
2014-10-28 21:52 - 2014-11-10 08:31 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-28 21:52 - 2014-10-28 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-28 21:51 - 2014-10-28 21:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-28 21:51 - 2014-10-28 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-28 21:51 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-28 21:51 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-28 21:51 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-28 21:36 - 2014-10-28 21:43 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-28 21:29 - 2014-10-02 15:53 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 21:22 - 2014-06-19 11:40 - 00045128 _____ (Baidu) C:\Windows\system32\Drivers\BDEnhanceBoost.sys
2014-10-28 21:21 - 2014-10-28 21:22 - 00029254 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(47).torrent
2014-10-28 21:18 - 2014-10-28 21:18 - 00017956 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(46).torrent
2014-10-28 21:08 - 2014-02-08 15:34 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\bthservs.dll
2014-10-28 20:02 - 2014-10-28 20:02 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-28 20:02 - 2014-10-28 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-28 20:02 - 2014-10-28 20:02 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-28 19:59 - 2014-10-28 20:00 - 04974864 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup419.exe
2014-10-28 19:09 - 2014-10-28 19:09 - 00000000 ____D () C:\ProgramData\KSafeCommon
2014-10-28 18:55 - 2014-11-09 06:28 - 00110256 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-10-28 18:53 - 2014-11-05 23:40 - 00000000 ____D () C:\ProgramData\Kingsoft
2014-10-28 15:31 - 2014-10-28 15:31 - 03921920 _____ () C:\Windows\system32\ksime.ime
2014-10-28 08:48 - 2014-10-29 18:18 - 00000000 ____D () C:\Users\user\AppData\Roaming\MediaViewer
2014-10-28 08:48 - 2014-10-28 23:49 - 00000264 _____ () C:\Users\user\AppData\Roaming\SogouPinyin.local
2014-10-27 08:59 - 2014-10-27 22:20 - 00000000 ____D () C:\ProgramData\SQ PlatForm
2014-10-27 08:57 - 2014-10-27 08:57 - 00000000 ____D () C:\ProgramData\XXM Software
2014-10-27 08:55 - 2014-10-13 19:22 - 00040568 _____ (Tan Lin) C:\Windows\system32\diactks.dll
2014-10-27 08:52 - 2014-10-28 09:07 - 00000000 ____D () C:\Users\user\Documents\Universal
2014-10-27 08:43 - 2014-11-05 22:34 - 00000000 ____D () C:\ProgramData\JisuInput
2014-10-25 11:06 - 2014-10-25 11:06 - 00000000 ____D () C:\Users\user\Documents\Lxedt365
2014-10-21 20:32 - 2014-10-21 20:32 - 00068016 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(45).torrent
2014-10-21 18:48 - 2014-10-21 18:49 - 00066864 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(44).torrent
2014-10-21 18:34 - 2014-10-21 18:34 - 00000000 ____D () C:\Users\user\Documents\Livedt365
2014-10-21 18:33 - 2014-10-28 19:48 - 00000000 ____D () C:\ProgramData\Icons
2014-10-18 18:02 - 2014-10-18 18:03 - 01202032 _____ (Unity Technologies ApS) C:\Users\user\Downloads\UnityWebPlayer.exe
2014-10-17 21:53 - 2014-10-17 21:53 - 00067932 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(43).torrent
2014-10-17 21:50 - 2014-10-17 21:50 - 00017364 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(42).torrent
2014-10-17 20:46 - 2014-10-17 20:46 - 00192803 _____ () C:\Users\user\Downloads\▽場壅▼溫扻樑賸.rar
2014-10-17 20:37 - 2014-10-17 20:38 - 00192696 _____ () C:\Users\user\Downloads\▽場壅▼溫扻樑賸.ssf
2014-10-17 20:28 - 2014-10-17 20:28 - 00102776 _____ () C:\Users\user\Downloads\▽劓霾▼MOLANG﹞俙撿.ssf
2014-10-17 20:19 - 2014-10-17 20:20 - 00342632 _____ () C:\Users\user\Downloads\▽場壅▼疑庤狟敁脰.ssf
2014-10-16 20:24 - 2014-10-16 20:24 - 00029118 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(41).torrent
2014-10-16 20:23 - 2014-10-16 20:23 - 00029316 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(40).torrent
2014-10-16 20:23 - 2014-10-16 20:23 - 00017506 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(39).torrent
2014-10-15 20:34 - 2014-10-15 20:50 - 03883832 _____ (staSoft2) C:\Users\user\Downloads\setup_2948-172862(2).exe
2014-10-15 20:34 - 2014-10-15 20:48 - 03883832 _____ (staSoft2) C:\Users\user\Downloads\setup_2948-172862.exe
2014-10-15 19:37 - 2014-10-15 19:37 - 00000000 ____D () C:\Users\user\.android
2014-10-14 21:58 - 2014-10-16 20:17 - 00000000 ___RD () C:\RavBin
2014-10-14 21:58 - 2014-10-14 21:47 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\vpatch.dll
2014-10-14 19:33 - 2014-10-14 19:37 - 00000000 ____D () C:\ProgramData\Rising
2014-10-13 13:01 - 2014-10-13 13:02 - 00515392 _____ () C:\Users\user\Downloads\狗皮.rar
2014-10-13 12:39 - 2014-10-13 12:39 - 00000000 ____D () C:\美图图库
2014-10-12 14:26 - 2014-10-12 14:26 - 00000000 ___SD () C:\CloudCache
2014-10-12 14:26 - 2014-10-12 14:26 - 00000000 ____D () C:\Users\user\AppData\Local\bfcloud
2014-10-11 10:10 - 2014-10-11 10:11 - 00000000 ___HD () C:\sohucache
2014-10-11 10:10 - 2014-10-11 10:10 - 00000000 ____D () C:\Users\user\Documents\刲緒荌秞

