|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
November 2nd, 2014, 04:12 AM
|
|||
|
|||
|
browser keeps crashing
I think my computer is infested with virus. Whenever I launch either IE or Firefox browser, the operation fails and message was Proxy Server failed to make a connection. I had to go to do a system restore to a few days back in order to be able to launch the browser. However, pop-ups keep coming even when I am typing.
Can anyone help fixing the problem? I have Windows 7, Firefox 33 and IE 11.  Thank you in advance. 
|
|
#2
November 2nd, 2014, 04:21 PM
|
||||
|
||||
|
Hello Simple plus Naive and Welcome to the CyberTechHelp Forums.
 I will be helping you fixing your problems. Please take note of some guidelines for this fix: 1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding. 2- Perform everything in the correct order. Sometimes one step requires the previous one. 3- Please open as administrator the computer. How is open as administrator the computer? 4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here How to disable your security applications. 5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" 6- Back up all your private data / important files on another (external) drive before using our tools (if possible). 7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software. 8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Thanks -------------------------------------------------------------------------------------------------------------------------------------------------------- Please do the following; Scan with ZOEK Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one) Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Quote:
Post its content into your next reply.
|
icon and select 
Run as Administrator to start the tool.|
#3
November 3rd, 2014, 03:33 AM
|
|||
|
|||
|
Thank you so much, Olgun 52
Zoek.exe v5.0.0.0 Updated 02-November-2014 Tool run by User on Sun 11/02/2014 at 20:13:42.36. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\User\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 11/2/2014 8:18:02 PM Zoek.exe System Restore Point Created Succesfully. ==== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) ????? ◢凉(QvodPlayer) 3.5 EdO儸朓" 鴳馹 2.0 Acrobat.com Adobe AIR Adobe Flash Player 15 ActiveX Adobe Flash Player 15 Plugin Belarc Advisor 8.1 BitTorrent BitTorrentBar Toolbar BitZipper 2010 CheapCoupon Chinese Simplified Fonts Support For Adobe Reader 9 Chinese Traditional Fonts Support For Adobe Reader 9 Conduit Engine D3DX10 Defaulttab Elevated Installer Garmin Express Garmin Express Tray Itibiti RTC Java Auto Updater Junk Mail filter update Logitech Vid HD Logitech Webcam Software Logitech Webcam Software Driver Package Microsoft .NET Compact Framework 2.0 SP2 Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Enterprise 2007 Microsoft Office File Validation Add-In Microsoft Office Office 64-bit Components 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 33.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyFreeCodec neroxml OffersWizard Network System Driver Performance Optimizer QQ???7.7 Realtek 8136 8168 8169 Ethernet Driver Samsung Kies SAMSUNG USB Driver for Mobile Phones savinshop Seagate Dashboard Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2883031) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2883032) 32-Bit Edition SmartCompare SOSO??? Spybot - Search & Destroy 1.2 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899475) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) USB2.0 Grabber VLC media player WD SmartWare WD SmartWare Installer WebGuard Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR archiver Yahoo BrowserPlus 2.9.8 Yahoo Messenger Yahoo Search Protection Yahoo Software Update ==== Running Processes ====================== C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Users\User\AppData\Roaming\DefaultTab\DefaultTa b\DTUpdate.exe C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.e xe C:\Windows\score.exe C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Program Files (x86)\Security Updates Service\winupdsvc.exe C:\Program Files\Tencent\barupdate\TBUpdate.exe C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe C:\Program Files (x86)\Tencent\WebGuard\WebGuardUpdate.exe C:\Program Files (x86)\Yahoo\SoftwareUpdate\YahooAUService.exe C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe C:\Program Files (x86)\Yahoo\Search Protection\SearchProtection.exe C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDL R.exe C:\Users\User\AppData\Roaming\BitTorrent\BitTorren t.exe C:\Program Files (x86)\honestech\honestech TVR\scheduleTV.exe C:\Windows\3xHybridRMT.exe C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_15_0_0_152.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_15_0_0_152.exe C:\Users\User\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Services (whitelist) ====================== Powered by E Dev R2 - [892cc6a3] - Performance Optimizer - "C:\Windows\system32\rundll32.exe" "c:\progra~3\perfor~1\PerformanceOptimizerSvc.dll" ,service R2 - [ACDaemon] - ArcSoft Connect Daemon - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe R2 - [AMD External Events Utility] - AMD External Events Utility - C:\Windows\system32\atiesrxx.exe R2 - [DefaultTabUpdate] - DefaultTabUpdate - "C:\Users\User\AppData\Roaming\DefaultTab\DefaultT ab\DTUpdate.exe" R2 - [Garmin Core Update Service] - Garmin Core Update Service - "C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.e xe" R2 - [LVPrcS64] - Process Monitor - "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe" R2 - [scores] - scores - C:\Windows\score.exe R2 - [SeagateDashboardService] - Seagate Dashboard Service - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe R2 - [TBUpdate] - Tencent Toolbar Update Extra Service - C:\Program Files\Tencent\barupdate\TBUpdate.exe /service R2 - [WDBackup] - WD Backup - "C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe" R2 - [WDDriveService] - WD Drive Manager - "C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe" R2 - [WebGuardUpdate] - Tencent WebGuard Update Service - C:\Program Files (x86)\Tencent\WebGuard\WebGuardUpdate.exe /Service R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" R2 - [WSearch] - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding R2 - [YahooAUService] - Yahoo! Updater - "C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe" R3 - [VSS] - Volume Shadow Copy - C:\Windows\system32\vssvc.exe R3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe" S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe S2 - [NetHttpService] - Network HTTP Support Service - C:\Windows\SysWOW64\nethtsrv.exe S2 - [ServiceUpdater] - Network Support Service Updater - C:\Windows\SysWOW64\netupdsrv.exe S2 - [sppsvc] - Software Protection - C:\Windows\system32\sppsvc.exe S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe S3 - [ALG] - Application Layer Gateway Service - C:\Windows\System32\alg.exe S3 - [aspnet_state] - ASP.NET State Service - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\as pnet_state.exe S3 - [BaiduUpdater] - Baidu Updater - C:\Program Files (x86)\Baidu\BaiduUpdate\bdupdate.exe S3 - [COMSysApp] - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe S3 - [ehSched] - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe S3 - [Fax] - Fax - C:\Windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe S3 - [IDriverT] - InstallDriver Table Manager - "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\Windows\system32\IEEtwCollector.exe /V S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" S3 - [MozillaMaintenance] - Mozilla Maintenance Service - "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" S3 - [MSDTC] - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe S3 - [msiserver] - Windows Installer - C:\Windows\system32\msiexec.exe /V S3 - [NMIndexingService] - NMIndexingService - "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" S3 - [odserv] - Microsoft Office Diagnostics Service - "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" S3 - [PerfHost] - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe S3 - [SNMPTRAP] - SNMP Trap - C:\Windows\System32\snmptrap.exe S3 - [TrustedInstaller] - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe S3 - [vds] - Virtual Disk - C:\Windows\System32\vds.exe S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\Windows\system32\Wat\WatAdminSvc.exe S3 - [wbengine] - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe" S3 - [wmiApSrv] - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ms corsvw.exe ==== Batch Command(s) Run By Tool====================== Volume in drive C has no label. Volume Serial Number is 9A45-5C86 Directory of C:\ 07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users] 0 File(s) 0 bytes Directory of C:\ProgramData 07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData] 07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop] 07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents] 07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites] 07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users 07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData] 07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default] 0 File(s) 0 bytes Directory of C:\Users\All Users 07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData] 07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop] 07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents] 07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites] 07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Default 07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming] 07/14/2009 12:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows \Cookies] 07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local] 07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents] 07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows \Network Shortcuts] 07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows \Printer Shortcuts] 07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows \Recent] 07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows \SendTo] 07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu] 07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows \Templates] 0 File(s) 0 bytes Directory of C:\Users\Default\AppData\Local 07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local] 07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\H istory] 07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\T emporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\Default\Documents 07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music] 07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures] 07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos] 0 File(s) 0 bytes Directory of C:\Users\Guest 01/27/2010 10:42 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming] 01/27/2010 10:42 PM <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\C ookies] 01/27/2010 10:42 PM <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local] 01/27/2010 10:42 PM <JUNCTION> My Documents [C:\Users\Guest\Documents] 01/27/2010 10:42 PM <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\N etwork Shortcuts] 01/27/2010 10:42 PM <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\P rinter Shortcuts] 01/27/2010 10:42 PM <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\R ecent] 01/27/2010 10:42 PM <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\S endTo] 01/27/2010 10:42 PM <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\S tart Menu] 01/27/2010 10:42 PM <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\T emplates] 0 File(s) 0 bytes Directory of C:\Users\Guest\AppData\Local 01/27/2010 10:42 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Local] 01/27/2010 10:42 PM <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\His tory] 01/27/2010 10:42 PM <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Tem porary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\Guest\Documents 01/27/2010 10:42 PM <JUNCTION> My Music [C:\Users\Guest\Music] 01/27/2010 10:42 PM <JUNCTION> My Pictures [C:\Users\Guest\Pictures] 01/27/2010 10:42 PM <JUNCTION> My Videos [C:\Users\Guest\Videos] 0 File(s) 0 bytes Directory of C:\Users\Public\Documents 07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music] 07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures] 07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos] 0 File(s) 0 bytes Directory of C:\Users\TEMP 11/01/2014 04:02 PM <JUNCTION> Application Data [C:\Users\TEMP\AppData\Roaming] 11/01/2014 04:02 PM <JUNCTION> Cookies [C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Co okies] 11/01/2014 04:02 PM <JUNCTION> Local Settings [C:\Users\TEMP\AppData\Local] 11/01/2014 04:02 PM <JUNCTION> My Documents [C:\Users\TEMP\Documents] 11/01/2014 04:02 PM <JUNCTION> NetHood [C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Ne twork Shortcuts] 11/01/2014 04:02 PM <JUNCTION> PrintHood [C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Pr inter Shortcuts] 11/01/2014 04:02 PM <JUNCTION> Recent [C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Re cent] 11/01/2014 04:02 PM <JUNCTION> SendTo [C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Se ndTo] 11/01/2014 04:02 PM <JUNCTION> Start Menu [C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\St art Menu] 11/01/2014 04:02 PM <JUNCTION> Templates [C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Te mplates] 0 File(s) 0 bytes Directory of C:\Users\TEMP\AppData\Local 11/01/2014 04:02 PM <JUNCTION> Application Data [C:\Users\TEMP\AppData\Local] 11/01/2014 04:02 PM <JUNCTION> History [C:\Users\TEMP\AppData\Local\Microsoft\Windows\Hist ory] 11/01/2014 04:02 PM <JUNCTION> Temporary Internet Files [C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temp orary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\TEMP\Documents 11/01/2014 04:02 PM <JUNCTION> My Music [C:\Users\TEMP\Music] 11/01/2014 04:02 PM <JUNCTION> My Pictures [C:\Users\TEMP\Pictures] 11/01/2014 04:02 PM <JUNCTION> My Videos [C:\Users\TEMP\Videos] 0 File(s) 0 bytes Directory