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 08:40 - 2014-07-06 11:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 08:36 - 2009-07-14 12:34 - 00019488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 08:36 - 2009-07-14 12:34 - 00019488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 08:29 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-09 15:07 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public
2014-11-09 13:13 - 2014-10-04 08:21 - 00000000 ___HD () C:\Users\Public\Fundata
2014-11-09 13:00 - 2013-11-04 19:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-09 13:00 - 2013-11-04 19:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-09 11:30 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\tracing
2014-11-09 11:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-09 11:13 - 2013-11-05 02:22 - 00000000 ____D () C:\Windows\Panther
2014-11-09 10:47 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-11-09 07:04 - 2014-07-12 14:50 - 00000000 ____D () C:\ProgramData\Thunder Network
2014-11-09 07:04 - 2009-07-14 12:33 - 00412352 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-09 06:42 - 2014-07-12 13:37 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2014-11-09 06:40 - 2014-07-12 13:37 - 00000000 ____D () C:\Program Files\Google
2014-11-09 06:29 - 2014-09-27 10:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-09 06:12 - 2013-11-29 16:47 - 00001085 _____ () C:\Users\user\Desktop\Documents.lnk
2014-11-09 06:11 - 2014-10-01 19:49 - 00000000 ____D () C:\ProgramData\Google
2014-11-09 05:59 - 2013-11-04 10:38 - 00717892 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 23:30 - 2013-11-06 15:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\Media Player Classic
2014-11-08 23:22 - 2014-10-05 14:33 - 00000000 ___SD () C:\kankan
2014-11-08 23:05 - 2013-11-17 18:13 - 00000000 ____D () C:\Windows\Minidump
2014-11-08 20:27 - 2014-09-28 16:15 - 00000000 ____D () C:\迅雷下载
2014-11-08 19:00 - 2013-11-13 19:19 - 00000000 ____D () C:\連續集
2014-11-08 18:52 - 2014-07-05 19:58 - 00000000 ____D () C:\Media
2014-11-08 17:30 - 2014-09-02 12:05 - 00000000 ____D () C:\2014投稿件
2014-11-08 17:30 - 2014-05-31 18:59 - 00000000 ____D () C:\song
2014-11-08 17:05 - 2014-09-26 20:35 - 00000000 ____D () C:\KwDownload
2014-11-08 15:43 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Globalization
2014-11-07 23:28 - 2009-07-14 12:53 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-05 22:35 - 2014-09-26 20:35 - 00000000 ____D () C:\Program Files\kuwo
2014-10-28 22:28 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help
2014-10-28 20:41 - 2013-11-04 19:25 - 00000000 ____D () C:\Program Files\Avira
2014-10-17 20:24 - 2014-07-06 20:35 - 00000000 ____D () C:\Users\user\Downloads\New folder
2014-10-12 19:17 - 2013-11-06 15:25 - 00000000 ____D () C:\Users\user\Documents\Youcam
2014-10-11 09:22 - 2014-10-10 16:57 - 00000000 ____D () C:\Users\user\AppData\Roaming\anote

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-09 00:56

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-11-2014 01
Ran by user at 2014-11-10 08:45:10
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E9D77810-CA65-EE82-69D1-5E4E7310CE04}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Artweaver Free 4 (HKLM\...\{6567E404-A019-4D0C-BD18-10564126A579}_is1) (Version: 4.0 - Boris Eyrich Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
ESET NOD32 Antivirus (HKLM\...\{A1A01D26-AF53-42C0-9DAE-1BC2FCC68812}) (Version: 8.0.304.0 - ESET, spol s r. o.)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Java™ 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
K-Lite Mega Codec Pack 9.9.0 (HKLM\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
Nero 7 Essentials (HKLM\...\{EF3E420F-2DCF-4C24-8E37-896801902052}) (Version: 7.03.1055 - Nero AG)
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.112 - PDF Complete, Inc)
Ralink RT5390R 802.11bgn 1x1 Wi-Fi Adapter (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.13.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29011 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated)
Winamp (HKLM\...\Winamp) (Version: 5.581  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
捃濘7 (HKLM\...\thunder_is1) (Version: 7.9.22.4780 - 捃濘厙釐撮扲衄癹鼠侗)
美图秀秀 3.1.6  (HKLM\...\美图秀秀) (Version:  - 美图网)
藝芞艘艘 2.2.7 (HKCU\...\藝芞艘艘) (Version: 2.2.7 - Meitu, Inc.)
蹄扂秞氈 2014 (HKLM\...\KwMusic7) (Version: 7.7.1.3 - 蹄扂褪撮)
迅雷看看播放器 (HKLM\...\迅雷看看播放器) (Version: 4.9.15.2177 - 迅雷网络技术有限公司)
迅雷看看高清播放组件 (HKLM\...\迅雷看看高清播放组件) (Version:  - 迅雷网络技术有限公司)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

==================== Restore Points  =========================

03-10-2014 10:26:27 Windows Update
28-10-2014 13:29:04 Windows Update
28-10-2014 13:57:39 Removed Microsoft Visual C++ 2005 Redistributable

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:04 - 2014-11-09 15:07 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {18E34A77-E22E-4C9F-A323-1542F8956B8F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {7D0FC5F8-DAA6-4E25-A813-9D8BDCB1D13E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-09] (Google Inc.)
Task: {89028C2A-A26A-4FBD-A67A-08C9CA10F095} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\Program Files\Rising\RMC\rsdelaylauncher.exe
Task: {8C83EFE5-AE53-45A0-ADB7-C438DCAA1A40} - System32\Tasks\ProtectBaiduPlayer => C:\Program Files\baidu\BaiduPlayer\4.0.1.85\bdyyProtect.exe
Task: {8CBBB500-5BCC-453A-B2EE-4BF1D2CD1B94} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-09] (Adobe Systems Incorporated)
Task: {DCBC3EB9-5680-4788-BBF9-16C2F043BD03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-09] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-06 12:07 - 2012-08-06 12:07 - 00065024 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-07-12 14:52 - 2014-07-12 14:51 - 00021504 _____ () c:\program files\common files\thunder network\serviceplatform\minizip.dll
2014-07-12 14:52 - 2014-07-12 14:51 - 00684032 _____ () c:\program files\common files\thunder network\serviceplatform\libexpat.dll
2013-11-04 11:05 - 2005-10-07 15:05 - 00125440 _____ () C:\Program Files\WinRAR\rarext.dll
2014-11-09 06:29 - 2014-11-06 19:09 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-11-10 08:36 - 2014-11-10 08:36 - 00139264 _____ () C:\Users\user\Downloads\SystemLook.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BITS => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: ThunderSecurityDoctor => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AqyltgcSqbj.lnk => C:\Windows\pss\AqyltgcSqbj.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LZNewWeather.lnk => C:\Windows\pss\LZNewWeather.lnk.Startup

========================= Accounts: ==========================

Administrator (S-1-5-21-1063732510-2684093475-4160272198-500 - Administrator - Disabled)
Guest (S-1-5-21-1063732510-2684093475-4160272198-501 - Limited - Disabled)
user (S-1-5-21-1063732510-2684093475-4160272198-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============

Name: bd0002
Description: bd0002
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: bd0002
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: BDSafeBrowser
Description: BDSafeBrowser
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BDSafeBrowser
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: xcmvidamlpqgda8dk
Description: xcmvidamlpqgda8dk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: xcmvidamlpqgda8dk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: bd0001
Description: bd0001
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: bd0001
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2014 08:45:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {a9e66910-961c-41f7-989f-0bc6e324e202}

Error: (11/10/2014 08:45:14 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {a9e66910-961c-41f7-989f-0bc6e324e202}

Error: (11/10/2014 08:45:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {6051d5d0-1f94-4e78-929a-a32913f39f84}

Error: (11/10/2014 08:45:14 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {6051d5d0-1f94-4e78-929a-a32913f39f84}

Error: (11/10/2014 08:45:14 AM) (Source: VSS) (EventID: 12346) (User: )
Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 was encountered while trying to initialize the Registry Writer.  This may cause
future shadow-copy creations to fail.

Error: (11/10/2014 08:45:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {4adc535f-7d5c-4bab-85db-c2c7008681ce}

Error: (11/10/2014 08:45:14 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {4adc535f-7d5c-4bab-85db-c2c7008681ce}

Error: (11/10/2014 08:45:14 AM) (Source: VSS) (EventID: 12342) (User: )
Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 was encountered while trying to initialize the Registry Writer.  This may cause
future shadow-copy creations to fail.

Error: (11/10/2014 08:45:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine Subscribing the Registry server writer failed. hr = 8004230208lx.  hr = 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
.

Error: (11/10/2014 08:45:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {37176d73-527d-4427-9c7c-45de452d6c98}


System errors:
=============
Error: (11/10/2014 08:29:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bd0003
BDAntiExp
xcmvidamlpqgda8dk

Error: (11/10/2014 08:29:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BDSafeBrowser service failed to start due to the following error:
%%31

Error: (11/10/2014 08:29:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error:
%%2

Error: (11/10/2014 08:29:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BDKVRTP Service service failed to start due to the following error:
%%2

Error: (11/10/2014 08:29:14 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:18:14 AM on ‎11/‎10/‎2014 was unexpected.

Error: (11/09/2014 09:38:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bd0003
BDAntiExp
xcmvidamlpqgda8dk

Error: (11/09/2014 09:38:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BDSafeBrowser service failed to start due to the following error:
%%31

Error: (11/09/2014 09:38:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error:
%%2

Error: (11/09/2014 09:38:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BDKVRTP Service service failed to start due to the following error:
%%2

Error: (11/09/2014 03:09:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bd0003
BDAntiExp
xcmvidamlpqgda8dk


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD E1-1200 APU with Radeon™ HD Graphics
Percentage of memory in use: 83%
Total physical RAM: 1640.37 MB
Available physical RAM: 273.39 MB
Total Pagefile: 3280.73 MB
Available Pagefile: 1733.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1916.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:318.46 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B3FCCC9C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#6
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, jrjayz.

Let's take care of that hao123 issue.

Step #1
Registry repair

Download the attached .reg file to your Desktop.
Attached File  fix.reg   653bytes   60 downloads

Launch fix.reg by double-clicking it. Allow the file to be added to the registry.

 
Step #2
FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   1.01KB   130 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #3
FRST Scan
  • Right click FRST.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Things that should appear in your next post:
  • Fixlog.txt log content
  • FRST.txt log content
  • Addition.txt log content
  • Please tell me if you still have any problems with hao123

  • 0

#7
jrjayz

jrjayz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-11-2014 01
Ran by user at 2014-11-11 01:16:12 Run:10
Running from C:\Users\user\Desktop
Loaded Profile: user (Available profiles: user)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.hao123.com_0.localstorage
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\EHZQDAF7\s1.hao123img.com
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RJ3E7DCN\s1.hao123img.com\index\swf\LocalStorage.swf\$hao123$.sol
C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\hao123.lnk
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\EHZQDAF7\macromedia.com\support\flashplayer\sys\#s1.hao123img.com
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RJ3E7DCN\s1.hao123img.com
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s1.hao123img.com
S1 xcmvidamlpqgda8dk; \??\C:\Program Files\xiongchumopg\bin\xcm3dklehvita89ad.sys [X]
C:\Program Files\xiongchumopg\bin\xcm3dklehvita89ad.sys
C:\Program Files\diignoahjmtijp
*****************

"C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.hao123.com_0.localstorage" => File/Directory not found.
"C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\EHZQDAF7\s1.hao123img.com" => File/Directory not found.
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RJ3E7DCN\s1.hao123img.com\index\swf\LocalStorage.swf\$hao123$.sol => Moved successfully.
"C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\hao123.lnk" => File/Directory not found.
"C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\EHZQDAF7\macromedia.com\support\flashplayer\sys\#s1.hao123img.com" => File/Directory not found.
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RJ3E7DCN\s1.hao123img.com => Moved successfully.
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s1.hao123img.com => Moved successfully.
xcmvidamlpqgda8dk => Service not found.
"C:\Program Files\xiongchumopg\bin\xcm3dklehvita89ad.sys" => File/Directory not found.
"C:\Program Files\diignoahjmtijp" => File/Directory not found.