of C:\Users\User 01/19/2010 01:38 AM <JUNCTION> Application Data [C:\Users\User\AppData\Roaming] 01/19/2010 01:38 AM <JUNCTION> Cookies [C:\Users\User\AppData\Roaming\Microsoft\Windows\Co okies] 01/19/2010 01:38 AM <JUNCTION> Local Settings [C:\Users\User\AppData\Local] 01/19/2010 01:38 AM <JUNCTION> My Documents [C:\Users\User\Documents] 01/19/2010 01:38 AM <JUNCTION> NetHood [C:\Users\User\AppData\Roaming\Microsoft\Windows\Ne twork Shortcuts] 01/19/2010 01:38 AM <JUNCTION> PrintHood [C:\Users\User\AppData\Roaming\Microsoft\Windows\Pr inter Shortcuts] 01/19/2010 01:38 AM <JUNCTION> Recent [C:\Users\User\AppData\Roaming\Microsoft\Windows\Re cent] 01/19/2010 01:38 AM <JUNCTION> SendTo [C:\Users\User\AppData\Roaming\Microsoft\Windows\Se ndTo] 01/19/2010 01:38 AM <JUNCTION> Start Menu [C:\Users\User\AppData\Roaming\Microsoft\Windows\St art Menu] 01/19/2010 01:38 AM <JUNCTION> Templates [C:\Users\User\AppData\Roaming\Microsoft\Windows\Te mplates] 0 File(s) 0 bytes Directory of C:\Users\User\Documents 01/19/2010 01:38 AM <JUNCTION> My Music [C:\Users\User\Music] 01/19/2010 01:38 AM <JUNCTION> My Pictures [C:\Users\User\Pictures] 01/19/2010 01:38 AM <JUNCTION> My Videos [C:\Users\User\Videos] 0 File(s) 0 bytes Directory of C:\Windows\SysWOW64\config\systemprofile 03/18/2010 08:21 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\R oaming] 03/18/2010 08:21 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies] 03/18/2010 08:21 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\L ocal] 03/18/2010 08:21 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents] 03/18/2010 08:21 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Network Shortcuts] 03/18/2010 08:21 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Printer Shortcuts] 03/18/2010 08:21 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Recent] 03/18/2010 08:21 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\SendTo] 03/18/2010 08:21 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Start Menu] 03/18/2010 08:21 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal 03/18/2010 08:21 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\L ocal] 03/18/2010 08:21 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History] 03/18/2010 08:21 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Windows\SysWOW64\config\systemprofile\Documents 03/18/2010 08:21 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music] 03/18/2010 08:21 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures] 03/18/2010 08:21 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos] 0 File(s) 0 bytes Total Files Listed: 0 File(s) 0 bytes 95 Dir(s) 4,213,673,984 bytes free C:\Windows\system32\appdata deleted ==== Registry Exports ====================== Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL not found ==== Registry Exports x64 ====================== Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL not found ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2014-10-18 03:11:34 353A2A82C174560B158651F1D5B1AED1 4834816 ----a-w- C:\Windows\score.exe ====== C:\Users\User\AppData\Local\Temp ==== 2014-11-03 01:03:03 717FE667326A70644D174A252371DFE1 69120 ----a-w- C:\Users\User\AppData\Local\Temp\GLB1A2B.EXE ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2014-10-18 09:37:11 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_Kernel_webinstrN ew_01009.Wdf 2014-10-15 05:59:13 946010CDFA91469351B22E2620CEBCD8 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys 2014-10-15 05:59:10 80B9412C4DE09147581FC935FB4C97AB 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2014-10-15 05:57:54 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys 2014-10-15 05:57:53 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys 2014-10-08 01:06:03 2215808B0E8133A2B29619252E2A6F5A 48784 ----a-w- C:\Windows\Sysnative\drivers\{6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64.sys 2014-10-04 14:21:41 73628B55888FD65666DC446C74115FBA 48792 ----a-w- C:\Windows\Sysnative\drivers\{e9bebce7-deb3-4ab9-896c-549739f208c5}Gw64.sys ====== C:\Windows\Tasks ====== 2014-10-18 08:05:09 95C4C82DBF1167AC1616CA0B579699D9 1332 ----a-w- C:\Windows\Tasks\AAJ.job 2014-10-18 08:04:54 626AC249C2B8F4B5994BCEDAB0B7CD53 1336 ----a-w- C:\Windows\Tasks\PMIXB.job 2014-10-18 03:12:22 A672C5FD33CEECD641D370DD72469128 4022 ----a-w- C:\Windows\Sysnative\Tasks\LaunchSignup 2014-10-18 02:58:01 D9D9D8973B433A8252A196C042B96909 2566 ----a-w- C:\Windows\Sysnative\Tasks\QQBrowser Udpater Task(Core) 2014-10-18 02:58:01 0E0DF74363BB76FE6F6B82C68FF45C81 294 ----a-w- C:\Windows\Tasks\QQBrowser Udpater Task(Core).job 2014-10-18 02:57:59 44EAF1FCE0D08B8049848909731374BF 3208 ----a-w- C:\Windows\Sysnative\Tasks\QQBrowser Udpater Task 2014-10-18 02:57:59 29EB12489FDC47A423AE03FC5904AD16 290 ----a-w- C:\Windows\Tasks\QQBrowser Udpater Task.job 2014-10-17 02:19:42 1D3C7CC12F21624F3AFF26F887645218 2962 ----a-w- C:\Windows\Sysnative\Tasks\{A399CE89-A0CB-46BE-AF74-F03F17FDFBE9} ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C:\PROGRA~2 ===== 2014-11-02 04:06:50 -------- d-----w- C:\PROGRA~2\Driver Pro 2014-10-30 03:07:02 -------- d-----w- C:\PROGRA~2\SmartCompare 2014-10-30 01:54:53 -------- d-----w- C:\PROGRA~2\websaver 2014-10-18 14:34:22 -------- d-----w- C:\PROGRA~2\DisccountLocator 2014-10-18 09:37:10 -------- d-----w- C:\PROGRA~2\ver7SpeeditUp 2014-10-18 08:04:39 -------- d-----w- C:\PROGRA~2\globalUpdate 2014-10-18 03:11:35 -------- d-----w- C:\PROGRA~2\Super Optimizer 2014-10-17 02:14:40 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service 2014-10-07 02:48:29 -------- d-----w- C:\PROGRA~2\doWnloaditkeep ======= C: ===== ====== C:\Users\User\AppData\Roaming ====== 2014-11-02 20:44:08 -------- d-----w- C:\Users\Guest\AppData\Local\TVWizard 2014-11-02 04:06:51 -------- d-----w- C:\Users\User\AppData\Roaming\Driver Pro 2014-11-02 03:07:55 -------- d-----w- C:\Users\User\AppData\Local\TVWizard 2014-11-02 03:07:04 -------- d-----w- C:\Users\User\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\StormWatch 2014-11-02 03:06:53 -------- d-----w- C:\Users\User\AppData\Local\StormWatch 2014-11-01 21:07:06 6E75307DD56A05148CE5DDBA3D69ED54 122944 ----a-w- C:\Users\TEMP\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-01 21:05:06 -------- d-----w- C:\Users\TEMP\AppData\Roaming\Seagate 2014-11-01 21:05:05 -------- d-s---w- C:\Users\TEMP\AppData\Locallow\Microsoft 2014-11-01 21:05:04 -------- d-----w- C:\Users\TEMP\AppData\Roaming\yahoo! 2014-11-01 21:04:28 -------- d-----w- C:\Users\TEMP\AppData\Roaming\Adobe 2014-11-01 21:02:49 -------- d-----w- C:\Users\TEMP\AppData\Roaming\Identities 2014-11-01 21:02:44 -------- d-----w- C:\Users\TEMP\AppData\Roaming\Tencent 2014-11-01 21:02:44 -------- d-----w- C:\Users\TEMP\AppData\Local\VirtualStore 2014-11-01 21:02:37 -------- d-s---w- C:\Users\TEMP\AppData\Roaming\Microsoft 2014-11-01 21:02:37 -------- d-----w- C:\Users\TEMP\AppData\Roaming\Media Center Programs 2014-11-01 21:02:37 -------- d-----w- C:\Users\TEMP\AppData\Local\Temp 2014-11-01 21:02:37 -------- d-----w- C:\Users\TEMP\AppData\Local\Microsoft Help 2014-11-01 21:02:37 -------- d-----w- C:\Users\TEMP\AppData\Local\Microsoft 2014-11-01 21:02:37 -------- d-----r- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessories 2014-10-26 00:25:37 -------- d-----w- C:\Users\Guest\AppData\Local\Mozilla 2014-10-18 08:05:08 3CF5AFE5857D64713B987EF2358BBB31 1511336 ----a-w- C:\Users\User\AppData\Roaming\AAJ.exe 2014-10-18 08:04:53 363CB837498D32EBAE62CB24612B288E 1996712 ----a-w- C:\Users\User\AppData\Roaming\PMIXB.exe 2014-10-18 08:04:39 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\L ocal\globalUpdate 2014-10-18 04:26:13 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\L ocal\DotAds International Ltd 2014-10-18 03:12:12 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\L ocal\XTRM Group Ltd 2014-10-18 02:49:07 3C5025FAF1990C208C11F69F3D16B2FE 111 ----a-w- C:\Users\User\AppData\Roaming\profiles.ini 2014-10-18 02:49:07 -------- d-----w- C:\Users\User\AppData\Roaming\Profiles 2014-10-18 02:49:07 -------- d-----w- C:\Users\User\AppData\Roaming\Crash Reports 2014-10-18 02:49:07 -------- d-----w- C:\Users\User\AppData\Local\Profiles 2014-10-12 02:41:16 -------- d-----w- C:\Users\User\AppData\Local\Diagnostics 2014-10-07 03:18:58 -------- d-----w- C:\Users\User\AppData\Local\Pro_PC_Cleaner 2014-10-05 02:57:04 -------- d-----w- C:\Users\Guest\AppData\Locallow\DataMngr 2014-10-04 14:17:05 -------- d-----w- C:\Users\User\AppData\Local\Astromenda 2014-10-04 13:18:41 -------- d-----w- C:\Users\User\AppData\Local\Sparta 2014-10-04 02:09:26 -------- d-----w- C:\Users\User\AppData\Locallow\DataMngr ====== C:\Users\User ====== 2014-11-03 00:58:14 -------- d-----w- C:\ProgramData\savinshop 2014-11-03 00:48:16 -------- d-----w- C:\ProgramData\CheapCoupon 2014-11-02 03:07:38 -------- d-----w- C:\ProgramData\AQZmqpc 2014-11-02 03:07:31 -------- d-----w- C:\ProgramData\TVWizard 2014-11-01 21:04:24 -------- d-----w- C:\Users\TEMP\Searches 2014-11-01 21:02:45 -------- d-----w- C:\Users\TEMP\Contacts 2014-11-01 21:02:37 -------- d-----w- C:\Users\TEMP\Favorites 2014-11-01 21:02:37 -------- d-----w- C:\Users\TEMP\Documents 2014-11-01 21:02:37 -------- d-----w- C:\Users\TEMP\AppData 2014-11-01 21:02:37 -------- d-----r- C:\Users\TEMP\Videos 2014-11-01 01:59:11 -------- d-----w- C:\ProgramData\websaver 2014-10-30 02:24:51 -------- d-----w- C:\ProgramData\SmartCompare 2014-10-28 02:15:54 -------- d-----w- C:\ProgramData\SoftCoup 2014-10-18 08:44:09 -------- d-----w- C:\ProgramData\DisccountLocator 2014-10-18 03:14:12 -------- d--h--w- C:\Users\Public\Temp 2014-10-18 03:11:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip 2014-10-17 02:20:12 -------- d-----w- C:\ProgramData\FunAcce 2014-10-14 03:11:04 -------- d-----w- C:\ProgramData\SuperManCoupon 2014-10-07 02:55:30 ACE21C9456B286415B7D8075C73762A4 1979240 ----a-w- C:\ProgramData\BavPro_Setup_Mini_GL1.exe 2014-10-04 01:44:18 -------- d-----w- C:\ProgramData\ff579bb7f5a1fe3f 2014-10-04 01:44:05 -------- d-----w- C:\ProgramData\doWnloaditkeep 2014-10-04 01:31:14 -------- d-----w- C:\ProgramData\Performance Optimizer ====== C: exe-files == 2014-11-03 01:03:03 717FE667326A70644D174A252371DFE1 69120 ----a-w- C:\Users\User\AppData\Local\Temp\GLB1A2B.EXE 2014-11-03 00:58:27 EC7242087D3842F7009B0F33CA431F8A 652800 ----a-w- C:\ProgramData\savinshop\cUrnLPujPP0ndE.exe 2014-11-03 00:48:50 9DA358D1AA240D700C0BF9D474D80D22 643072 ----a-w- C:\ProgramData\SmartCompare\UOn9wtZeDpktZY.exe 2014-11-03 00:48:17 79F9311AC6A5009FEF1A5756A0A529D3 381799 ----a-w- C:\ProgramData\CheapCoupon\CheapCoupon.exe === C: other files ==
|
|
#4
November 3rd, 2014, 03:36 AM
|
|||
|
|||
|
=== C: other files ==
2014-11-02 20:43:16 15CA6C62D47A6E44C57C3E24FD085743 144437 ----a-w- C:\Users\Guest\AppData\Roaming\Tencent\QQ\Misc\com .tencent.wireless\Pictures\QQDataLinePictures.zip 2014-11-01 21:07:22 D412627C714C3750218E2E3B514C948B 7418 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\139.zip 2014-11-01 21:07:21 ED54D4AF98C67F2A2FA950AAC0E905D7 6578 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\138.zip 2014-11-01 21:07:21 043D3A09DC709D0FAEE1A13EFB2CEEB2 8165 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\137.zip 2014-11-01 21:07:20 C9FF13D4888106620F854492BFB2DBB3 7641 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\134.zip 2014-11-01 21:07:20 4D3FFBA9802D56BE7D2A6F43D15CEDC7 8168 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\133.zip 2014-11-01 21:07:19 B41BBC8DE72B0500E58667E4698B071E 9921 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\132.zip 2014-11-01 21:07:18 F1DB7C0F549675B87B8CAAD1BE7D7C22 7261 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\129.zip 2014-11-01 21:07:18 929898347FF22645EB3D0249C0632B7A 7073 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\130.zip 2014-11-01 21:07:17 E9D172C7434DBBBE2739252190AE8874 8325 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\126.zip 2014-11-01 21:07:17 5AFC02C785B3D00ADEDCCA3C106B141E 8028 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\127.zip 2014-11-01 21:07:16 D6650157505B7C0A8D4DC62F760855CB 8719 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\125.zip 2014-11-01 21:07:15 F5EA3BEEF9ED5C9C4BBBD65FC73C74ED 8535 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\123.zip 2014-11-01 21:07:15 093BA8A3CEB6C51EB7C436A2E3126F80 8047 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\124.zip 2014-11-01 21:07:14 A0F426E061F45BE7AEFAB59D56289074 8438 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\122.zip 2014-11-01 21:07:14 3C19AE418C0394E7B0F5F2A1C28AA044 7131 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\120.zip 2014-11-01 21:07:13 45F27FD40BF99D77C9B5C4265D905F30 6565 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\118.zip 2014-11-01 21:07:13 1494EB384EDCE2A1EE139C507DB966AB 8622 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\119.zip 2014-11-01 21:07:12 5E9173160C248D429D2F5D89FBC6526F 8380 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\117.zip 2014-11-01 21:07:11 C7E58A93188030AB9FAF7ED70F04EF3B 7472 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\113.zip 2014-11-01 21:07:11 8263D923046766C3B8409875B1DB128A 8626 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\115.zip 2014-11-01 21:07:10 F9DFC60935F5E0E1800DDAD4CA9B74C0 7165 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\112.zip 2014-11-01 21:07:10 942E0839B6409277FDECD72BEF52B64D 4515 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\111.zip 2014-11-01 21:07:09 80FA7F34D55B0A5437036C189DA54F8E 7381 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\109.zip 2014-11-01 21:07:08 D52EFA513596BE9A2A03BE8D45A6FB85 8735 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\106.zip 2014-11-01 21:07:08 77415BD3E14EF66B0D1027CDFA86FD09 8250 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\107.zip 2014-11-01 21:07:07 655EBE882C651112CEBE072B93BF62AA 8048 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\104.zip 2014-11-01 21:07:07 54E679EC913F26283F84D5C75C24733F 5678 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\105.zip 2014-11-01 21:07:06 2B8D50DE8BA0DE78E1F61DA2312A5C46 7877 