==== End of Fixlog ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-11-2014 01
Ran by user (administrator) on USER-PC on 11-11-2014 01:16:37
Running from C:\Users\user\Desktop
Loaded Profile: user (Available profiles: user)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-02-27] (Nero AG)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2014-10-01] (ESET)
HKU\S-1-5-21-1063732510-2684093475-4160272198-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-1063732510-2684093475-4160272198-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\coppgtq3.default
FF NewTab: hxxp://www.google.com
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @baidu.com/npBdyyPlugin -> C:\Program Files\baidu\BaiduPlayer\4.0.1.85\npbdyy.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
FF Plugin: @kingsfot.com/npkws -> C:\Program Files\kingsoft\kingsoft antivirus\npkws.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin: @wandoujia.com -> C:\Program Files\WandouLabs\npWandoujiaHelper.dll No File
FF Plugin: @xunlei.com/DapCtrl -> C:\Program Files\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(635).dll No File
FF Plugin: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll No File

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-09]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-09]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-09]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-09]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-09]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-09]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-09]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2014-10-01] (ESET)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S4 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
S4 ThunderSecurityDoctor; C:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\tdservicedelegate.dll [1425864 2014-04-23] ()
R2 XLServicePlatform; C:\Program Files\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174024 2014-07-12] (ShenZhen Xunlei Networking Technologies,LTD)
S2 BDKVRTP; "C:\Program Files\Baidu\BaiduSd\2.1.0.3086\BaiduSdSvc.exe" -r [X]
S2 HitmanPro37CrusaderBoot; "E:\HitmanPro.exe" /crusader:boot [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 Acceler; C:\Windows\System32\drivers\Acceler.sys [18632 2014-11-02] (Disk Editor.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70784 2011-12-13] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34944 2011-12-13] (Advanced Micro Devices)
R1 BDMWrench; C:\Windows\System32\DRIVERS\BDMWrench.sys [125256 2014-09-25] (Baidu)
S2 BDSafeBrowser; C:\Windows\system32\drivers\BDSafeBrowser.sys [63304 2014-09-29] (Baidu)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [191928 2014-08-18] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135296 2014-08-18] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123424 2014-09-18] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [195176 2012-01-30] (Realtek Semiconductor Corp.)
S1 bd0001; system32\DRIVERS\bd0001.sys [X]
S1 bd0002; system32\DRIVERS\bd0002.sys [X]
S1 bd0003; system32\DRIVERS\bd0003.sys [X]
S1 BDAntiExp; system32\DRIVERS\BDAntiExp.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 01:16 - 2014-11-11 01:17 - 00009079 _____ () C:\Users\user\Desktop\FRST.txt
2014-11-11 01:09 - 2014-11-11 01:09 - 00000653 _____ () C:\Users\user\Downloads\fix.reg
2014-11-10 08:36 - 2014-11-10 08:41 - 00019510 _____ () C:\Users\user\Downloads\SystemLook.txt
2014-11-10 08:36 - 2014-11-10 08:36 - 00139264 _____ () C:\Users\user\Downloads\SystemLook.exe
2014-11-09 14:27 - 2014-11-09 14:27 - 00000000 ____D () C:\_OTL
2014-11-09 13:59 - 2014-11-10 08:30 - 00000170 _____ () C:\Users\Public\Desktop\9輸9婦蚘.url
2014-11-09 13:41 - 2014-11-09 13:42 - 00000228 _____ () C:\Users\user\Downloads\Search.txt
2014-11-09 13:28 - 2014-11-09 13:28 - 00047260 _____ () C:\Users\user\Downloads\Shortcut.txt
2014-11-09 13:27 - 2014-11-09 13:28 - 00025756 _____ () C:\Users\user\Downloads\Addition.txt
2014-11-09 13:26 - 2014-11-09 13:28 - 00028254 _____ () C:\Users\user\Downloads\FRST.txt
2014-11-09 13:00 - 2014-11-09 13:42 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-11-09 12:57 - 2014-11-09 13:01 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-11-09 12:42 - 2014-11-11 01:16 - 00000000 ____D () C:\FRST
2014-11-09 12:40 - 2014-11-09 12:40 - 01107968 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-11-09 12:35 - 2014-11-09 15:24 - 00066144 _____ () C:\Users\user\Downloads\OTL.Txt
2014-11-09 12:29 - 2014-11-09 12:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\DataRepair
2014-11-09 12:25 - 2014-11-09 12:25 - 00602112 _____ (OldTimer Tools) C:\Users\user\Downloads\OTL.exe
2014-11-09 12:20 - 2014-11-09 12:20 - 02347384 _____ (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu.exe
2014-11-09 12:19 - 2014-11-09 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-11-09 12:19 - 2014-11-09 12:19 - 00000000 ____D () C:\Program Files\7-Zip
2014-11-09 12:18 - 2014-11-09 12:18 - 01138397 _____ () C:\Users\user\Downloads\7z922.exe
2014-11-09 12:16 - 2014-11-09 12:16 - 01110476 _____ () C:\Users\user\Downloads\7z920.exe
2014-11-09 11:28 - 2014-11-09 11:29 - 02145792 _____ () C:\Users\user\Downloads\adwcleaner_4.100.exe
2014-11-09 11:20 - 2014-11-10 08:31 - 00007406 _____ () C:\Windows\WindowsUpdate.log
2014-11-09 11:15 - 2014-11-10 08:29 - 00000616 _____ () C:\Windows\setupact.log
2014-11-09 11:15 - 2014-11-09 11:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-09 11:13 - 2014-11-09 11:13 - 00001471 _____ () C:\Users\user\Desktop\IE.lnk
2014-11-09 11:09 - 2014-11-09 14:10 - 00004082 _____ () C:\Windows\PFRO.log
2014-11-09 10:31 - 2014-11-09 10:37 - 17417312 _____ (Elex do Brasil Participações Ltda) C:\Users\user\Downloads\yet_another_cleaner_sk_1522290.exe
2014-11-09 09:50 - 2014-11-09 11:49 - 00000574 _____ () C:\Windows\system32\.crusader
2014-11-09 07:22 - 2014-11-09 07:22 - 00000000 ____D () C:\Windows\ERUNT
2014-11-09 06:58 - 2014-11-09 11:37 - 00000000 ____D () C:\AdwCleaner
2014-11-09 06:42 - 2014-11-09 06:42 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-09 06:42 - 2014-11-09 06:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-09 06:30 - 2014-11-11 00:35 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-09 06:30 - 2014-11-10 08:31 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-09 06:29 - 2014-11-09 06:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2014-11-09 06:29 - 2014-11-09 06:30 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2014-11-09 06:29 - 2014-11-09 06:29 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-09 06:29 - 2014-11-09 06:29 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-09 06:29 - 2014-11-09 06:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-09 06:07 - 2014-11-09 06:07 - 00000000 ____D () C:\Users\user\AppData\Local\VS Revo Group
2014-11-09 06:07 - 2014-11-09 06:07 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-11-09 06:07 - 2014-11-09 06:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-11-09 06:07 - 2014-11-09 06:07 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-11-09 06:07 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-11-09 06:05 - 2014-11-09 06:05 - 00000000 ____D () C:\Users\user\AppData\Roaming\Google