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\101.zip 2014-11-01 21:07:05 DDC9E117E97BE180DA084EEE5607EE54 6681 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\99.zip 2014-11-01 21:07:04 4F2CAD15918F43BB34CFACBAACA9B2BB 8790 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\98.zip 2014-11-01 21:07:03 94649437219449587575037CEE0EF699 16424 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\96.zip 2014-11-01 21:07:02 7DC3FFF041256251748258C1C43E8C01 6994 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\95.zip 2014-11-01 21:07:01 B7C3F072560DC78C2BA4CC7A441DE232 7024 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\94.zip 2014-11-01 21:07:01 5496E36AA7B03498DC552CB5267DACEB 7842 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\93.zip 2014-11-01 21:07:00 725DC1520C70A025549E48267F74A5F9 11977 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\92.zip 2014-11-01 21:07:00 4B35070F238776269FECE51CC7C946F8 6834 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\91.zip 2014-11-01 21:06:59 FCCECA7069BD29A2F8303CC53F3EA08C 7988 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\90.zip 2014-11-01 21:06:59 00E373758C2056A3AA42FBBE8F9AB501 26812 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\com. tencent.wireless\Frame\1\FrameIcon.zip 2014-11-01 21:06:58 C4E39D89422D1A8250A1B332A865E92D 7399 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\89.zip 2014-11-01 21:06:58 892B17A680542846E3AE86FDFAA472F5 8005 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\87.zip 2014-11-01 21:06:57 D13A865E7633EB47202D7F9E04C74E5D 7807 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\85.zip 2014-11-01 21:06:57 C521D79A7710B816BA60C66BAD6C6008 7564 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\86.zip 2014-11-01 21:06:56 B1A8EB0D1727B989BCEBA25D68968D4E 8042 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\84.zip 2014-11-01 21:06:55 D9AF3A6A40A97F0D8DB50D819DFCD59C 524977 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\com. tencent.wireless\SDK\26\SDK.zip 2014-11-01 21:06:55 89C6C0DAC0F0AD23F0097C227AF036C9 7597 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\83.zip 2014-11-01 21:06:54 A573512982F9B3F56C41EDA99361A51A 10054 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\82.zip 2014-11-01 21:06:54 1DA7A259C818B7850341D73C49D53ADB 7845 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\81.zip 2014-11-01 21:06:53 F83C1CE73768D8D5E78B11A84D642FBC 8031 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\79.zip 2014-11-01 21:06:53 176723C9D56F3BBA1EFB27AC53799231 7681 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\80.zip 2014-11-01 21:06:52 B264EAEA5352129B6540B480FEC28F42 7818 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\78.zip 2014-11-01 21:06:51 F4A1728C66F891C44A9D3D8A85EFD0F0 7365 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\77.zip 2014-11-01 21:06:50 D69621F14701ED13AC22B3F1E19ED6B1 8462 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\75.zip 2014-11-01 21:06:50 622283DB8370F04DE9839259C28AB304 4944 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\76.zip 2014-11-01 21:06:49 A5BE0A4645404D0EAD0A99E201192543 8722 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\73.zip 2014-11-01 21:06:49 6157E1783B7FBCD66D9E35F6D74EF130 10190 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\74.zip 2014-11-01 21:06:48 6F34FFE78B71FF4B52A1273A956FBA91 10327 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\72.zip 2014-11-01 21:06:47 C061493FA955028A8C0521E6167D9808 9667 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\70.zip 2014-11-01 21:06:47 7DF7A6CCC3B57A4079DDFF3DE8D7371B 8374 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\71.zip 2014-11-01 21:06:46 B31EE11DFB04544302C180F6E436B526 7197 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\68.zip 2014-11-01 21:06:46 8C50AAF9C7AB6F5823B56B653FEE5BEB 8186 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\69.zip 2014-11-01 21:06:45 F2AFDFE83BEFCF701528190E940E7AA0 8726 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\66.zip 2014-11-01 21:06:44 C4DEB51519ED7D05BA2F59C92C8BB0DF 8776 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\63.zip 2014-11-01 21:06:44 B7FAD03EB16CE1036849EED6703D2D2D 8224 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\62.zip 2014-11-01 21:06:43 1A90B18CE7C0B879A6650238AFB64EDD 7338 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\60.zip 2014-11-01 21:06:43 03D63F8D73809BD815BB5A54C4E36600 7215 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\61.zip 2014-11-01 21:06:42 F6D409BD4FF4F05B995E85F3BC1AE88E 8781 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\58.zip 2014-11-01 21:06:42 939E3CD2FAA5083BBBFFACF73BAD1402 8379 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\59.zip 2014-11-01 21:06:41 C23CDC6029A50A7AE31D596432A1D838 10642 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\57.zip 2014-11-01 21:06:40 FD65DFA6B24BC2C256C7CDD440DDCA3A 9576 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\56.zip 2014-11-01 21:06:40 C03FCEEA4ADC577ABF4C4600EA1BA567 7236 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\55.zip 2014-11-01 21:06:39 8F754E608A0E5B9336D6A0096824F4B8 9319 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\53.zip 2014-11-01 21:06:39 0F86D8B4AFDCB4950DFA47213AE1F45F 8948 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\54.zip 2014-11-01 21:06:38 F645B499B535F74F21D9FE6D97767443 9291 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\52.zip 2014-11-01 21:06:37 EFE3C5864F4B0AAFC013DB162C6FA328 16865 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\50.zip 2014-11-01 21:06:37 EA1E77CA49569A917E17E4E60781EF41 9656 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\51.zip 2014-11-01 21:06:36 7473898F6FDD7D14E948C0D7527E75C1 8641 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\49.zip 2014-11-01 21:06:35 30B3E16B4B194FC575D46407E070A413 8247 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\47.zip 2014-11-01 21:06:35 183C549B2BDCAFA3A336926B9A8F73D9 7397 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\48.zip 2014-11-01 21:06:34 074D04CE58C88C3CFF28E9D2B2F216D7 18089 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\46.zip 2014-11-01 21:06:33 3B6882FF40C762C752B536AB371D9A68 8999 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\44.zip 2014-11-01 21:06:33 058078CE0F452A2B297A8B989CEBE2D9 8748 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\45.zip 2014-11-01 21:06:32 9B528695C024CEC658D5A90BE98C1BBA 11145 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\43.zip 2014-11-01 21:06:31 28FDB9EAC2AC47D84C1F561E8CDBE0D2 9058 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\42.zip 2014-11-01 21:06:31 0187C7D3670B10E21919ECB7440E4FCF 15034 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\41.zip 2014-11-01 21:06:30 4EE041353380604D1A0C632B100D5B78 10223 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\40.zip 2014-11-01 21:06:29 AC475493C6AA42B06D9705984303982D 8387 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\38.zip 2014-11-01 21:06:29 194B70B1E1039F217392C649249C7A83 8711 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\39.zip 2014-11-01 21:06:28 D80A54927DAB6650CA1A305464323430 9124 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\37.zip 2014-11-01 21:06:28 90BDC99D597806698819199AC4946614 7825 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\36.zip 2014-11-01 21:06:27 7C286539974CB57988646BD4F6B5E6E0 8172 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\35.zip 2014-11-01 21:06:27 6899B276C2B62D4A4FBBA64FED2E2FA7 1561534 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\Emoj i\6899B276C2B62D4A4FBBA64FED2E2FA7.zip 2014-11-01 21:06:26 907E565AC66250A8F466CC0A2762D39E 7134 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\34.zip 2014-11-01 21:06:26 186C3646BDAE29AE5DCF4F0B458D5F94 11908 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\30.zip 2014-11-01 21:06:25 4FAF6EC279A67F1DCB21A9A4B85A7F6D 10185 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\28.zip 2014-11-01 21:06:25 1BB8F8D7D486CE884DAAC005D2D68DFB 7571 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\29.zip 2014-11-01 21:06:24 C2F694A78E5CFA97722F7429AB570867 10144 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\27.zip 2014-11-01 21:06:23 8B8443F49D4EC1BA92CAB7F64E0E66DA 8001 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\25.zip 2014-11-01 21:06:23 53C0BDBB3C41998D3DE60D5C25BCACAE 7293 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\26.zip 2014-11-01 21:06:22 096BCEDFF74EBC5E9DB4E0A3E1B99C09 7282 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\24.zip 2014-11-01 21:06:21 1FCE43EB8D30C5A717967F9572EBAB6A 27658 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\23.zip 2014-11-01 21:06:20 D66595BD1E8B5ED29B4741EDAD3A7924 7865 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\20.zip 2014-11-01 21:06:20 8C4F83B0CD33EA7E31048D5EF80340ED 8799 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\21.zip 2014-11-01 21:06:19 4627A6F6FF6A13F88ED1450C59473660 13009 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\18.zip 2014-11-01 21:06:19 2A9E23B7291FA025DFD2C0FA88EA422D 8780 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\19.zip 2014-11-01 21:06:18 C874F69FBA185B8B5355D2B0802C8387 8375 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\17.zip 2014-11-01 21:06:17 592A67845E010682354555F6BEE8FC58 7990 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\16.zip 2014-11-01 21:06:17 3A10E6C33B2241ABC2EAF9B874AAFD5B 8076 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\14.zip 2014-11-01 21:06:16 C7B4FEAACE08B2895B4A5E637EAF6603 7140 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\12.zip 2014-11-01 21:06:16 6EE96955B1AF3D7101335B8153087264 7729 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\13.zip 2014-11-01 21:06:15 532B96B571B0D25F8A3FF90B14D674AF 7367 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\11.zip 2014-11-01 21:06:14 3B1CF1FA2F596540EF7B8921959B57B5 10321 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\10.zip 2014-11-01 21:06:13 8B663D3683D1969365144CC06B18D94B 7457 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\9.zip 2014-11-01 21:06:13 2F44D7E1609693E4D5D63AB676776B0B 8088 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\8.zip 2014-11-01 21:06:12 B156F862573ADF29FE43BD2E4832623F 7893 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\7.zip 2014-11-01 21:06:11 E2FA88AD378AC481BEA6E980271B7827 7921 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\6.zip 2014-11-01 21:06:11 9F1510518E900809C3E79BC8C45A1824 8051 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\5.zip 2014-11-01 21:06:10 8A8781FB7A5C89BE050E587C2734B937 8659 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\4.zip 2014-11-01 21:06:09 91A18DD48A4AA0E20F1D07741A2F9216 9605 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\3.zip 2014-11-01 21:06:08 C3D51F6AF4E2AAADA0662666E2D1F6EF 8692 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\1.zip 2014-11-01 21:06:08 38ABA1CD93BC3D5A3B4B9BDA217CEC9F 8321 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\2.zip 2014-11-01 21:06:05 BFDF4405F1B7188873CAD0A18E7DB6D3 2669833 ----a-w- C:\Users\TEMP\Documents\Tencent Files\All Users\QQ\Misc\FilterResDownload.zip 2014-11-01 21:05:52 7B091E51DE7F9FF468E6FB11C4F53E75 73903 ----a-w- C:\Users\TEMP\AppData\Roaming\Tencent\QQ\Misc\Clie ntType\ClientType.zip 2014-10-27 01:37:19 D412627C714C3750218E2E3B514C948B 7418 ----a-w- C:\Users\User\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\139.zip 2014-10-27 01:37:18 ED54D4AF98C67F2A2FA950AAC0E905D7 6578 ----a-w- C:\Users\User\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\138.zip 2014-10-27 01:37:17 C9FF13D4888106620F854492BFB2DBB3 7641 ----a-w- C:\Users\User\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\134.zip 2014-10-27 01:37:17 043D3A09DC709D0FAEE1A13EFB2CEEB2 8165 ----a-w- C:\Users\User\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\137.zip 2014-10-27 01:37:16 B41BBC8DE72B0500E58667E4698B071E 9921 ----a-w- C:\Users\User\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\132.zip 2014-10-27 01:37:16 4D3FFBA9802D56BE7D2A6F43D15CEDC7 8168 ----a-w- C:\Users\User\AppData\Roaming\Tencent\QQ\Misc\MsgB ubble\133.zip ======== System Restore Points ======== RP836: 11/1/2014 5:11:18 PM - Restore Operation RP837: 11/1/2014 5:23:01 PM - Windows Update RP838: 11/1/2014 9:53:11 PM - Restore Operation RP839: 11/1/2014 10:05:58 PM - Windows Update RP841: 11/2/2014 7:15:02 PM - Windows Update RP840: 11/2/2014 8:02:14 PM - Restore Operation RP842: 11/2/2014 8:17:33 PM - zoek.exe restore point ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2177660584-1067987771-2149399201-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Search Protection"="C:\Program Files (x86)\Yahoo\Search Protection\SearchProtection.exe" "QQ2009"="C:\Program Files (x86)\QQ\Africa2003\QQProtect\Bin\QQProtect.exe /background" "KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDL R.exe" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDL R.exe" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" "NextLive"="C:\Windows\SysWOW64\rundll32.exe C:\Users\User\AppData\Roaming\newnext.me\nengine.d ll,EntryPoint -m l" "BitTorrent"="C:\Users\User\AppData\Roaming\BitTor rent\BitTorrent.exe /MINIMIZED" "Itibiti.exe"="C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOn ce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOn ce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOn ce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "TV Card Remote Control Device Monitor"="C:\Windows\3xHybridRMT.exe" "YSearchProtection"="C:\Program Files (x86)\Yahoo\Search Protection\SearchProtection.exe" "Seagate Dashboard"="C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui" "WD Drive Unlocker"="C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" "WD Quick View"="C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run] "Search Protection"="C:\Program Files (x86)\Yahoo\Search Protection\SearchProtection.exe" "QQ2009"="C:\Program Files (x86)\QQ\Africa2003\QQProtect\Bin\QQProtect.exe /background" "KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDL R.exe" "KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload" @="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDL R.exe" "GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" "NextLive"="C:\Windows\SysWOW64\rundll32.exe C:\Users\User\AppData\Roaming\newnext.me\nengine.d ll,EntryPoint -m l" "BitTorrent"="C:\Users\User\AppData\Roaming\BitTor rent\BitTorrent.exe /MINIMIZED" "Itibiti.exe"="C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~3\\perfor~1\\perfor~1.d ll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" "Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~3\\PERFOR~1\\PERFOR~2.D LL" ==== Startup Folders ====================== 2014-05-08 02:02:42 1047 ----a-w- C:\Users\User\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\Dropbox.lnk 2011-07-07 01:49:19 993 ----a-w- C:\Users\User\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\Socialbox.lnk 2010-01-19 07:34:13 2124 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scheduler for OEM.