2014-11-08 22:58 - 2014-11-08 22:58 - 00000000 ____D () C:\Windows\pss
2014-11-08 17:01 - 2014-11-08 20:33 - 00000035 _____ () C:\Users\user\AppData\Roaming\CoreAVC.ini
2014-11-08 16:00 - 2014-11-08 16:00 - 00018104 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(57).torrent
2014-11-08 15:58 - 2014-11-08 15:58 - 00017576 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(56).torrent
2014-11-08 15:57 - 2014-11-08 15:57 - 00017596 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(55).torrent
2014-11-07 18:30 - 2014-09-25 16:13 - 00125256 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench.sys
2014-11-07 18:18 - 2014-11-10 08:30 - 00001521 _____ () C:\Windows\r.lnk
2014-11-06 00:27 - 2014-11-06 00:27 - 00066256 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(54).torrent
2014-11-06 00:02 - 2014-11-06 00:02 - 00000000 ____D () C:\ShedtDownLoad
2014-11-04 13:23 - 2014-11-04 13:26 - 00000000 ____D () C:\Users\user\AppData\Local\TaoTaoSou
2014-11-02 17:00 - 2014-11-02 17:00 - 00068654 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(53).torrent
2014-11-02 16:56 - 2014-11-02 16:56 - 00017466 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(51).torrent
2014-11-02 16:56 - 2014-11-02 16:56 - 00017444 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(52).torrent
2014-11-02 11:28 - 2014-11-02 11:28 - 00000000 ____D () C:\ProgramData\pptassist
2014-11-02 11:19 - 2014-11-05 23:47 - 00000000 ____D () C:\Users\user\AppData\Local\PPTAssist
2014-11-02 11:18 - 2014-11-02 11:18 - 00070712 _____ () C:\Windows\system32\Drivers\vparam.bin
2014-11-02 11:18 - 2014-11-02 11:18 - 00018632 _____ (Disk Editor.) C:\Windows\system32\Drivers\Acceler.sys
2014-10-29 19:03 - 2014-10-29 19:03 - 00029254 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(49).torrent
2014-10-29 19:03 - 2014-10-29 19:03 - 00029056 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(50).torrent
2014-10-29 19:02 - 2014-10-29 19:02 - 00017956 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(48).torrent
2014-10-29 00:12 - 2014-11-01 14:00 - 00000305 _____ () C:\Windows\system32\bdsecushr.dat
2014-10-28 23:54 - 2014-10-28 23:54 - 00000000 ____D () C:\Users\user\AppData\Local\ESET
2014-10-28 23:23 - 2014-11-09 13:41 - 00000000 ____D () C:\Program Files\ESET
2014-10-28 23:23 - 2014-10-28 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-10-28 23:23 - 2014-10-28 23:23 - 00000000 ____D () C:\ProgramData\ESET
2014-10-28 21:52 - 2014-11-11 01:00 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-28 21:52 - 2014-10-28 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-28 21:51 - 2014-10-28 21:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-28 21:51 - 2014-10-28 21:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-28 21:51 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-28 21:51 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-28 21:51 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-28 21:36 - 2014-10-28 21:43 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-28 21:29 - 2014-10-02 15:53 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 21:22 - 2014-06-19 11:40 - 00045128 _____ (Baidu) C:\Windows\system32\Drivers\BDEnhanceBoost.sys
2014-10-28 21:21 - 2014-10-28 21:22 - 00029254 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(47).torrent
2014-10-28 21:18 - 2014-10-28 21:18 - 00017956 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(46).torrent
2014-10-28 21:08 - 2014-02-08 15:34 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\bthservs.dll
2014-10-28 20:02 - 2014-10-28 20:02 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-28 20:02 - 2014-10-28 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-28 20:02 - 2014-10-28 20:02 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-28 19:59 - 2014-10-28 20:00 - 04974864 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup419.exe
2014-10-28 19:09 - 2014-10-28 19:09 - 00000000 ____D () C:\ProgramData\KSafeCommon
2014-10-28 18:55 - 2014-11-09 06:28 - 00110256 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-10-28 18:53 - 2014-11-05 23:40 - 00000000 ____D () C:\ProgramData\Kingsoft
2014-10-28 15:31 - 2014-10-28 15:31 - 03921920 _____ () C:\Windows\system32\ksime.ime
2014-10-28 08:48 - 2014-10-29 18:18 - 00000000 ____D () C:\Users\user\AppData\Roaming\MediaViewer
2014-10-28 08:48 - 2014-10-28 23:49 - 00000264 _____ () C:\Users\user\AppData\Roaming\SogouPinyin.local
2014-10-27 08:59 - 2014-10-27 22:20 - 00000000 ____D () C:\ProgramData\SQ PlatForm
2014-10-27 08:57 - 2014-10-27 08:57 - 00000000 ____D () C:\ProgramData\XXM Software
2014-10-27 08:55 - 2014-10-13 19:22 - 00040568 _____ (Tan Lin) C:\Windows\system32\diactks.dll
2014-10-27 08:52 - 2014-10-28 09:07 - 00000000 ____D () C:\Users\user\Documents\Universal
2014-10-27 08:43 - 2014-11-05 22:34 - 00000000 ____D () C:\ProgramData\JisuInput
2014-10-25 11:06 - 2014-10-25 11:06 - 00000000 ____D () C:\Users\user\Documents\Lxedt365
2014-10-21 20:32 - 2014-10-21 20:32 - 00068016 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(45).torrent
2014-10-21 18:48 - 2014-10-21 18:49 - 00066864 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(44).torrent
2014-10-21 18:34 - 2014-10-21 18:34 - 00000000 ____D () C:\Users\user\Documents\Livedt365
2014-10-21 18:33 - 2014-10-28 19:48 - 00000000 ____D () C:\ProgramData\Icons
2014-10-18 18:02 - 2014-10-18 18:03 - 01202032 _____ (Unity Technologies ApS) C:\Users\user\Downloads\UnityWebPlayer.exe
2014-10-17 21:53 - 2014-10-17 21:53 - 00067932 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(43).torrent
2014-10-17 21:50 - 2014-10-17 21:50 - 00017364 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(42).torrent
2014-10-17 20:46 - 2014-10-17 20:46 - 00192803 _____ () C:\Users\user\Downloads\▽場壅▼溫扻樑賸.rar
2014-10-17 20:37 - 2014-10-17 20:38 - 00192696 _____ () C:\Users\user\Downloads\▽場壅▼溫扻樑賸.ssf
2014-10-17 20:28 - 2014-10-17 20:28 - 00102776 _____ () C:\Users\user\Downloads\▽劓霾▼MOLANG﹞俙撿.ssf
2014-10-17 20:19 - 2014-10-17 20:20 - 00342632 _____ () C:\Users\user\Downloads\▽場壅▼疑庤狟敁脰.ssf
2014-10-16 20:24 - 2014-10-16 20:24 - 00029118 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(41).torrent
2014-10-16 20:23 - 2014-10-16 20:23 - 00029316 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(40).torrent
2014-10-16 20:23 - 2014-10-16 20:23 - 00017506 _____ () C:\Users\user\Downloads\www.DLkoo.com_1(39).torrent
2014-10-15 20:34 - 2014-10-15 20:50 - 03883832 _____ (staSoft2) C:\Users\user\Downloads\setup_2948-172862(2).exe
2014-10-15 20:34 - 2014-10-15 20:48 - 03883832 _____ (staSoft2) C:\Users\user\Downloads\setup_2948-172862.exe
2014-10-15 19:37 - 2014-10-15 19:37 - 00000000 ____D () C:\Users\user\.android
2014-10-14 21:58 - 2014-10-16 20:17 - 00000000 ___RD () C:\RavBin
2014-10-14 21:58 - 2014-10-14 21:47 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\vpatch.dll
2014-10-14 19:33 - 2014-10-14 19:37 - 00000000 ____D () C:\ProgramData\Rising
2014-10-13 13:01 - 2014-10-13 13:02 - 00515392 _____ () C:\Users\user\Downloads\狗皮.rar
2014-10-13 12:39 - 2014-10-13 12:39 - 00000000 ____D () C:\美图图库
2014-10-12 14:26 - 2014-10-12 14:26 - 00000000 ___SD () C:\CloudCache
2014-10-12 14:26 - 2014-10-12 14:26 - 00000000 ____D () C:\Users\user\AppData\Local\bfcloud