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\AAJ.job --a------ C:\Users\User\AppData\Roaming\AAJ.exe [10/18/2014 03:05 AM] C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [09/23/2014 07:50 PM] C:\Windows\tasks\File Helper.job --a------ C:\Program Files (x86)\File Helper\1.1.0.10\FileHelper.exe [] C:\Windows\tasks\MySearchDial.job --a------ C:\Users\User\AppData\Roaming\MYSEAR1\UPDATE1\UPDA TE1.exe [] C:\Windows\tasks\PMIXB.job --a------ C:\Users\User\AppData\Roaming\PMIXB.exe [10/18/2014 03:04 AM] C:\Windows\tasks\QQBrowser Udpater Task(Core).job --a------ C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe [08/15/2014 05:24 AM] C:\Windows\tasks\QQBrowser Udpater Task.job --a------ C:7C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe] "C:\Windows\SysNative\tasks\DTChk" [C:\Users\Public\Util\DTChk.exe] "C:\Windows\SysNative\tasks\DTReg" [\DefaultTab\DefaultTab\DTReg.exe] "C:\Windows\SysNative\tasks\File Helper" [C:\Program Files (x86)\File Helper\1.1.0.10\FileHelper.exe] "C:\Windows\SysNative\tasks\LaunchSignup" [C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe] "C:\Windows\SysNative\tasks\MySearchDial" [C:\Users\User\AppData\Roaming\MYSEAR~1\UPDATE~1\UP DATE~1.EXE] "C:\Windows\SysNative\tasks\ProPCCleaner_Popup " [C:\Program Files (x86)\Pro PC Cleaner\Splash.exe] "C:\Windows\SysNative\tasks\ProPCCleaner_Start " [C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe] "C:\Windows\SysNative\tasks\QQBrowser Udpater Task" [C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe] "C:\Windows\SysNative\tasks\QQBrowser Udpater Task(Core)" [C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe] "C:\Windows\SysNative\tasks\RealDownloaderDownload erScheduledTaskS-1-5-21-2177660584-1067987771-2149399201-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager .exe] "C:\Windows\SysNative\tasks\RealDownloaderRealUpgr adeLogonTaskS-1-5-21-2177660584-1067987771-2149399201-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe] "C:\Windows\SysNative\tasks\RealDownloaderRealUpgr adeScheduledTaskS-1-5-21-2177660584-1067987771-2149399201-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeL ogonTaskS-1-5-21-2177660584-1067987771-2149399201-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeS cheduledTaskS-1-5-21-2177660584-1067987771-2149399201-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealUpgradeLogonTa skS-1-5-21-2177660584-1067987771-2149399201-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealUpgradeScheduledTa skS-1-5-21-2177660584-1067987771-2149399201-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronizat ion-{2C0D299B-144D-4A5D-9D32-3082C8C96FB1}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\{2ABEE0D2-E289-4912-9E5C-3857853F4D17}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://www.skype.com/go/downloading?...;LastError=-9] "C:\Windows\SysNative\tasks\{2F47584F-E3C2-4B41-9513-E2AB415CBD44}" ["c:\program files (x86)\mozilla firefox\firefox.exe"] "C:\Windows\SysNative\tasks\{77FD701C-783C-41F7-8E13-088DB77BAA7D}" ["c:\program files (x86)\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.0.105/e...astError=1603] "C:\Windows\SysNative\tasks\{806DC045-17FD-4E41-AA3D-1C9CEAC2E56D}" ["c:\program files (x86)\mozilla firefox\firefox.exe"] "C:\Windows\SysNative\tasks\{A399CE89-A0CB-46BE-AF74-F03F17FDFBE9}" [C:\Program Files (x86)\Mozilla Firefox\firefox.exe] "C:\Windows\SysNative\tasks\Funshion\FSPlatfor m" [C:\Users\User\funshion\funshiontools\FSPAP.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Fi refox\Extensions] "ext@TrustMediaViewerV1alpha3196.net"="C:\Prog ram Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha31 96\ff" [] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\a5uzyuh9.default - Undetermined - C:\Program Files (x86)\EZ YouTube Video Downloader\{8167E8F2-A770-4EFB-BA53-8A511051CD9B} - downloaditkeep - %ProfilePath%\extensions\F@Kuo4fjC4Sl.com - deal2dealit - %ProfilePath%\extensions\HXWKV7mf9@O.org - SoftCoup - %ProfilePath%\extensions\oPP@O77oXRM9.org - Undetermined - %ProfilePath%\extensions\staged - MySearchDial - %ProfilePath%\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default - Undetermined - artur.dubovoy@gmail.com - Undetermined - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - Undetermined - 0b105cbff1eb40b89bca7dae371d@7ead239...13ab38e f.com - HD-Quality-v3V15.10 - %ProfilePath%\extensions\0b105cbff1eb40b89bca7dae3 71d@7ead239035fb4613ab38ef.com - Flash Video Downloader - YouTube Full HD Download - %ProfilePath%\extensions\artur.dubovoy@gmail.com - savinshop - %ProfilePath%\extensions\b@oq.com - diownlouaditkoeep - %ProfilePath%\extensions\ek9bdxtta@hxhioyadr.org - Linkey for Firefox - %ProfilePath%\extensions\extension@linkeyproject.c om - downloaditkeep - %ProfilePath%\extensions\F@Kuo4fjC4Sl.com - deal2dealit - %ProfilePath%\extensions\HXWKV7mf9@O.org - SoftCoup - %ProfilePath%\extensions\oPP@O77oXRM9.org - DIIscOuuntLoocatooRR - %ProfilePath%\extensions\rd@sfploya.com - Groovorio - %ProfilePath%\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e} - DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} - Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_ 152.dll - Shockwave Flash 555E65306A5D3A5978BE74E1DD62CDD9 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) E32771B0AE3F18CEFFC12D682025238A - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll - RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensio ns dedmngkbaffkenlfdcbganndoghblmap - C:\Program Files (x86)\BetterSurf\ch\Chrome.crx[] enkcdbianjpmooflgafnppaiopocgphn - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4901\ch\MediaVie wV1alpha4901.crx[] gkjghgacioggbhkobbahfldjjjhgpgaf - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha31 96\ch\TrustMediaViewerV1alpha3196.crx[] haomhjnokhmmancfkbpofmbgncbbidoj - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home3738\ch\MediaWa tchV1home3738.crx[] hbcennhacfaagdopikcegfcobcadeocj - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx[10/14/2013 10:11 AM] icdlfehblmklkikfigmjhbmmpmkmpooj - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx[12/27/2013 11:08 AM] ihdddaajfmlbfdgagekkhboffopgbhba - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1696\ch\Medi aViewerV1alpha1696.crx[] klfnfpodkdigdbgdeafmijdkbhcjcjbm - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode6574\ch\MediaBuzz V1mode6574.crx[] mhkaekfpcppmmioggniknbnbdbcigpkk - C:\Users\User\AppData\Local\Slick Savings\coupons.crx[02/10/2014 04:12 AM] mmifolfpllfdhilecpdpmemhelmanajl - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus. crx[] pfndaklgolladniicklehhancnlgocpp - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx[11/22/2012 03:00 PM] poheodfamflhhhdcmjfeggbgigeefaco - C:\Program Files (x86)\Better-Surf\ch\Chrome.crx[] saveitkeep. - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdejkbjodhnnhggnmoomgdcnfd kjkedc The Fancy Pants Adventure World 1 - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckcgalhncgkicdlhojcalmjcjh ndldpl Bubble Elements - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcijkonhppildbjgkdaglmeoee mcldha SoftCoup - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffcflogokbmnibgjodfffkknla ochlip Adobe Edge Inspect CC - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoeapleklopieoejahbpdnhkj jgddem RealPlayer HTML5Video Downloader Extension - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjf jnkonk rikaikun - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpce bammhp FullScreen for GoogleMaps - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapgobifldgnkpcgoejmkfoemk ajilcj saveitkeep. - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\liebmhjfknmhhdoikhbjljmobd mlddmf Pink My Facebook - User\AppData\Local\Google\Chrome\User Data\Default\Extensions\okcdpfndmnjdijikpehblfeanc ekjcgo ==== Chromium Startpages ====================== C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://searchy.easylifeapp.com/", ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://searchy.easylifeapp.com/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://searchy.easylifeapp.com/" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\ Internet Explorer\Main] "Start Page"="http://searchy.easylifeapp.com/" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Mysearchdial Url="http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites01_14_18_i e&cd=2XzuyEtN2Y1L1QzutDtDtByCtCzz0EtD0DyDyDyEyD0Cz zyCtN0D0Tzu0SzzyDtAtN1L2XzutBtFtBtDtFyCtFtDtN1L1Cz utCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtAzztBtAz yyD0DtG0CyEtC0EtG0B0DzytDtGyDyByByBtGyB0E0DyCzy0A0 C0B0BtD0CtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtC0AyDtA0F0 E0EtG0CzyyDtBtGtBzz0D0FtGyEzytC0AtGyCtDyEtDyBtB0C0 CtAyD0ByB2Q&cr=1836080896&ir=" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Astromenda Url="http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfx_14_42_i e&cd=2XzuyEtN2Y1L1QzutDtDtByCtCzz0EtD0DyDyDyEyD0Cz zyCtN0D0Tzu0StCtDtBtDtN1L2XzutAtFtBtFtCtFyDtN1L1Cz utCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0ByEyC0Ez y0EtBtG0FzztC0DtGtAyD0BtCtG0B0Bzy0BtGtByC0Fzy0ByCy Ezz0FyCyEtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FzyyCzzyCtCt BtBtG0EtCtByCtGyE0AtAtAtGzytAyEzztGyD0FyDyD0BzytC0 DzzzytDtD2Q&cr=608110676&ir=" {1C94E3DD-1AB1-4428-83EE-E366A003E3C4} Search Url="http://search.conduit.com/Results.aspx?ctid=CT3300018&SearchSource=45&UM=2&q ={searchTerms}" {1FF7973D-AB0A-496d-82C1-4EADBBA11E7B} ?? Url="http://www.soso.com/q?sc=web&cid=tb.ub&w={searchTerms}&gid=PgK57Ny!ypl 3c1Ri2WYngB0l1085tNk4&lr=&ie={inputEncoding}&unc=x 400443_1" {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} Groovorio Url="http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_otbrw3_14_35 &cd=2XzuyEtN2Y1L1QzutDtDtByCtCzz0EtD0DyDyDyEyD0Czz yCtN0D0Tzu0StCtDtCtDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu 1N1C2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V 1N2Y1L1Qzu2StC0ByEyC0Ezy0EtBtG0FzztC0DtGtAyD0BtCtG 0B0Bzy0BtGtByC0Fzy0ByCyEzz0FyCyEtB2QtN1M1F1B2Z1V1N 2Y1L1Qzu2S0FzyyCzzyCtCtBtBtG0EtCtByCtGyE0AtAtAtGzy tAyEzztGyD0FyDyD0BzytC0DzzzytDtD2Q&cr=1116271793&i r=" {4B44FE6A-4CC4-484A-B66B-5188CB8D7175} Vafmusic6 Customized Web Search Url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT3302999&CUI=UN20607995132392108&UM=2" {77AA745B-F4F8-45DA-9B14-61D2D95054C8} Conduit Search Url="http://search.conduit.com/Results.aspx?ctid=CT3317782&octid=EB_ORIGINAL_CTID &SearchSource=58&CUI=&UM=4&UP=SP272D13DB-BB6E-4626-85F4-E69296851166&q={searchTerms}&SSPV=" {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} default-search.net Url="http://www.default-search.net/search?sid=476&aid=123&itype=n&ver=13892&tm=482&sr c=ds&p={searchTerms}" {9CD4B6E9-DFE7-4B63-B944-D125FC550CD4} Yahoo Url="http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}" {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} ????,???? Url="http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEn coding}&abar=2&tn=82068094_3_adr" {CC865B26-C31D-4D23-B17B-96548EEF03F6} Astromenda Url="http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfx_14_40_i e&cd=2XzuyEtN2Y1L1QzutDtDtByCtCzz0EtD0DyDyDyEyD0Cz zyCtN0D0Tzu0StCtDtDzztN1L2XzutAtFtBtFtCtFyDtN1L1Cz utCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StC0ByEyC0Ez y0EtBtG0FzztC0DtGtAyD0BtCtG0B0Bzy0BtGtByC0Fzy0ByCy Ezz0FyCyEtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FzyyCzzyCtCt BtBtG0EtCtByCtGyE0AtAtAtGzytAyEzztGyD0FyDyD0BzytC0 DzzzytDtD2Q&cr=1606058413&ir=" {DECA3892-BA8F-44b8-A993-A466AD694AE4} Yahoo! Url="http://ca.search.yahoo.com/search?p={searchTerms}" ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on Sun 11/02/2014 at 20:28:32.19 ======================
|
|
#5
November 4th, 2014, 01:03 AM
|
||||
|
||||
|
Hi Simple plus Naive,
There are many malware in the system ------------------------------------------------------------------------- Do you use Yahoo software ? If you do not use, please your uninstall Yahoo BrowserPlus 2.9.8 Yahoo Messenger Yahoo Search Protection Yahoo Software Update ------------------------------------------------------------------------ Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists: Please uninstall the following applications: EZ YouTube Video Downloader BitTorrent BitTorrentBar Toolbar CheapCoupon Adobe Reader 9 Conduit Engine Defaulttab MyFreeCodec Performance Optimizer Spybot - Search & Destroy 1.2 Tencent globalUpdate SmartCompare websaver ver7SpeeditUp DisccountLocator Super Optimizer Performance Optimizer doWnloaditkeep Driver Pro SuperManCoupon savinshop CheapCoupon SoftCoup websaver soso C:\Program Files\Tencent C:\Program Files (x86)\EZ YouTube Video Downloader ------------------------------------------------------------------------- Please do steps in order . Step1: Please download AdwCleaner by Xplode onto your desktop.
Please download Junkware Removal Tool to your desktop.
Please download ZHPcleaner to your desktop.
Scan with Malwarebytes Antimalware: Please download Malwarebytes Anti-Malware to your desktop.
Download TFC to your desktop
Next, download ComboFix Save to the Desktop
Have a nice day.
|
|
#6
November 4th, 2014, 04:47 AM
|
|||
|
|||
|
I wasn't able to delete some of the programs you said at the beginning.
# AdwCleaner v3.311 - Report created 03/11/2014 at 22:38:28 # Updated 30/09/2014 by Xplode # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) # Username : User - USER-PC # Running from : C:\Users\User\Desktop\adwcleaner_3.311.exe # Option : Clean ***** [ Services ] ***** Service Deleted : DefaultTabUpdate [#] Service Deleted : FunshionSvr [#] Service Deleted : nethfdrv [#] Service Deleted : NethxxpService Service Deleted : Scores [#] Service Deleted : ServiceUpdater Service Deleted : {6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64 Service Deleted : {e9bebce7-deb3-4ab9-896c-549739f208c5}Gw64 ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\374311380 Folder Deleted : C:\ProgramData\baidu Folder Deleted : C:\ProgramData\Conduit Folder Deleted : C:\ProgramData\IBUpdaterService Folder Deleted : C:\ProgramData\tencent Folder Deleted : C:\ProgramData\TVWizard Folder Deleted : C:\ProgramData\VisualBee Folder Deleted : C:\ProgramData\CheapCoupon Folder Deleted : C:\ProgramData\DisccountLocator Folder Deleted : C:\ProgramData\savinshop Folder Deleted : C:\ProgramData\SmartCompare Folder Deleted : C:\ProgramData\SoftCoup Folder Deleted : C:\ProgramData\SuperManCoupon Folder Deleted : C:\ProgramData\websaver Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip Folder Deleted : C:\Program Files (x86)\baidu Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\Driver Pro Folder Deleted : C:\Program Files (x86)\Funshion Online Folder Deleted : C:\Program Files (x86)\globalUpdate Folder Deleted : C:\Program Files (x86)\GreenTree Applications Folder Deleted : C:\Program Files (x86)\Mobogenie Folder Deleted : C:\Program Files (x86)\predm Folder Deleted : C:\Program Files (x86)\tencent Folder Deleted : C:\Program Files (x86)\DisccountLocator Folder Deleted : C:\Program Files (x86)\savinshop Folder Deleted : C:\Program Files (x86)\SmartCompare Folder Deleted : C:\Program Files (x86)\websaver Folder Deleted : C:\Program Files (x86)\Common Files\Spigot Folder Deleted : C:\Program Files (x86)\Common Files\tencent Folder Deleted : C:\Windows\SysWOW64\tencent Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\tencent Folder Deleted : C:\Users\User\AppData\Local\Astromenda Folder Deleted : C:\Users\User\AppData\Local\Conduit Folder Deleted : C:\Users\User\AppData\Local\genienext Folder Deleted : C:\Users\User\AppData\Local\lollipop Folder Deleted : C:\Users\User\AppData\Local\Mobogenie Folder Deleted : C:\Users\User\AppData\Local\Slick Savings Folder Deleted : C:\Users\User\AppData\Local\SwvUpdater Folder Deleted : C:\Users\User\AppData\Local\tencent Folder Deleted : C:\Users\User\AppData\Local\TVWizard Folder Deleted : C:\Users\User\AppData\Local\VisualBeeExe Folder Deleted : C:\Users\User\AppData\Local\tuto4pc_fr_13 Folder Deleted : C:\Users\User\AppData\LocalLow\baidu Folder Deleted : C:\Users\User\AppData\LocalLow\Conduit Folder Deleted : C:\Users\User\AppData\LocalLow\DataMngr Folder Deleted : C:\Users\User\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\User\AppData\LocalLow\tencent Folder Deleted : C:\Users\User\AppData\Roaming\defaulttab Folder Deleted : C:\Users\User\AppData\Roaming\Driver Pro Folder Deleted : C:\Users\User\AppData\Roaming\FirefoxToolbar Folder Deleted : C:\Users\User\AppData\Roaming\freegames4357 Folder Deleted : C:\Users\User\AppData\Roaming\Mysearchdial Folder Deleted : C:\Users\User\AppData\Roaming\newnext.me Folder Deleted : C:\Users\User\AppData\Roaming\PerformerSoft Folder Deleted : C:\Users\User\AppData\Roaming\SearchProtect Folder Deleted : C:\Users\User\AppData\Roaming\speedtest4354 Folder Deleted : C:\Users\User\AppData\Roaming\Systweak Folder Deleted : C:\Users\User\AppData\Roaming\tencent Folder Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\tencent Folder Deleted : C:\Users\User\Documents\Mobogenie Folder Deleted : C:\Users\User\Documents\Optimizer Pro Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e} Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\Extensions\extension@linkeyp roject.com Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\Extensions\b@oq.com Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\Extensions\oPP@O77oXRM9.org Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\Extensions\rd@sfploya.com Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdejkbjodhnnhggnmoomgdcnfd kjkedc Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffcflogokbmnibgjodfffkknla ochlip Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\liebmhjfknmhhdoikhbjljmobd mlddmf File Deleted : C:\END File Deleted : C:\Users\Public\Desktop\Funshion.lnk File Deleted : C:\Windows\score.exe File Deleted : C:\Windows\System32\roboot64.exe File Deleted : C:\Windows\System32\drivers\{6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64.sys File Deleted : C:\Windows\System32\drivers\{e9bebce7-deb3-4ab9-896c-549739f208c5}Gw64.sys File Deleted : C:\Users\User\daemonprocess.txt File Deleted : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk File Deleted : C:\Users\User\Desktop\Continue Live Installation.lnk File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\invalidprefs.js File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\searchplugins\default-search.xml File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\searchplugins\Groovorio.xml File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\searchplugins\trovi-search.xml File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\user.js ***** [ Scheduled Tasks ] ***** Task Deleted : DTChk Task Deleted : DTReg Task Deleted : LaunchSignup Task Deleted : MySearchDial ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [12x3q@3244516.com] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ext@bettersurfplus.com] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [xz123@ya456.com] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaff kenlfdcbganndoghblmap Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfa agdopikcegfcobcadeocj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmk lkikfigmjhbmmpmkmpooj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcpp mmioggniknbnbdbcigpkk Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgoll adniicklehhancnlgocpp Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamfl hhhdcmjfeggbgigeefaco Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\easylifeapp.com Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Search Protection] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Deleted : HKLM\SOFTWARE\Classes\BaiduBarEx.BDHomePage Key Deleted : HKLM\SOFTWARE\Classes\BaiduBarEx.BDHomePage.4 Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrow ser Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrow ser.1 Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrow serActiveX Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrow serActiveX.1 Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManage r Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManage r.1 Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProt ector_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProt ector_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI 32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_R ASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_ RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI3 2 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANC S Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi 32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\tencentdl_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetu p_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RAS API32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RAS MANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasa pi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasm ancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasap i32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasma ncs Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO Key Deleted : HKLM\SOFTWARE\Classes\DiSceountLocator.DiSceountLo cator Key Deleted : HKLM\SOFTWARE\Classes\DiSceountLocator.DiSceountLo cator.3.15 Key Deleted : HKLM\SOFTWARE\Classes\SmartCompare.SmartCompare Key Deleted : HKLM\SOFTWARE\Classes\SmartCompare.SmartCompare.9 Key Deleted : HKLM\SOFTWARE\Classes\. Key Deleted : HKLM\SOFTWARE\Classes\..9 Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3286042 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287803 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3302999 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader 21082[1]_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader 21082[1]_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6517DD27-EA6F-4947-9DEA-F9C487BB1020} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{77FEF28E-EB96-44FF-B511-3185DEA48697} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83335675-FCF0-45CE-A9E6-38C150EFBE63} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7F05EE4-0426-454F-8013-C41E3596E9E9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B580CF65-E151-49C3-B73F-70B13FCA8E86} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EAAED308-7322-4B9B-965E-171933ADD473} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2DD14E1D-F3D9-B47A-0264-A0AE4B62C2F3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54dc5b7a-f2c3-4836-8a28-50beb3b8aa6f} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{d0bb32fd-f809-4c52-8bc6-d56af3c5e954} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{251DA1A7-5700-41FC-8129-9099B4B7E4D3} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{29A32150-EA24-42C2-882E-879152560C1E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6517DD27-EA6F-4947-9DEA-F9C487BB1020} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{77FEF28E-EB96-44FF-B511-3185DEA48697} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{B580CF65-E151-49C3-B73F-70B13FCA8E86} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{EAAED308-7322-4B9B-965E-171933ADD473} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{54dc5b7a-f2c3-4836-8a28-50beb3b8aa6f} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{d0bb32fd-f809-4c52-8bc6-d56af3c5e954} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{2977C29A-6723-4436-90BB-F7C5FDEF88A1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{4ADBABBD-E1CA-4F11-BD01-73B0B6E4B5BA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{51420F88-4D4A-4042-9509-8D4E1307910E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{54739D49-AC03-4C57-9264-C5195596B3A1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{77FEF28E-EB96-44FF-B511-3185DEA48697} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{B580CF65-E151-49C3-B73F-70B13FCA8E86} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{2DD14E1D-F3D9-B47A-0264-A0AE4B62C2F3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{54dc5b7a-f2c3-4836-8a28-50beb3b8aa6f} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{d0bb32fd-f809-4c52-8bc6-d56af3c5e954} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{2DD14E1D-F3D9-B47A-0264-A0AE4B62C2F3} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{54dc5b7a-f2c3-4836-8a28-50beb3b8aa6f} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{d0bb32fd-f809-4c52-8bc6-d56af3c5e954} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B580CF65-E151-49C3-B73F-70B13FCA8E86}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2DD14E1D-F3D9-B47A-0264-A0AE4B62C2F3} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{54dc5b7a-f2c3-4836-8a28-50beb3b8aa6f} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{d0bb32fd-f809-4c52-8bc6-d56af3c5e954} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346} Key Deleted : HKCU\Software\Bitberry Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Default Tab Key Deleted : HKCU\Software\DefaultTab Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Linkey Key Deleted : HKCU\Software\lollipop Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\performersoft llc Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\SoftwareUpdater Key Deleted : HKCU\Software\SweetIM Key Deleted : HKCU\Software\systweak Key Deleted : HKCU\Software\Tencent Key Deleted : HKCU\Software\Tutorials Key Deleted : HKCU\Software\TutoTag Key Deleted : HKCU\Software\visualbee Key Deleted : HKCU\Software\WEDLMNGR Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\Tencent Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContai ner Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchSco pes Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep Key Deleted : HKCU\Software\AppDataLow\Software\Re_Markit Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\Tencent Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} Key Deleted : HKLM\SOFTWARE\BetterSurf Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\Default Tab Key Deleted : HKLM\SOFTWARE\FreeSoftToday Key Deleted : HKLM\SOFTWARE\GlobalUpdate Key Deleted : HKLM\SOFTWARE\MediaBuzzV1 Key Deleted : HKLM\SOFTWARE\MediaPlayerV1 Key Deleted : HKLM\SOFTWARE\MediaViewerV1 Key Deleted : HKLM\SOFTWARE\MediaViewV1 Key Deleted : HKLM\SOFTWARE\MediaWatchV1 Key Deleted : HKLM\SOFTWARE\SmdmF Key Deleted : HKLM\SOFTWARE\SweetIM Key Deleted : HKLM\SOFTWARE\systweak Key Deleted : HKLM\SOFTWARE\Tencent Key Deleted : HKLM\SOFTWARE\TrustMediaViewerV1 Key Deleted : HKLM\SOFTWARE\Tutorials Key Deleted : HKLM\SOFTWARE\Uniblue Key Deleted : HKLM\SOFTWARE\Upt Key Deleted : HKLM\SOFTWARE\VBMZ Key Deleted : HKLM\SOFTWARE\visualbee Key Deleted : HKLM\SOFTWARE\XTRM Group Ltd. Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\DefaultTab Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\inethnfd Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ Key Deleted : [x64] HKLM\SOFTWARE\Upt ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] -\\ Mozilla Firefox v33.0 (x86 en-US) [ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js ] Line Deleted : user_pref("browser.search.defaultenginename", "Trovi search"); Line Deleted : user_pref("extensions.26jLQ.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...] Line Deleted : user_pref("extensions.7aJJ5KAHRFFRJe8J.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...] Line Deleted : user_pref("extensions.Rwy.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...] Line Deleted : user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb._ _ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.c o.uk%22%2C%22a[...] Line Deleted : user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb.m onetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfile s.com%22%5D[...] Line Deleted : user_pref("extensions.crossrider.bic", "14929790b0e008fcb77e682cc6803fee"); Line Deleted : user_pref("extensions.uFds5wtTyHwnoQqI.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...] -\\ Google Chrome v [ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [Startup_urls] : hxxp://searchy.easylifeapp.com/ Deleted [Homepage] : hxxp://searchy.easylifeapp.com/ Deleted [Extension] : cdejkbjodhnnhggnmoomgdcnfdkjkedc Deleted [Extension] : dcpfhaghaadpjpgocojgnlhjcieeooel Deleted [Extension] : ffcflogokbmnibgjodfffkknlaochlip Deleted [Extension] : jljheddigenhleadfofeccneimcmlefp Deleted [Extension] : liebmhjfknmhhdoikhbjljmobdmlddmf Deleted [Extension] : mnanplinmmnjhobaliikmelmmjpoogkb ************************* AdwCleaner[R0].txt - [27902 octets] - [03/11/2014 22:37:18] AdwCleaner[S0].txt - [26712 octets] - [03/11/2014 22:38:28] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26773 octets] ##########
|
|
#7
November 4th, 2014, 05:01 AM
|
|||
|
|||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu Version: 6.3.5 (10.31.2014:1) OS: Windows 7 Ultimate x64 Ran by User on Mon 11/03/2014 at 22:50:25.31 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~ ~~~ Services Successfully stopped: [Service] baiduupdater Successfully deleted: [Service] baiduupdater ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pric epeep_50001_1001_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\ Tracing\pricepeep_50001_1001_RASAPI32 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1C94E3DD-1AB1-4428-83EE-E366A003E3C4} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1FF7973D-AB0A-496d-82C1-4EADBBA11E7B} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4B44FE6A-4CC4-484A-B66B-5188CB8D7175} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} ~~~ Files Successfully deleted: [File] "C:\Users\User\funshion.ini" ~~~ Folders Successfully deleted: [Folder] C:\ProgramData\doWnloaditkeep Successfully deleted: [Folder] "C:\ProgramData\baidu security" Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\baidu security" Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\tencent" Successfully deleted: [Folder] "C:\Users\User\appdata\local\pro_pc_cleaner" Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\funshion" Successfully deleted: [Folder] "C:\Users\User\documents\propccleaner" Successfully deleted: [Folder] "C:\Users\User\funshion" ~~~ FireFox Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\prof iles\1sez4bq8.default\prefs.js user_pref("extensions.7aJJ5KAHRFFRJe8J.url", "hxxp://jobsidies.net/sync/?q=C6qUojwErjw9rTUHpda4pdY6qds4pda8tMZPhd9FqjUEpdg 7qjC9qTkHqdg7rHU8qchGheDUojw9rjaHrdaGrjw8qGhZhMg0p ds9 user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb._ _ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb.m onetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22% Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\prof iles\1sez4bq8.default\minidumps [9 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~ Scan was completed on Mon 11/03/2014 at 22:53:01.14 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~
|
|
#8
November 4th, 2014, 05:14 AM
|
|||
|
|||
|
~ ZHPCleaner v2014.11.4.206 by Nicolas Coolman (04/11/2014)