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-11 00:40 - 2014-07-06 11:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 08:36 - 2009-07-14 12:34 - 00019488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 08:36 - 2009-07-14 12:34 - 00019488 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 08:29 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-09 15:07 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public
2014-11-09 13:13 - 2014-10-04 08:21 - 00000000 ___HD () C:\Users\Public\Fundata
2014-11-09 13:00 - 2013-11-04 19:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-09 13:00 - 2013-11-04 19:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-09 11:30 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\tracing
2014-11-09 11:17 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-09 11:13 - 2013-11-05 02:22 - 00000000 ____D () C:\Windows\Panther
2014-11-09 10:47 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-11-09 07:04 - 2014-07-12 14:50 - 00000000 ____D () C:\ProgramData\Thunder Network
2014-11-09 07:04 - 2009-07-14 12:33 - 00412352 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-09 06:42 - 2014-07-12 13:37 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2014-11-09 06:40 - 2014-07-12 13:37 - 00000000 ____D () C:\Program Files\Google
2014-11-09 06:29 - 2014-09-27 10:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-09 06:12 - 2013-11-29 16:47 - 00001085 _____ () C:\Users\user\Desktop\Documents.lnk
2014-11-09 06:11 - 2014-10-01 19:49 - 00000000 ____D () C:\ProgramData\Google
2014-11-09 05:59 - 2013-11-04 10:38 - 00717892 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 23:30 - 2013-11-06 15:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\Media Player Classic
2014-11-08 23:22 - 2014-10-05 14:33 - 00000000 ___SD () C:\kankan
2014-11-08 23:05 - 2013-11-17 18:13 - 00000000 ____D () C:\Windows\Minidump
2014-11-08 20:27 - 2014-09-28 16:15 - 00000000 ____D () C:\迅雷下载
2014-11-08 19:00 - 2013-11-13 19:19 - 00000000 ____D () C:\連續集
2014-11-08 18:52 - 2014-07-05 19:58 - 00000000 ____D () C:\Media
2014-11-08 17:30 - 2014-09-02 12:05 - 00000000 ____D () C:\2014投稿件
2014-11-08 17:30 - 2014-05-31 18:59 - 00000000 ____D () C:\song
2014-11-08 17:05 - 2014-09-26 20:35 - 00000000 ____D () C:\KwDownload
2014-11-08 15:43 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Globalization
2014-11-07 23:28 - 2009-07-14 12:53 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-05 22:35 - 2014-09-26 20:35 - 00000000 ____D () C:\Program Files\kuwo
2014-10-28 22:28 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help
2014-10-28 20:41 - 2013-11-04 19:25 - 00000000 ____D () C:\Program Files\Avira
2014-10-17 20:24 - 2014-07-06 20:35 - 00000000 ____D () C:\Users\user\Downloads\New folder
2014-10-12 19:17 - 2013-11-06 15:25 - 00000000 ____D () C:\Users\user\Documents\Youcam