~ Run by User (Administrator) (03/11/2014 23:07:20) ~ WebSite : http://nicolascoolman.fr ~ Forum : http://forum.nicolascoolman.fr ~ State version : Updated version ~ Type : Scan ~ Report : C:\Users\User\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Quara ntine.txt ~ UAC : Activate ~ Windows 7, 64-bit Service Pack 1 (Build 7601) ---\\ Services (0) ~ No malicious items found. ---\\ Browser Internet (24) FOUND Proxy: ProxyOverride ( <local>;*origin.com;*ea.com;*akamaihd.net ) FOUND PARAMS: ProxyServer [http=127.0.0.1:34894] (Hijacker.Proxy) FOUND PARAMS: ProxyEnable ( 1 ) FOUND Desktop: C:\Users\User\Desktop\DCS-5010L(71689789).lnk ("https://us.mydlink.com/device#71689789?lang=en_US[...]) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js FOUND Firefox: [1sez4bq8.default] - user_pref("extensions.7aJJ5KAHRFFRJe8J.scode", "(function(){try{var url=(window.self.location.href +[...] (Adware.MyWebSearch) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js FOUND Firefox: [1sez4bq8.default] - user_pref("extensions.Rwy.scode", "(function(){try{var url=(window.self.location.href + document.coo[...] (Adware.MyWebSearch) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js FOUND Firefox: [1sez4bq8.default] - user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb.m[...] (PUP.Monetisation) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js FOUND Firefox: [1sez4bq8.default] - user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb.m[...] (PUP.Monetisation) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js FOUND Firefox: [1sez4bq8.default] - user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb.m[...] (PUP.Monetisation) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js FOUND Firefox: [1sez4bq8.default] - user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb.m[...] (PUP.Monetisation) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js FOUND Firefox: [1sez4bq8.default] - user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb.m[...] (PUP.Monetisation) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js FOUND Firefox: [1sez4bq8.default] - user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb.m[...] (PUP.Monetisation) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js FOUND Firefox: [1sez4bq8.default] - user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb.m[...] (PUP.Monetisation) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js FOUND Firefox: [1sez4bq8.default] - user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb.m[...] (PUP.Monetisation) ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (2) FOUND: [QQBrowser Udpater Task] [Orphean] (Adware.TencentAddressBar) FOUND: [QQBrowser Udpater Task(Core)] [Orphean] (Adware.TencentAddressBar) ---\\ Explorer ( Files, Folders) (38) FOUND: [QQBrowser Udpater Task] [Orphean Task] C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe (Adware.TencentAddressBar) FOUND: [QQBrowser Udpater Task(Core)] [Orphean Task] C:\Program Files (x86)\Tencent\QQBrowser\QQBrowser.exe (Adware.TencentAddressBar) FOUND: C:\Program Files (x86)\BitLord (Adware.WhenUSave) FOUND: C:\Program Files (x86)\BitLord\Downloads (Adware.WhenUSave) FOUND: C:\Program Files (x86)\BitLord\lang (Adware.WhenUSave) FOUND: C:\Program Files (x86)\BitLord\rules (Adware.WhenUSave) FOUND: C:\Program Files (x86)\doWnloaditkeep (PUP.DownloadItKeep) FOUND: C:\Program Files (x86)\QvodPlayer (PUP.Qvod) FOUND: C:\Program Files (x86)\QvodPlayer\AddIn (PUP.Qvod) FOUND: C:\Program Files (x86)\QvodPlayer\Codecs (PUP.Qvod) FOUND: C:\Program Files (x86)\QvodPlayer\Data (PUP.Qvod) FOUND: C:\Program Files (x86)\QvodPlayer\Favorite (PUP.Qvod) FOUND: C:\Program Files (x86)\QvodPlayer\ico.ico (PUP.Qvod) FOUND: C:\Program Files (x86)\QvodPlayer\Lang (PUP.Qvod) FOUND: C:\Program Files (x86)\QvodPlayer\NetAgent.dll (PUP.Qvod) FOUND: C:\Program Files (x86)\QvodPlayer\Playlist (PUP.Qvod) FOUND: C:\Program Files (x86)\QvodPlayer\Qvod.cfg (PUP.Qvod) FOUND: C:\Program Files (x86)\QvodPlayer\Qvodcfg.ini (PUP.Qvod) FOUND: C:\Program Files (x86)\QvodPlayer\QvodInsert.dll (PUP.Qvod) FOUND: C:\Program Files (x86)\QvodPlayer\QvodPlayer.exe (PUP.Qvod) FOUND: C:\Program Files (x86)\QvodPlayer\QvodPlayer.xml (PUP.Qvod) FOUND: C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe (PUP.Qvod) FOUND: C:\Program Files (x86)\QvodPlayer\QvodUninst.exe (PUP.Qvod) FOUND: C:\Program Files (x86)\QvodPlayer\Skin (PUP.Qvod) FOUND: C:\Program Files (x86)\QvodPlayer\Viewdata (PUP.Qvod) FOUND: C:\Program Files (x86)\Super Optimizer (PUP.SuperOptimizer) FOUND: C:\Users\Public\Documents\Tencent (Adware.TencentAddressBar) FOUND: C:\Users\Public\Documents\Tencent\QQ (Adware.TencentAddressBar) FOUND: C:\Users\Public\Documents\Tencent\QQGameMicro (Adware.TencentAddressBar) FOUND: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord (Adware.WhenUSave) FOUND: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord\BitLord.lnk (Adware.WhenUSave) FOUND: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord\HomePage.lnk (Adware.WhenUSave) FOUND: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord\Uninstall.lnk (Adware.WhenUSave) FOUND: C:\Users\User\AppData\Local\StormWatch (PUP.StormWatch) FOUND: C:\Users\User\AppData\Local\StormWatch\StormWatchA pp.dat (PUP.StormWatch) FOUND: C:\Users\User\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\StormWatch (PUP.StormWatch) FOUND: C:\Windows\Prefetch\SEARCHPROTECTION.EXE-41CF77BC.pf (PUP.SearchProtect) ---\\ Registry ( Keys, Values, Datas) (48) FOUND: HKCR\CLSID\{e5c8c7b5-0d42-4107-b7f5-aa541d4b90e6} [Rich Media View] (PUP.MediaViewer) FOUND: HKCR\CLSID\{8408BA8D-2245-49A0-8FEA-538669B0CFF7} [NeroSearchQuerySourceSettings Class] (PUP.Datamngr) FOUND: HKCR\CLSID\{8C9E6B7A-6B70-4768-9656-444DCA6890B2} [NMSearchQuerySyntaxTree Class] (PUP.Datamngr) FOUND: HKCR\CLSID\{B05DFA20-F9A5-4561-AFAD-1B39E53DFBDF} [LulSDVideoEngine Class] (PUP.Eorezo) FOUND: HKCR\CLSID\{BFF3B8F9-4CF4-4843-9DA6-097193056FB3} [NMSearchQueryConfigManager Class] (PUP.Datamngr) FOUND: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} [ShopperReports.dll] (Adware.ShopperReports) FOUND: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} [ShoppingReport.dll] (Adware.ShoppingReport) FOUND: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} [BabylonToolbar.dll] (PUP.Babylon) FOUND: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [BabylonToolbar.dll] (PUP.Babylon) FOUND: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} [BabylonToolbarTlbr.dll] (PUP.Babylon) FOUND: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} [ShoppingReport.dll] (Adware.ShoppingReport) FOUND: HKCR\TypeLib\{2566F758-FE4A-4691-9F93-30AF685BB403} [QvodInsert 1.0 Type Library] (PUP.Qvod) FOUND: HKCU\Software\BitLord (Adware.WhenUSave) FOUND: HKCU\Software\QvodPlayer (PUP.Qvod) FOUND: HKCU\Software\Tencent (Adware.TencentAddressBar) FOUND: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com (PUP.SpecialSavings) FOUND: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com (PUP.SpecialSavings) FOUND: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Param eters\Interfaces\{B2EC37C1-2053-47A2-B554-1F011C63292A} [208.69.150.250,208.69.150.252] (Hijacker.Browser) FOUND: [X64] HKLM\SOFTWARE\SI-App (PUP.WinRST) FOUND: [X64] HKLM\SOFTWARE\WinUpd (PUP.WinRST) FOUND: [X64] HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI 32 (PUP.MyPCBackup) FOUND: [X64] HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMAN CS (PUP.MyPCBackup) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Better Surf Plus (PUP.BetterSurfPlus) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Better-Surf (PUP.BetterSurf) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\LookSafe (PUP.LookSafe) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\mamverifier (Toolbar.Mamverifier) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\MediaBuzzV1mode6574 (PUP.MediaBuzz) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\SI-App (PUP.WinRST) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\WinUpd (PUP.WinRST) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\Tencent WebGuard (Adware.TencentAddressBar) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\快播(QvodPlayer) (PUP.Qvod) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitLor d_RASAPI32 (Adware.WhenUSave) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitLor d_RASMANCS (Adware.WhenUSave) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCFixS peed_RASAPI32 (PUP.PCFixSpeed) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\QvodPl ayer_RASAPI32 (PUP.Qvod) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\QvodPl ayer_RASMANCS (PUP.Qvod) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\snipsm art_RASAPI32 (PUP.SnipSmart) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\snipsm art_RASMANCS (PUP.SnipSmart) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tencen tdl_RASMANCS (Adware.TencentAddressBar) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\update snipsmart_RASAPI32 (PUP.SnipSmart) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\update snipsmart_RASMANCS (PUP.SnipSmart) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilsn ipsmart_RASAPI32 (PUP.SnipSmart) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilsn ipsmart_RASMANCS (PUP.SnipSmart) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Visual BeeSilent_RASAPI32 (Adware.VisualBeeToolbar) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Visual BeeSilent_RASMANCS (Adware.VisualBeeToolbar) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Yontoo Setup-S-0BD4_RASAPI32 (Adware.Yontoo) FOUND: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Yontoo Setup-S-0BD4_RASMANCS (Adware.Yontoo) ---\\ Result of repair ~ Any repair made ~ No browser found (Opera Software) End of clean at 23:13:14
|
|
#9
November 4th, 2014, 05:18 AM
|
|||
|
|||
|
~ ZHPCleaner v2014.11.4.206 by Nicolas Coolman (04/11/2014)
~ Run by User (Administrator) (03/11/2014 23:13:21) ~ WebSite : http://nicolascoolman.fr ~ Forum : http://forum.nicolascoolman.fr ~ State version : Updated version ~ Type : Repair ~ Report : C:\Users\User\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Quara ntine.txt ~ UAC : Activate ~ Windows 7, 64-bit Service Pack 1 (Build 7601) ---\\ Services (1) ---\\ Browser Internet (24) REPLACED Proxy: ProxyOverride ( <local>;*origin.com;*ea.com;*akamaihd.net ) REPLACED PARAMS: ProxyServer [http=127.0.0.1:34894] (Hijacker.Proxy) REPLACED PARAMS: ProxyEnable ( 1 ) REPLACED Desktop: C:\Users\User\Desktop\DCS-5010L(71689789).lnk ("https://us.mydlink.com/device#71689789?lang=en_US[...]) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js REPLACED Firefox: [1sez4bq8.default] - user_pref("extensions.7aJJ5KAHRFFRJe8J.scode", "(function(){try{var url=(window.self.location.href +[...] (Adware.MyWebSearch) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js REPLACED Firefox: [1sez4bq8.default] - user_pref("extensions.Rwy.scode", "(function(){try{var url=(window.self.location.href + document.coo[...] (Adware.MyWebSearch) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js REPLACED Firefox: [1sez4bq8.default] - user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb.m[...] (PUP.Monetisation) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js REPLACED Firefox: [1sez4bq8.default] - user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb.m[...] (PUP.Monetisation) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js REPLACED Firefox: [1sez4bq8.default] - user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb.m[...] (PUP.Monetisation) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js REPLACED Firefox: [1sez4bq8.default] - user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb.m[...] (PUP.Monetisation) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js REPLACED Firefox: [1sez4bq8.default] - user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb.m[...] (PUP.Monetisation) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js REPLACED Firefox: [1sez4bq8.default] - user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb.m[...] (PUP.Monetisation) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js REPLACED Firefox: [1sez4bq8.default] - user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb.m[...] (PUP.Monetisation) FOUND Firefox: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\prefs.js REPLACED Firefox: [1sez4bq8.default] - user_pref("extensions.a0b105cbff1eb40b89bca7dae371 d7ead239035fb4613ab38efcom61762.61762.internaldb.m[...] (PUP.Monetisation) ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (4) FOUND: [QQBrowser Udpater Task] [Orphean] (Adware.TencentAddressBar) FOUND: [QQBrowser Udpater Task(Core)] [Orphean] (Adware.TencentAddressBar) DELETED: [QQBrowser Udpater Task] [Orphean] (Adware.TencentAddressBar) DELETED: [QQBrowser Udpater Task(Core)] [Orphean] (Adware.TencentAddressBar) ---\\ Explorer ( Files, Folders) (36) MOVED: C:\Program Files (x86)\BitLord (Adware.WhenUSave) MOVED: C:\Program Files (x86)\BitLord\Downloads (Adware.WhenUSave) MOVED: C:\Program Files (x86)\BitLord\lang (Adware.WhenUSave) MOVED: C:\Program Files (x86)\BitLord\rules (Adware.WhenUSave) MOVED: C:\Program Files (x86)\doWnloaditkeep (PUP.DownloadItKeep) MOVED: C:\Program Files (x86)\QvodPlayer (PUP.Qvod) MOVED: C:\Program Files (x86)\QvodPlayer\AddIn (PUP.Qvod) MOVED: C:\Program Files (x86)\QvodPlayer\Codecs (PUP.Qvod) MOVED: C:\Program Files (x86)\QvodPlayer\Data (PUP.Qvod) MOVED: C:\Program Files (x86)\QvodPlayer\Favorite (PUP.Qvod) MOVED: C:\Program Files (x86)\QvodPlayer\ico.ico (PUP.Qvod) MOVED: C:\Program Files (x86)\QvodPlayer\Lang (PUP.Qvod) MOVED: C:\Program Files (x86)\QvodPlayer\NetAgent.dll (PUP.Qvod) MOVED: C:\Program Files (x86)\QvodPlayer\Playlist (PUP.Qvod) MOVED: C:\Program Files (x86)\QvodPlayer\Qvod.cfg (PUP.Qvod) MOVED: C:\Program Files (x86)\QvodPlayer\Qvodcfg.ini (PUP.Qvod) MOVED: C:\Program Files (x86)\QvodPlayer\QvodInsert.dll (PUP.Qvod) MOVED: C:\Program Files (x86)\QvodPlayer\QvodPlayer.exe (PUP.Qvod) MOVED: C:\Program Files (x86)\QvodPlayer\QvodPlayer.xml (PUP.Qvod) MOVED: C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe (PUP.Qvod) MOVED: C:\Program Files (x86)\QvodPlayer\QvodUninst.exe (PUP.Qvod) MOVED: C:\Program Files (x86)\QvodPlayer\Skin (PUP.Qvod) MOVED: C:\Program Files (x86)\QvodPlayer\Viewdata (PUP.Qvod) MOVED: C:\Program Files (x86)\Super Optimizer (PUP.SuperOptimizer) MOVED: C:\Users\Public\Documents\Tencent (Adware.TencentAddressBar) MOVED: C:\Users\Public\Documents\Tencent\QQ (Adware.TencentAddressBar) MOVED: C:\Users\Public\Documents\Tencent\QQGameMicro (Adware.TencentAddressBar) MOVED: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord (Adware.WhenUSave) MOVED: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord\BitLord.lnk (Adware.WhenUSave) MOVED: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord\HomePage.lnk (Adware.WhenUSave) MOVED: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord\Uninstall.lnk (Adware.WhenUSave) MOVED: C:\Users\User\AppData\Local\StormWatch (PUP.StormWatch) MOVED: C:\Users\User\AppData\Local\StormWatch\StormWatchA pp.dat (PUP.StormWatch) MOVED: C:\Users\User\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\StormWatch (PUP.StormWatch) MOVED: C:\Windows\Prefetch\SEARCHPROTECTION.EXE-41CF77BC.pf (PUP.SearchProtect) ---\\ Registry ( Keys, Values, Datas) (48) DELETED: HKCR\CLSID\{e5c8c7b5-0d42-4107-b7f5-aa541d4b90e6} [Rich Media View] (PUP.MediaViewer) DELETED: HKCR\CLSID\{8408BA8D-2245-49A0-8FEA-538669B0CFF7} [NeroSearchQuerySourceSettings Class] (PUP.Datamngr) DELETED: HKCR\CLSID\{8C9E6B7A-6B70-4768-9656-444DCA6890B2} [NMSearchQuerySyntaxTree Class] (PUP.Datamngr) DELETED: HKCR\CLSID\{B05DFA20-F9A5-4561-AFAD-1B39E53DFBDF} [LulSDVideoEngine Class] (PUP.Eorezo) DELETED: HKCR\CLSID\{BFF3B8F9-4CF4-4843-9DA6-097193056FB3} [NMSearchQueryConfigManager Class] (PUP.Datamngr) DELETED: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} [ShopperReports.dll] (Adware.ShopperReports) DELETED: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} [ShoppingReport.dll] (Adware.ShoppingReport) DELETED: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} [BabylonToolbar.dll] (PUP.Babylon) DELETED: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [BabylonToolbar.dll] (PUP.Babylon) DELETED: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} [BabylonToolbarTlbr.dll] (PUP.Babylon) DELETED: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} [ShoppingReport.dll] (Adware.ShoppingReport) DELETED: HKCR\TypeLib\{2566F758-FE4A-4691-9F93-30AF685BB403} [QvodInsert 1.0 Type Library] (PUP.Qvod) DELETED: HKCU\Software\BitLord (Adware.WhenUSave) DELETED: HKCU\Software\QvodPlayer (PUP.Qvod) DELETED: HKCU\Software\Tencent (Adware.TencentAddressBar) DELETED: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com (PUP.SpecialSavings) DELETED: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com (PUP.SpecialSavings) DELETED: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Param eters\Interfaces\{B2EC37C1-2053-47A2-B554-1F011C63292A} [208.69.150.250,208.69.150.252] (Hijacker.Browser) DELETED: [X64] HKLM\SOFTWARE\SI-App (PUP.WinRST) DELETED: [X64] HKLM\SOFTWARE\WinUpd (PUP.WinRST) DELETED: [X64] HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI 32 (PUP.MyPCBackup) DELETED: [X64] HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMAN CS (PUP.MyPCBackup) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Better Surf Plus (PUP.BetterSurfPlus) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Better-Surf (PUP.BetterSurf) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\LookSafe (PUP.LookSafe) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\mamverifier (Toolbar.Mamverifier) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\MediaBuzzV1mode6574 (PUP.MediaBuzz) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\SI-App (PUP.WinRST) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\WinUpd (PUP.WinRST) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\Tencent WebGuard (Adware.TencentAddressBar) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\快播(QvodPlayer) (PUP.Qvod) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitLor d_RASAPI32 (Adware.WhenUSave) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitLor d_RASMANCS (Adware.WhenUSave) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCFixS peed_RASAPI32 (PUP.PCFixSpeed) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\QvodPl ayer_RASAPI32 (PUP.Qvod) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\QvodPl ayer_RASMANCS (PUP.Qvod) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\snipsm art_RASAPI32 (PUP.SnipSmart) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\snipsm art_RASMANCS (PUP.SnipSmart) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tencen tdl_RASMANCS (Adware.TencentAddressBar) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\update snipsmart_RASAPI32 (PUP.SnipSmart) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\update snipsmart_RASMANCS (PUP.SnipSmart) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilsn ipsmart_RASAPI32 (PUP.SnipSmart) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilsn ipsmart_RASMANCS (PUP.SnipSmart) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Visual BeeSilent_RASAPI32 (Adware.VisualBeeToolbar) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Visual BeeSilent_RASMANCS (Adware.VisualBeeToolbar) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Yontoo Setup-S-0BD4_RASAPI32 (Adware.Yontoo) DELETED: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Yontoo Setup-S-0BD4_RASMANCS (Adware.Yontoo) ---\\ Result of repair ~ Repair carried out successfully ~ No browser found (Opera Software) End of clean at 23:17:26
|
|
#10
November 4th, 2014, 01:28 PM
|
|||
|
|||
|
will continue later.
|
|
#11
November 5th, 2014, 04:19 AM
|
|||
|
|||
|
I ran Malwarebytes and tried to open a browser. I got the same message Proxy Server failed to connect ....
I did a system restore and this is the log before the system restore: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/4/2014 Scan Time: 9:38:35 PM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.05.02 Rootkit Database: v2014.11.01.02 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: User Scan Type: Threat Scan Result: Completed Objects Scanned: 415945 Time Elapsed: 21 min, 46 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 3 PUP.Optional.MySearch.A, C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\a5uzyuh9.default\user.js, Good: (), Bad: (user_pref("extensions.irmysearch.instlRef", "140305_b")  , Replaced,[d45211275e1eb5812cb437396e97ab55]PUP.Optional.MySearch.A, C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\a5uzyuh9.default\user.js, Good: (), Bad: (mysearch.instlRef", "140305_b"); user_pref("extensi), Replaced,[4cdaf741423a64d20dd33b358283c838] PUP.Optional.MySearch.A, C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\a5uzyuh9.default\user.js, Good: (), Bad: (s.irmysearch.instlRef", "140305_b"); user_pref("extensions.irmysearch.cr", "1836080896"); user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtByCtCzz0EtD0DyDyDyEyD0CzzyCt N0D0Tzu0SzzyDtAtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCy EtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtAzztBtAzyyD0 DtG0CyEtC0EtG0B0DzytDtGyDyByByBtGyB0E0DyCzy0A0C0B0 BtD0CtA2QtN1M1F1B2), Replaced,[2006d167b2cab680449c72fe0ef709f7] Physical Sectors: 0 (No malicious items detected) (end) Nov 3, 2014 log Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/4/2014 Scan Time: 6:40:40 AM Logfile: Administrator: Yes Version: 0.00.0.0000 Malware Database: v2014.11.04.03 Rootkit Database: v2014.11.01.02 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: User Scan Type: Threat Scan Result: Completed Objects Scanned: 416160 Time Elapsed: 22 min, 0 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
|
|
#12
November 5th, 2014, 05:02 AM
|
|||
|
|||
|
ComboFix 14-10-29.01 - User 11/04/2014 22:42:29.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2113 [GMT -5:00] Running from: c:\users\User\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Common Files\Tencent\Paycenter c:\program files (x86)\Common Files\Tencent\Paycenter\qqcert.dll c:\program files (x86)\Common Files\Tencent\Paycenter\qqedit.dll c:\programdata\CheapCoupon c:\programdata\CheapCoupon\CheapCoupon.exe c:\programdata\smartcompare c:\programdata\smartcompare\UOn9wtZeDpktZY.dll c:\programdata\smartcompare\UOn9wtZeDpktZY.exe c:\programdata\smartcompare\UOn9wtZeDpktZY.tlb c:\programdata\smartcompare\UOn9wtZeDpktZY.x64.dll c:\programdata\SuperManCoupon c:\programdata\SuperManCoupon\SuperManCoupon.exe c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\a5uzyuh9.default\extensions\b@oq.com c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\a5uzyuh9.default\extensions\b@oq.com\bootstr ap.js c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\a5uzyuh9.default\extensions\b@oq.com\chrome. manifest c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\a5uzyuh9.default\extensions\b@oq.com\content \bg.js c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\a5uzyuh9.default\extensions\HXWKV7mf9@O.org c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\a5uzyuh9.default\extensions\HXWKV7mf9@O.org\ bootstrap.js c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\a5uzyuh9.default\extensions\HXWKV7mf9@O.org\ chrome.manifest c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Pro files\a5uzyuh9.default\extensions\HXWKV7mf9@O.org\ content\bg.js c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckcgalhncgkicdlhojcalmjcjh ndldpl c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckcgalhncgkicdlhojcalmjcjh ndldpl\182\background.html c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckcgalhncgkicdlhojcalmjcjh ndldpl\182\content.js c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckcgalhncgkicdlhojcalmjcjh ndldpl\182\lsdb.js c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckcgalhncgkicdlhojcalmjcjh ndldpl\182\manifest.json c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckcgalhncgkicdlhojcalmjcjh ndldpl\182\nZz3arEDp2.js c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcijkonhppildbjgkdaglmeoee mcldha c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcijkonhppildbjgkdaglmeoee mcldha\197\background.html c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcijkonhppildbjgkdaglmeoee mcldha\197\content.js c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcijkonhppildbjgkdaglmeoee mcldha\197\lsdb.js c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcijkonhppildbjgkdaglmeoee mcldha\197\manifest.json c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcijkonhppildbjgkdaglmeoee mcldha\197\T1vv.js c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoeapleklopieoejahbpdnhkj jgddem c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoeapleklopieoejahbpdnhkj jgddem\230\background.html c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoeapleklopieoejahbpdnhkj jgddem\230\content.js c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoeapleklopieoejahbpdnhkj jgddem\230\Dpl.js c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoeapleklopieoejahbpdnhkj jgddem\230\lsdb.js c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoeapleklopieoejahbpdnhkj jgddem\230\manifest.json c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapgobifldgnkpcgoejmkfoemk ajilcj c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapgobifldgnkpcgoejmkfoemk ajilcj\107\background.html c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapgobifldgnkpcgoejmkfoemk ajilcj\107\content.js c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapgobifldgnkpcgoejmkfoemk ajilcj\107\lsdb.js c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapgobifldgnkpcgoejmkfoemk ajilcj\107\lzu_9cMm.js c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kapgobifldgnkpcgoejmkfoemk ajilcj\107\manifest.json c:\users\User\AppData\Local\Google\Chrome\User Data\Default\preferences c:\users\User\AppData\Roaming\360SE c:\users\User\AppData\Roaming\360SE\data\360sefav. db c:\users\User\AppData\Roaming\AAJ.exe c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\addon.ico c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\amazon_ie.ico c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\DefaultTabBHO.cfg c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\DefaultTabBHO.dll c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\DefaultTabStart.exe c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\DefaultTabStart64.exe c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\DefaultTabUninstaller.exe c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\DefaultTabWrap.dll c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\DefaultTabWrap64.dll c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\DT.ico c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\DTReg.exe c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\DTUpdate.exe c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\ebay_ie.ico c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\facebook_ie.ico c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\search_ie.ico c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\searchhere.ico c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\twitter_ie.ico c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\uninstalldt.exe c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\update.exe c:\users\User\AppData\Roaming\DefaultTab\DefaultTa b\wikipedia_ie.ico c:\users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\extensions\ek9bdxtta@hxhioya dr.org c:\users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\extensions\ek9bdxtta@hxhioya dr.org\bootstrap.js c:\users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\extensions\ek9bdxtta@hxhioya dr.org\chrome.manifest c:\users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\extensions\ek9bdxtta@hxhioya dr.org\content\bg.js c:\users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\extensions\ek9bdxtta@hxhioya dr.org\install.rdf c:\users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\extensions\HXWKV7mf9@O.org c:\users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\extensions\HXWKV7mf9@O.org\b ootstrap.js c:\users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\extensions\HXWKV7mf9@O.org\c hrome.manifest c:\users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\extensions\HXWKV7mf9@O.org\c ontent\bg.js c:\users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\extensions\HXWKV7mf9@O.org\i nstall.rdf c:\users\User\AppData\Roaming\PMIXB.exe c:\users\User\AppData\Roaming\SearchProtect c:\users\User\AppData\Roaming\SearchProtect\bin\Ch romeModule.dll c:\users\User\AppData\Roaming\SearchProtect\bin\cl tmng.exe c:\users\User\AppData\Roaming\SearchProtect\bin\Cl tMngSvc.exe c:\users\User\AppData\Roaming\SearchProtect\bin\Fi refoxModule.dll c:\users\User\AppData\Roaming\SearchProtect\bin\In ternetExplorerModule.dll c:\users\User\AppData\Roaming\SearchProtect\bin\SP Hook64.dll c:\users\User\AppData\Roaming\SearchProtect\bin\SP Runner.exe c:\users\User\AppData\Roaming\SearchProtect\bin\SP Tool64.exe c:\users\User\AppData\Roaming\SearchProtect\Dialog s\dialogsApi.js c:\users\User\AppData\Roaming\SearchProtect\Dialog s\lib\jquery.min.js c:\users\User\AppData\Roaming\SearchProtect\Dialog s\lib\json2.js c:\users\User\AppData\Roaming\SearchProtect\Dialog s\spbd\bubble.js c:\users\User\AppData\Roaming\SearchProtect\Dialog s\spsd\settings.js c:\users\User\AppData\Roaming\SearchProtect\ffprot ect\abstraction.js c:\users\User\AppData\Roaming\SearchProtect\ffprot ect\application.js c:\users\User\AppData\Roaming\SearchProtect\ffprot ect\Dialogs\dialogsApi.js c:\users\User\AppData\Roaming\SearchProtect\ffprot ect\Dialogs\lib\jquery.min.js c:\users\User\AppData\Roaming\SearchProtect\ffprot ect\Dialogs\lib\json2.js c:\users\User\AppData\Roaming\SearchProtect\ffprot ect\Dialogs\spbd\bubble.js c:\users\User\AppData\Roaming\SearchProtect\ffprot ect\Dialogs\spsd\settings.js c:\users\User\AppData\Roaming\SearchProtect\ffprot ect\nsprotector.js c:\users\User\AppData\Roaming\SearchProtect\Res\SP Setup.exe c:\users\User\wrar391.exe D:\install.exe c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NETHFDRV -------\Service_nethfdrv -------\Service_NetHttpService -------\Service_ServiceUpdater -------\Service_DefaultTabUpdate -------\Service_DefaultTabUpdate . . ((((((((((((((((((((((((( Files Created from 2014-10-05 to 2014-11-05 ))))))))))))))))))))))))))))))) . . 2014-11-05 03:22 . 2014-10-20 07:37 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14C3B013-9E8D-4E2F-989F-5FE5F712A570}\mpengine.dll 2014-11-04 04:21 . 2014-11-05 03:11 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-11-04 04:21 . 2014-11-04 04:21 -------- d-----w- c:\programdata\Malwarebytes 2014-11-04 04:07 . 2014-11-04 04:17 -------- d-----w- c:\users\User\AppData\Roaming\ZHP 2014-11-04 03:37 . 2014-11-04 03:39 -------- d-----w- C:\AdwCleaner 2014-11-03 01:12 . 2014-11-03 01:12 -------- d-----w- C:\zoek_backup 2014-11-03 00:58 . 2014-11-05 03:10 -------- d-----w- c:\programdata\savinshop 2014-11-02 03:07 . 2014-11-03 00:08 -------- d-----w- c:\programdata\AQZmqpc 2014-11-01 21:02 . 2014-11-01 21:16 -------- d-----w- c:\users\TEMP 2014-10-26 00:25 . 2014-10-27 00:49 -------- d-----w- c:\users\Guest\AppData\Local\Mozilla 2014-10-18 09:37 . 2014-11-05 03:10 -------- d-----w- c:\program files (x86)\ver7SpeeditUp 2014-10-18 03:14 . 2014-11-02 20:37 -------- d--h--w- c:\users\Public\Temp 2014-10-18 03:12 . 2014-11-05 03:10 -------- d-----w- c:\users\User\AppData\Local\DashboardPrivacyRecycl e 2014-10-18 03:11 . 2014-10-17 23:05 4834816 ----a-w- c:\windows\score.exe 2014-10-18 02:49 . 2014-10-18 02:49 -------- d-----w- c:\users\User\AppData\Roaming\Profiles 2014-10-18 02:49 . 2014-10-18 02:49 -------- d-----w- c:\users\User\AppData\Roaming\Crash Reports 2014-10-18 02:49 . 2014-10-18 02:49 -------- d-----w- c:\users\User\AppData\Local\Profiles 2014-10-17 02:20 . 2014-10-17 02:20 -------- d-----w- c:\programdata\FunAcce 2014-10-17 02:14 . 2014-11-03 01:07 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2014-10-15 05:58 . 2014-10-07 02:54 810680 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2014-10-15 05:57 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll 2014-10-12 02:41 . 2014-10-17 02:20 -------- d-----w- c:\users\User\AppData\Local\Diagnostics 2014-10-11 04:05 . 2014-11-05 03:10 -------- d-----w- c:\program files (x86)\Security Updates Service 2014-10-08 01:06 . 2014-10-07 19:54 48784 ----a-w- c:\windows\system32\drivers\{6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64.sys 2014-10-07 03:18 . 2014-11-05 03:10 -------- d-----w- c:\users\User\AppData\Local\Pro_PC_Cleaner 2014-10-07 02:55 . 2014-09-26 02:40 1979240 ----a-w- c:\programdata\BavPro_Setup_Mini_GL1.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2014-10-28 10:34 . 2010-01-19 18:56 275080 ------w- c:\windows\system32\MpSigStub.exe 2014-10-04 09:05 . 2014-10-04 14:21 48792 ----a-w- c:\windows\system32\drivers\{e9bebce7-deb3-4ab9-896c-549739f208c5}Gw64.sys 2014-09-25 22:06 . 2014-09-08 14:41 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm1 0145.bin 2014-09-25 02:08 . 2014-10-01 04:37 371712 ----a-w- c:\windows\system32\qdvd.dll 2014-09-25 01:40 . 2014-10-01 04:37 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-09-24 00:50 . 2012-04-03 00:49 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-09-24 00:50 . 2011-11-20 04:56 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-09-24 00:50 . 2014-09-10 01:50 3675824 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2014-09-10 07:02 . 2010-01-19 19:17 101694776 ----a-w- c:\windows\system32\MRT.exe 2014-09-09 22:11 . 2014-09-24 00:55 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-09 21:47 . 2014-09-24 00:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-08-29 21:02 . 2013-08-16 02:32 20296 ----a-w- c:\windows\system32\roboot64.exe 2014-08-29 11:23 . 2010-06-24 15:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll 2014-08-23 02:07 . 2014-08-29 01:14 404480 ----a-w- c:\windows\system32\gdi32.dll 2014-08-23 01:45 . 2014-08-29 01:14 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2010-01-14 05:11 . 2010-01-24 23:02 18030130 ----a-w- c:\program files\vlc-1.0.3-win32.exe 2006-09-04 17:23 . 2010-01-24 23:05 8312584 ----a-w- c:\program files\sdsetup.exe 2006-06-29 02:34 . 