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\BaiduPinyin10053.exe
C:\Users\user\AppData\Local\Temp\xmppushersetup_2.0.0.82.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-09 00:56

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-11-2014 01
Ran by user at 2014-11-11 01:17:52
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E9D77810-CA65-EE82-69D1-5E4E7310CE04}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Artweaver Free 4 (HKLM\...\{6567E404-A019-4D0C-BD18-10564126A579}_is1) (Version: 4.0 - Boris Eyrich Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)
ESET NOD32 Antivirus (HKLM\...\{A1A01D26-AF53-42C0-9DAE-1BC2FCC68812}) (Version: 8.0.304.0 - ESET, spol s r. o.)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Java™ 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
K-Lite Mega Codec Pack 9.9.0 (HKLM\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
Nero 7 Essentials (HKLM\...\{EF3E420F-2DCF-4C24-8E37-896801902052}) (Version: 7.03.1055 - Nero AG)
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.112 - PDF Complete, Inc)
Ralink RT5390R 802.11bgn 1x1 Wi-Fi Adapter (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.13.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek PCIE Card Reader (HKLM\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29011 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated)
Winamp (HKLM\...\Winamp) (Version: 5.581  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
捃濘7 (HKLM\...\thunder_is1) (Version: 7.9.22.4780 - 捃濘厙釐撮扲衄癹鼠侗)
美图秀秀 3.1.6  (HKLM\...\美图秀秀) (Version:  - 美图网)
藝芞艘艘 2.2.7 (HKCU\...\藝芞艘艘) (Version: 2.2.7 - Meitu, Inc.)
蹄扂秞氈 2014 (HKLM\...\KwMusic7) (Version: 7.7.1.3 - 蹄扂褪撮)
迅雷看看播放器 (HKLM\...\迅雷看看播放器) (Version: 4.9.15.2177 - 迅雷网络技术有限公司)
迅雷看看高清播放组件 (HKLM\...\迅雷看看高清播放组件) (Version:  - 迅雷网络技术有限公司)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1063732510-2684093475-4160272198-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

==================== Restore Points  =========================

03-10-2014 10:26:27 Windows Update
28-10-2014 13:29:04 Windows Update
28-10-2014 13:57:39 Removed Microsoft Visual C++ 2005 Redistributable

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:04 - 2014-11-09 15:07 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {18E34A77-E22E-4C9F-A323-1542F8956B8F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {7D0FC5F8-DAA6-4E25-A813-9D8BDCB1D13E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-09] (Google Inc.)
Task: {89028C2A-A26A-4FBD-A67A-08C9CA10F095} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\Program Files\Rising\RMC\rsdelaylauncher.exe
Task: {8C83EFE5-AE53-45A0-ADB7-C438DCAA1A40} - System32\Tasks\ProtectBaiduPlayer => C:\Program Files\baidu\BaiduPlayer\4.0.1.85\bdyyProtect.exe
Task: {8CBBB500-5BCC-453A-B2EE-4BF1D2CD1B94} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-09] (Adobe Systems Incorporated)
Task: {DCBC3EB9-5680-4788-BBF9-16C2F043BD03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-09] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-06 12:07 - 2012-08-06 12:07 - 00065024 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-07-12 14:52 - 2014-07-12 14:51 - 00021504 _____ () c:\program files\common files\thunder network\serviceplatform\minizip.dll
2014-07-12 14:52 - 2014-07-12 14:51 - 00684032 _____ () c:\program files\common files\thunder network\serviceplatform\libexpat.dll
2013-11-04 11:05 - 2005-10-07 15:05 - 00125440 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BITS => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: ThunderSecurityDoctor => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AqyltgcSqbj.lnk => C:\Windows\pss\AqyltgcSqbj.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LZNewWeather.lnk => C:\Windows\pss\LZNewWeather.lnk.Startup

========================= Accounts: ==========================

Administrator (S-1-5-21-1063732510-2684093475-4160272198-500 - Administrator - Disabled)
Guest (S-1-5-21-1063732510-2684093475-4160272198-501 - Limited - Disabled)
user (S-1-5-21-1063732510-2684093475-4160272198-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============

Name: bd0002
Description: bd0002
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: bd0002
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: BDSafeBrowser
Description: BDSafeBrowser
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BDSafeBrowser
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: xcmvidamlpqgda8dk
Description: xcmvidamlpqgda8dk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: xcmvidamlpqgda8dk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: bd0001
Description: bd0001
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: bd0001
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2014 01:17:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {b7d09203-eb0b-4b8e-9cae-3d543383d94e}

Error: (11/11/2014 01:17:56 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {b7d09203-eb0b-4b8e-9cae-3d543383d94e}

Error: (11/11/2014 01:17:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {ec8ea67b-c3ff-44a5-b453-02d46dc0a548}

Error: (11/11/2014 01:17:56 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {ec8ea67b-c3ff-44a5-b453-02d46dc0a548}

Error: (11/11/2014 01:17:56 AM) (Source: VSS) (EventID: 12346) (User: )
Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 was encountered while trying to initialize the Registry Writer.  This may cause
future shadow-copy creations to fail.