2010-07-09 02:44 1510912 ----a-w- c:\program files (x86)\VSFilter.dll 2006-06-29 02:34 . 2010-07-09 02:44 1510912 ----a-w- c:\program files\VSFilter.dll 2004-03-27 06:12 . 2010-01-24 23:05 5452936 ----a-w- c:\program files\DivX511Bundle.exe 2003-10-25 01:04 . 2010-01-24 23:05 3684032 ----a-w- c:\program files\spybotsd12.exe 2003-10-25 00:48 . 2010-01-24 23:05 1760378 ----a-w- c:\program files\aaw6.exe 2003-09-28 19:16 . 2010-01-24 23:05 4890400 ----a-w- c:\program files\SetupDl.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 17:26 3908192 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697}] 2011-09-22 11:12 2798536 ----a-w- c:\program files (x86)\Baidu\Toolbar\BaiduBarX.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] 2010-10-18 17:26 3908192 ----a-w- c:\program files (x86)\BitTorrentBar\tbBitT.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C9C7334B-5657-41e1-8F79-F6AACECA05F4}] 2014-07-15 08:47 560696 ----a-w- c:\program files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d0bb32fd-f809-4c52-8bc6-d56af3c5e954}] 2014-11-03 00:58 636416 ----a-w- c:\programdata\savinshop\cUrnLPujPP0ndE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D43B837E-871B-3F11-FA80-8B269882E737}] 2013-05-15 16:30 1173528 ----a-w- c:\program files (x86)\Tencent\WebGuard\webguard.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D6317157-93E7-E34D-2C66-36BC59019493}] 2011-01-25 08:53 1184176 ----a-w- c:\program files (x86)\Baidu\{D6317157-93E7-E34D-2C66-36BC59019493}\AddressBar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{DDD362CF-523B-4BC9-8FDC-58F93B6BC945}] 2014-10-01 22:43 462392 ----a-w- c:\users\User\AppData\Roaming\Tencent\QQ\QQAntiPhi shing\AccountProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\Toolbar] "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192] "{B580CF65-E151-49C3-B73F-70B13FCA8E86}"= "c:\program files (x86)\Baidu\Toolbar\BaiduBarX.dll" [2011-09-22 2798536] . [HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{b580cf65-e151-49c3-b73f-70b13fca8e86}] [HKEY_CLASSES_ROOT\BaiduBarX.ToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{D12F94FA-FC9A-41F7-B808-7FBB419DD7A6}] [HKEY_CLASSES_ROOT\BaiduBarX.ToolBand] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Search Protection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "QQ2009"="c:\program files (x86)\QQ\Africa2003\QQProtect\Bin\QQProtect.exe" [2014-09-25 638648] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDL R.exe" [2013-01-10 844144] "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-01-10 1475952] "GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2013-11-08 1095000] "NextLive"="c:\users\User\AppData\Roaming\newnext. me\nengine.dll" [2014-01-06 1283584] "BitTorrent"="c:\users\User\AppData\Roaming\BitTor rent\BitTorrent.exe" [2014-10-01 1387864] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run] "TV Card Remote Control Device Monitor"="c:\windows\3xHybridRMT.exe" [2007-06-29 466944] "YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856] "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112] "WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2013-07-10 1694080] "WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2014-02-28 5545328] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce] "SpUninstallDeleteDir"="rmdir" [X] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Scheduler for OEM.lnk - c:\program files (x86)\honestech\honestech TVR\scheduleTV.exe [2010-1-19 307200] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x] R2 FunshionSvr;FSServicePlatform;c:\windows\System32\ svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] R3 BaiduUpdater;Baidu Updater;c:\program files (x86)\Baidu\BaiduUpdate\bdupdate.exe;c:\program files (x86)\Baidu\BaiduUpdate\bdupdate.exe [x] R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.s ys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\w indows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\ windows\SYSNATIVE\IEEtwCollector.exe [x] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c: \windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\w indows\SYSNATIVE\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c :\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil64.sys [x] R3 QQSysMon;QQSysMon;c:\program files (x86)\QQ\QQPCMgr\5.0.1415.205\QQSysMon.sys;c:\prog ram files (x86)\QQ\QQPCMgr\5.0.1415.205\QQSysMon.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\w indows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys;c:\wi ndows\SYSNATIVE\Drivers\StkCMini.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\ synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3 dvsc.sys [x] R3 TcHardWare;TcHardWare;c:\program files (x86)\QQ\QQPCMgr\5.0.1415.205\QQPCHW-x64.sys;c:\program files (x86)\QQ\QQPCMgr\5.0.1415.205\QQPCHW-x64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsus bhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys; c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c: \windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c: \windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] S1 {6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64;{6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64;c:\windows\system32\drivers\{6cc fd995-07be-49cf-8ad6-1422dc08761a}Gw64.sys;c:\windows\SYSNATIVE\drivers \{6ccfd995-07be-49cf-8ad6-1422dc08761a}Gw64.sys [x] S1 {e9bebce7-deb3-4ab9-896c-549739f208c5}Gw64;{e9bebce7-deb3-4ab9-896c-549739f208c5}Gw64;c:\windows\system32\drivers\{e9b ebce7-deb3-4ab9-896c-549739f208c5}Gw64.sys;c:\windows\SYSNATIVE\drivers \{e9bebce7-deb3-4ab9-896c-549739f208c5}Gw64.sys [x] S2 892cc6a3;Performance Optimizer;c:\windows\system32\rundll32.exe;c:\wind ows\SYSNATIVE\rundll32.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\window s\SYSNATIVE\atiesrxx.exe [x] S2 DashboardPrivacyRecycle.exe;DashboardPrivacyRecycl e.exe;c:\users\User\AppData\Local\DashboardPrivacy Recycle\DashboardPrivacyRecycle.exe;c:\users\User\ AppData\Local\DashboardPrivacyRecycle\DashboardPri vacyRecycle.exe [x] S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.e xe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.e xe [x] S2 IRNPF;IResearch IRNPF Driver;c:\iresearch\Common\npf.sys;c:\iresearch\Co mmon\npf.sys [x] S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [x] S2 scores;scores;c:\windows\score.exe;c:\windows\scor e.exe [x] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x] S2 Security Updates Service;Security Updates Service;c:\program files (x86)\Security Updates Service\winupdsvc.exe;c:\program files (x86)\Security Updates Service\winupdsvc.exe [x] S2 TBUpdate;Tencent Toolbar Update Extra Service;c:\program files\Tencent\barupdate\TBUpdate.exe;c:\program files\Tencent\barupdate\TBUpdate.exe [x] S2 TxQBService;TxQBService;c:\program files (x86)\Tencent\QQBrowser\TsService.exe;c:\program files (x86)\Tencent\QQBrowser\TsService.exe [x] S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x] S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x] S2 WebGuardUpdate;Tencent WebGuard Update Service;c:\program files (x86)\Tencent\WebGuard\WebGuardUpdate.exe;c:\progr am files (x86)\Tencent\WebGuard\WebGuardUpdate.exe [x] S3 3xHybr64;SAA713x TV Card Service;c:\windows\system32\DRIVERS\3xHybr64.sys;c :\windows\SYSNATIVE\DRIVERS\3xHybr64.sys [x] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c: \windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c: \windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\svchost] FunshionServiceTools REG_MULTI_SZ FunshionSvr . Contents of the 'Scheduled Tasks' folder . 2014-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-03 00:50] . 2014-11-05 c:\windows\Tasks\QQBrowser Udpater Task(Core).job - c:\program files (x86)\Tencent\QQBrowser\QQBrowser.exe [2014-03-13 10:24] . 2014-11-03 c:\windows\Tasks\QQBrowser Udpater Task.job - c:\program files (x86)\Tencent\QQBrowser\QQBrowser.exe [2014-03-13 10:24] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d0bb32fd-f809-4c52-8bc6-d56af3c5e954}] 2014-11-03 00:58 717312 ----a-w- c:\programdata\savinshop\cUrnLPujPP0ndE.x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Fu nOverlay] @="{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}" [HKEY_CLASSES_ROOT\CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}] 2014-07-04 02:19 262792 ----a-w- c:\users\Public\Fundata\MogulKahn.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-23 1833504] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://searchy.easylifeapp.com/ mStart Page = hxxp://searchy.easylifeapp.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = http=127.0.0.1:35506 uInternet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: 使用QQ下载助手下载 - c:\program files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\xfgeturl.htm LSP: c:\users\Public\FunAcce\FunAcce.dll Trusted Zone: soso.com\toolbar Trusted Zone: toolbar.soso.com\* Trusted Zone: qq.com\cache.tv Trusted Zone: qq.com\qqlivecaption Trusted Zone: qq.com\qqlivehabit Trusted Zone: qq.com\qqlivesearch Trusted Zone: qq.com\video_1 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{B2EC37C1-2053-47A2-B554-1F011C63292A}: NameServer = 208.69.150.250,208.69.150.252 Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - c:\program files (x86)\TurboTax 2012\ic2012pp.dll DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\1sez4bq8.default\ FF - prefs.js: browser.startup.homepage - www.680news.com FF - user.js: extensions.nspdlgrvrio.aflt - grv_otbrw3_14_35 FF - user.js: extensions.nspdlgrvrio.instlRef - grv_otbrwfirst_14_24 FF - user.js: extensions.nspdlgrvrio.cr - 1116271793 FF - user.js: extensions.nspdlgrvrio.cd - 2XzuyEtN2Y1L1QzutDtDtByCtCzz0EtD0DyDyDyEyD0CzzyCtN 0D0Tzu0StCtDtCtDtN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C 2X1V1F2Z1S1C2W1O1L1C1B2Z1VtCyE1VtByEtN1L1G1B1V1N2Y 1L1Qzu2StC0ByEyC0Ezy0EtBtG0FzztC0DtGtAyD0BtCtG0B0B zy0BtGtByC0Fzy0ByCyEzz0FyCyEtB2QtN1M1F1B2Z1V1N2Y1L 1Qzu2S0FzyyCzzyCtCtBtBtG0EtCtByCtGyE0AtAtAtGzytAyE zztGyD0FyDyD0BzytC0DzzzytDtD2Q . . ------- File Associations ------- . inifile=c:\windows\SysWow64\NOTEPAD.EXE %1 txtfile=c:\windows\notepad.exe %1 . - - - - ORPHANS REMOVED - - - - . BHO-{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - c:\users\User\funshion\funshiontools\FunshionHelpe r.dll BHO-{54dc5b7a-f2c3-4836-8a28-50beb3b8aa6f} - c:\programdata\SmartCompare\UOn9wtZeDpktZY.dll BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\defaulttab\defaulttab\DefaultTabBHO.dll BHO-{e5c8c7b5-0d42-4107-b7f5-aa541d4b90e6} - c:\program files (x86)\RichMediaViewV1\RichMediaViewV1release259\ie \RichMediaViewV1release259.dll Toolbar-10 - (no file) Wow6432Node-HKCU-Run-Itibiti.exe - c:\program files (x86)\Itibiti Soft Phone\Itibiti.exe c:\users\User\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox. exe /systemstartup c:\users\User\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\Socialbox.lnk - c:\program files (x86)\Socialbox\Socialbox.exe BHO-{54dc5b7a-f2c3-4836-8a28-50beb3b8aa6f} - c:\programdata\SmartCompare\UOn9wtZeDpktZY.x64.dll BHO-{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - c:\program files (x86)\QQ\QQPCMgr\5.0.1415.205\TSWebMon64.dat Toolbar-10 - (no file) WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) AddRemove-Android Store 1.2.8.2873 - c:\program files (x86)\Baidu Security\Android Store\1.2.8.2873\Uninstall.exe AddRemove-BitTorrentBar Toolbar - c:\progra~2\BITTOR~2\UNWISE.EXE AddRemove-{37476589-E48E-439E-A706-56189E2ED4C4}_is1 - c:\programdata\CheapCoupon\CheapCoupon.exe AddRemove-{A9F7A981-09A3-C1F7-2D46-1BA20CFDF02F} - c:\programdata\SmartCompare\UOn9wtZeDpktZY.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _15_0_0_167.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _15_0_0_167.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _15_0_0_167.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _15_0_0_167.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\users\User\AppData\Local\DashboardPrivacyRecycl e\DatabaseEncondingSymbolic.exe . ************************************************** ************************ . Completion time: 2014-11-04 23:00:29 - machine was rebooted ComboFix-quarantined-files.txt 2014-11-05 04:00 . Pre-Run: 3,459,850,240 bytes free Post-Run: 2,589,556,736 bytes free . - - End Of File - - FCC088E63070E7ABD0C5BA5613F66391 A36C5E4F47E84449FF07ED3517B43A31
|
|
#13
November 5th, 2014, 05:24 AM
|
|||
|
|||
|
A message about Java Auto Updater from Oracle keeps popping up. I am not sure if I should say 'yes'.
|
|
#14
November 5th, 2014, 06:39 PM
|
||||
|
||||
|
Quote:
----------------------------------------------------- Please go to: VirusTotal On the page you'll find a "Choose File" button. Click on the Choose File button. In the Choose File to Upload window which opens, copy and paste this into the File Name box. c:\users\User\AppData\Local\DashboardPrivacyRecycl e\DatabaseEncondingSymbolic.exe c:\users\User\AppData\Local\DashboardPrivacy Recycle\DashboardPrivacyRecycle.exe c:\iresearch\Co mmon\npf.sys Next, click the Open button. Then click the "Scan It!" button just below. This will scan the file. Please be patient. If you get a message saying File has already been analyzed: click Reanalyze file now Once scanned, copy and paste the link to the results page in your next reply. ------------------------------------------------------------------------ Do you use Yahoo software ? Thanks.
|
|
#15
November 6th, 2014, 04:10 AM
|
|||
|
|||
|
I only use Yahoo messenger.
I still have problem launching browsers. I am still getting the message: The proxy server is refusing connections. Firexfox is configured to use a proxy server that is refusing connections. I had to restore my system back to a few days before I could launch the browser. Do I have to uninstall Firefox and install it again. I could not uninstall IE11, I think it comes with Windows 7. Is that correct? This is the link: https://www.virustotal.com/en/file/4...is/1415243113/ Thank you.
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Browser keeps crashing | Simple plus Naive | Internet / Browsers | 4 | November 7th, 2014 12:13 AM |
| internet browser crashing | slyang | Malware Removal | 20 | April 1st, 2009 12:14 AM |
| Both browser Are crashing help | danica2214 | Windows XP | 0 | January 25th, 2009 05:22 PM |
| Browser's crashing | Crandall | Internet / Browsers | 0 | December 24th, 2007 04:29 AM |
| .pdf's crashing IE browser | fynnla | Internet / Browsers | 9 | June 8th, 2005 11:43 AM |
All times are GMT +1. The time now is 06:14 PM.