Error: (11/11/2014 01:17:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {a200b8b7-d614-4088-8051-f9a47f03eb08}

Error: (11/11/2014 01:17:56 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {a200b8b7-d614-4088-8051-f9a47f03eb08}

Error: (11/11/2014 01:17:56 AM) (Source: VSS) (EventID: 12342) (User: )
Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
 was encountered while trying to initialize the Registry Writer.  This may cause
future shadow-copy creations to fail.

Error: (11/11/2014 01:17:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine Subscribing the Registry server writer failed. hr = 8004230208lx.  hr = 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
.

Error: (11/11/2014 01:17:56 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
   Subscribing Writer

Context:
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {2406718f-2003-42de-96e9-b84a04089573}


System errors:
=============
Error: (11/10/2014 08:29:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bd0003
BDAntiExp
xcmvidamlpqgda8dk

Error: (11/10/2014 08:29:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BDSafeBrowser service failed to start due to the following error:
%%31

Error: (11/10/2014 08:29:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error:
%%2

Error: (11/10/2014 08:29:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BDKVRTP Service service failed to start due to the following error:
%%2

Error: (11/10/2014 08:29:14 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:18:14 AM on ‎11/‎10/‎2014 was unexpected.

Error: (11/09/2014 09:38:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bd0003
BDAntiExp
xcmvidamlpqgda8dk

Error: (11/09/2014 09:38:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BDSafeBrowser service failed to start due to the following error:
%%31

Error: (11/09/2014 09:38:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error:
%%2

Error: (11/09/2014 09:38:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BDKVRTP Service service failed to start due to the following error:
%%2

Error: (11/09/2014 03:09:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
bd0003
BDAntiExp
xcmvidamlpqgda8dk


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD E1-1200 APU with Radeon™ HD Graphics
Percentage of memory in use: 48%
Total physical RAM: 1640.37 MB
Available physical RAM: 842.77 MB
Total Pagefile: 3280.73 MB
Available Pagefile: 2253.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:318.52 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B3FCCC9C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Yes,I am still having problems with hao123,I have also readed some similiar post about hao123 they all have Qvod in it.


  • 0

#8
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, jrjayz

Please, do the following:

Step #1
Uninstall programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove the following programs:
  • 捃濘7
  • 迅雷看看播放器
  • 迅雷看看高清播放组件
 
Step #2
AdwCleaner
  • Download AdwCleaner to your Desktop.
  • Close any open windows
  • Double click AdwCleaner.exe on your desktop to run it
  • Click the OvD9RYN.png button
  • Wait for AdwCleaner to finish the scan
  • When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click qKMbAXQ.png button. A Notepad window will be opened
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Things that should appear in your next post:
  • Please tell me if you successfully uninstalled these three programs. Is the hao problem still there?
  • AdwCleaner log content

  • 0

#9
jrjayz

jrjayz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

That is actually Thunder the previous thing u ask but in chinese,but i still uninstall it ;hao123 still appear.

 

# AdwCleaner v4.101 - Report created 11/11/2014 at 09:31:11
# Updated 09/11/2014 by Xplode
# Database : 2014-11-10.9 [Live]
# Operating System : Windows 7 Home Premium  (32 bits)
# Username : user - USER-PC
# Running from : C:\Users\user\Downloads\adwcleaner_4.101.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user Pinned\StartMenu\YAC.lnk
Folder Found : C:\Program Files\Common Files\baidu
Folder Found : C:\ProgramData\baidu
Folder Found : C:\users\user\AppData\LocalLow\baidu
Folder Found : C:\users\user\AppData\Roaming\baidu
Folder Found : C:\Windows\system32\config\systemprofile\AppData\Roaming\baidu

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - www.hao123.com/?tn=99327113_hao_pg

-\\ Mozilla Firefox v33.1 (x86 en-US)


-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [1784 octets] - [09/11/2014 07:00:01]
AdwCleaner[R1].txt - [1123 octets] - [09/11/2014 11:33:35]
AdwCleaner[R2].txt - [359 octets] - [11/11/2014 08:38:53]
AdwCleaner[R3].txt - [1483 octets] - [11/11/2014 08:48:28]
AdwCleaner[R4].txt - [1314 octets] - [11/11/2014 08:56:10]
AdwCleaner[R5].txt - [1441 octets] - [11/11/2014 09:31:11]
AdwCleaner[S0].txt - [1826 octets] - [09/11/2014 07:03:08]
AdwCleaner[S1].txt - [1146 octets] - [09/11/2014 11:37:01]
AdwCleaner[S2].txt - [1514 octets] - [11/11/2014 08:53:13]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1681 octets] ##########
 


  • 0

#10
jrjayz

jrjayz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hi~I think the problem have been solved there's no more hao123 or others simliar malware & the icon of folder has return to normal i think just nw was just left over.Thanks for helping,you have helped me alot,I think you can close up the thread already :). * used delfix to clean up already.


  • 0

#11
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

Well... alright. As you wish.

 
Preventing Re-Infection

As prevention is better than cure, I have listed some tips for you to stay safe on the internet in the future. Make a good use of them.

 
WARNING!: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java.
Read this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you still want to keep Java

  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
  • Warning!: Make sure to uncheck Optional offer box when downloading Java or you will install an adware on your computer.

 
Adobe products have to always be updated, because they also are being used to infect your computer.

  • If you want to update Adobe Flash Player, visit this site.
  • If you want to update Adobe Reader, visit this site.
  • Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.

 
Turning on Automatic Updates is a crucial security measure. Keeping them out-of-date is like begging to get your system infected.

  • Click Start > Control Panel > System and Security > Windows Update
  • Under Windows Update click Turn automatic updating on or off
  • Make sure that your settings are set so that you will receive updates automatically and click OK.

 
FileHippo is one of programs that can check for out-of-date programs on your computer. You can get it here

 
Recommendations for security programs

  • Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
  • WinPatrol as a robust security monitor, will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

 
Cryptolocker prevention
Cryptolocker is a new ransomware that heavily encrypts your important files. At the moment there are no programs that can decrypt these files. You can read how to protect against it here.

 
For some good tips about how to prevent infection in the future, visit this site.

Stay safe  :thumbsup:

 


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP