Page 1 of 2 12 Last
  1. #1

    Can't remove hao123.com from google chrome and Internet Explorer

    Cant remove hao123.com from google chrome and internet explorer, i tried those ways suggested in google

    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/16/2014 1:08:57 PM
    System Uptime: 8/14/2014 9:08:02 AM (8 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P8Z68-V GEN3
    Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz | LGA1155 | 3101/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 119 GiB total, 31.455 GiB free.
    D: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.
    E: is FIXED (NTFS) - 466 GiB total, 346.767 GiB free.
    F: is CDROM ()
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: USB\VID_0CF3&PID_3000\6&DF2EE03&0&7
    Manufacturer:
    Name:
    PNP Device ID: USB\VID_0CF3&PID_3000\6&DF2EE03&0&7
    Service:
    .
    ==== System Restore Points ===================
    .
    RP87: 8/8/2014 9:06:14 AM - Revo Uninstaller Pro's restore point - 西瓜
    RP88: 8/8/2014 9:09:20 AM - Installed SpyHunter
    RP90: 8/8/2014 9:26:55 AM - Revo Uninstaller Pro's restore point - SpyHunter
    RP91: 8/8/2014 9:27:02 AM - Removed SpyHunter
    RP92: 8/9/2014 8:35:23 AM - Windows Update
    RP93: 8/10/2014 1:46:39 AM - Installed Java 7 Update 67
    RP94: 8/12/2014 11:08:35 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    3DMark
    Adobe Flash Player 14 ActiveX
    Adobe Flash Player 14 Plugin
    Adobe Reader XI (11.0.07)
    Asmedia ASM104x USB 3.0 Host Controller Driver
    BattleBlock Theater
    Borderlands 2
    Canon MF3010
    Castle Crashers
    Craft The World
    D3DX10
    DAEMON Tools Lite
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DiRT 3
    Dota 2
    Farm Frenzy 4
    Flvto Youtube Downloader
    Futuremark SystemInfo
    Giana Sisters: Twisted Dreams
    Google Chrome
    Google Update Helper
    Happy Wars
    Intel(R) Management Engine Components
    Intel(R) Network Connections 19.1.51.0
    Intel? Trusted Connect Service Client
    Internet Download Manager
    Java 7 Update 67
    Java Auto Updater
    Kingdom Rush
    Malwarebytes Anti-Malware version 2.0.2.1012
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
    Microsoft XNA Framework Redistributable 4.0
    Movie Maker
    MSVCRT
    MSVCRT110
    MSVCRT110_amd64
    NVIDIA 3D Vision Controller Driver 340.50
    NVIDIA 3D Vision Driver 340.52
    NVIDIA Control Panel 340.52
    NVIDIA GeForce Experience 2.1.1
    NVIDIA Graphics Driver 340.52
    NVIDIA HD Audio Driver 1.3.30.1
    NVIDIA Install Application
    NVIDIA LED Visualizer 1.0
    NVIDIA Network Service
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.13.1220
    NVIDIA ShadowPlay 15.3.33
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 15.3.33
    NVIDIA Update Core
    NVIDIA Virtual Audio 1.2.23
    OpenAL
    Photo Common
    Photo Gallery
    Plantronics? GameCom 780 Software for Dolby? Headphone
    Rapture3D 2.4.8 Game
    Razer Synapse 2.0
    Realtek High Definition Audio Driver
    Revo Uninstaller Pro 3.0.8
    Risk of Rain
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    SHIELD Streaming
    Skullgirls
    Skullgirls ∞Endless Beta∞
    Skype Click to Call
    Skype? 6.16
    Steam
    Terraria
    TP-LINK TL-WN727N Driver
    Unlocker 1.9.2
    Uplay
    VLC media player
    Watch_Dogs
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinZip 18.5
    Yet Another Cleaner!
    μTorrent
    .
    ==== End Of File ===========================

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.67.2
    Run by User at 17:12:54 on 2014-08-14
    Microsoft Windows 7 Home Premium 6.1.7601.1.936.65.1033.18.16351.10025 [GMT 8:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Plantronics\GameCom780\GameCom780.exe
    C:\Windows\System32\StikyNot.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wuauclt.exe
    E:\Program File\Steam\Steam.exe
    E:\Program File\Steam\steamapps\common\dota 2 beta\dota.exe
    E:\Program File\Steam\GameOverlayUI.exe
    C:\Users\User\Downloads\Compressed\QvodPlayer5.16绿色无广告修正版\QvodPlayer.exe
    C:\Users\User\Downloads\Compressed\QvodPlayer5.16绿色无广告修正版\QvodTerminal.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uProxyOverride = <local>
    mWinlogon: Userinit = userinit.exe,
    BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: XGBHOer Class: {D688CDAC-8854-46AC-A2D0-DD4B6122F3D0} - C:\Users\Public\Documents\xbho.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [Steam] "E:\Program File\Steam\steam.exe" -silent
    uRun: [uTorrent] "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: ???????? - <no file>
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{3BD21325-D921-4663-8DBE-A5BB6134AD5A} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{BB862F00-1B27-46A1-AD77-D3AF5347408C} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{BB862F00-1B27-46A1-AD77-D3AF5347408C}\14055435E2D697 : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [GamecomSound] C:\Program Files\Plantronics\GameCom780\GameCom780.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-6-18 283064]
    R1 iSafeKrnl;iSafeKrnl Mini-Filter Driver;C:\Program Files (x86)\iSafe\iSafeKrnl.sys [2014-8-8 247488]
    R1 iSafeKrnlKit;iSafeKrnl Kit Driver;C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [2014-8-8 78016]
    R1 iSafeKrnlR3;iSafeKrnl Ring3 Driver;C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [2014-8-8 65216]
    R1 iSafeNetFilter;iSafeNetFilter NDIS Driver;C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [2014-8-8 48640]
    R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
    R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
    R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-6-17 180136]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2014-3-11 260360]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2014-6-17 165144]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-6-17 1720608]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-6-17 18956064]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-7-30 411936]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2014-6-17 363800]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
    R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-17 20256]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-17 40392]
    R3 PlantronicsGC;PLTGC Interface;C:\Windows\System32\drivers\PLTGC.sys [2014-6-25 1327104]
    R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2014-5-19 39080]
    R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-5-19 155816]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
    S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2014-6-17 137488]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
    S3 iSafeKrnlBoot;iSafeKrnl Boot Driver;C:\Windows\System32\drivers\iSafeKrnlBoot.sys [2014-8-8 45248]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-18 19456]
    S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-6-18 31800]
    S3 SdoKeyCrypt;SdoKeyCrypt;C:\Windows\System32\SdoKeyCrypt.sys [2014-7-25 69560]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-18 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-6-18 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-18 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    .
    =============== Created Last 30 ================
    .
    2014-08-14 01:20:02 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D665DFB-4738-41A3-9805-EB10EDA21DC6}\gapaengine.dll
    2014-08-14 01:19:53 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CE10192E-2480-4BD4-9C5A-60B8CEF4E572}\mpengine.dll
    2014-08-12 15:08:43 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-08-09 17:47:00 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-08-09 17:43:18 -------- d-----w- C:\Users\User\AppData\Roaming\FlvtoConverter
    2014-08-09 17:43:18 -------- d-----w- C:\Users\User\AppData\Local\FlvtoYoutubeDownloader
    2014-08-09 17:43:02 -------- d-----w- C:\Program Files (x86)\Flvto Youtube Downloader
    2014-08-08 01:30:14 45248 ----a-w- C:\Windows\System32\drivers\iSafeKrnlBoot.sys
    2014-08-08 01:30:14 -------- d-----w- C:\Windows\System32\log
    2014-08-08 01:30:13 -------- d-----w- C:\Program Files (x86)\iSafe
    2014-08-08 01:30:09 -------- d-----w- C:\Users\User\AppData\Roaming\iSafe
    2014-08-08 01:09:31 -------- d-----w- C:\Program Files\Enigma Software Group
    2014-08-08 01:09:06 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
    2014-08-08 01:09:06 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2014-08-03 03:17:44 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9F82C1E0-4EC8-4068-AD11-1CD4266F7008}\gapaengine.dll
    2014-07-30 12:45:42 609240 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2014-07-28 14:39:04 -------- d-sh--w- C:\ProgramData\DSS
    2014-07-28 14:39:04 -------- d-----w- C:\ProgramData\Codemasters
    2014-07-28 14:38:07 -------- d-----w- C:\Windows\SysWow64\xlive
    2014-07-28 14:38:04 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2014-07-28 14:37:49 19087360 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll
    2014-07-28 14:37:49 1417216 ----a-w- C:\Windows\SysWow64\rapture3d_oal.dll
    2014-07-28 14:37:48 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2014-07-28 14:37:48 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2014-07-28 14:37:48 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2014-07-28 14:37:48 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2014-07-28 14:37:48 -------- d-----w- C:\Program Files (x86)\OpenAL
    2014-07-28 14:37:48 -------- d-----w- C:\Program Files (x86)\BRS
    2014-07-25 03:12:07 -------- d-----w- C:\Users\User\AppData\Roaming\SNDA
    2014-07-25 02:38:08 69560 ----a-w- C:\Windows\System32\SdoKeyCrypt.sys
    2014-07-23 12:59:14 -------- d-----w- C:\Users\User\AppData\Roaming\AlawarEntertainment
    2014-07-21 13:18:41 -------- d-----w- C:\ProgramData\QvodPlayer
    2014-07-19 17:56:41 -------- d-----w- C:\Program Files (x86)\SNDA
    2014-07-19 14:30:12 -------- d-----w- C:\ProgramData\Oracle
    .
    ==================== Find3M ====================
    .
    2014-08-08 01:25:15 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-08-08 01:25:15 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-08-08 01:06:22 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-07-25 13:50:29 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
    2014-07-25 13:50:29 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
    2014-07-25 13:50:11 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
    2014-07-25 13:50:11 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
    2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
    2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
    2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
    2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
    2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
    2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
    2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll
    2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
    2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
    2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-06-18 15:33:53 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
    2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
    2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
    2014-06-17 05:49:58 1937312 ----a-w- C:\Windows\System32\FMAPO64.dll
    2014-06-17 05:43:20 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
    2014-06-09 08:41:00 180136 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
    2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
    2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
    2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
    2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
    2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2014-05-28 23:32:14 80384 ----a-w- C:\Windows\System32\RazerCoinstaller.dll
    2014-05-24 02:33:58 864256 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
    2014-05-24 02:33:56 325120 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
    2014-05-20 02:44:03 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
    2014-05-20 02:44:03 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2014-05-20 02:44:03 1889112 ----a-w- C:\Windows\System32\nvdispco6433788.dll
    2014-05-20 02:44:03 1541576 ----a-w- C:\Windows\System32\nvdispgenco6433788.dll
    2014-05-20 02:44:03 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    2014-05-19 06:47:30 39080 ----a-w- C:\Windows\System32\drivers\rzendpt.sys
    2014-05-19 06:47:28 155816 ----a-w- C:\Windows\System32\drivers\rzudd.sys
    2014-05-19 06:26:50 89088 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
    2014-05-19 06:26:50 155136 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
    2014-05-19 06:26:46 117248 ----a-w- C:\Windows\SysWow64\rzdisplaydll.dll
    .
    ============= FINISH: 17:13:08.34 ===============

    Results of screen317's Security Check version 0.99.87
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Yet Another Cleaner!
    Java 7 Update 67
    Adobe Flash Player 14.0.0.145
    Adobe Reader XI
    Google Chrome 35.0.1916.153
    Google Chrome 36.0.1985.125
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 8%
    ````````````````````End of Log``````````````````````
    Last edited by wmorri; 08-14-2014 at 10:51 AM. Reason: Merged posts


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Cant remove hao123.com

    Hi, Kelchan35.

    1. Based on the information at WOT, yac.mx | WOT Reputation Scorecard | WOT (Web of Trust), I suggest you consider uninstalling "Yet Another Cleaner!"

    2. Please download Adware Cleaner by Xplode. Please save it to your desktop!
    • Close all open programs and internet browsers.
    • Double-click AdwCleaner.exe to run the tool.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • Click the Scan button.
    • AdwCleaner will begin. Be patient as the scan may take some time to complete.
    • After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3

    Re: Cant remove hao123.com

    # AdwCleaner v3.305 - Report created 15/08/2014 at 00:19:42
    # Updated 14/08/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : User - USER-PC
    # Running from : C:\Users\User\Downloads\Programs\adwcleaner_3.305.exe
    # Option : Scan


    ***** [ Services ] *****


    Service Found : iSafeKrnl
    Service Found : iSafeNetFilter


    ***** [ Files / Folders ] *****


    File Found : C:\Users\User\AppData\Roaming\LiveSupport.exe_log.txt
    File Found : C:\Users\User\AppData\Roaming\regsvr32.exe_log.txt
    Folder Found : C:\Program Files (x86)\baidu
    Folder Found : C:\Program Files (x86)\iSafe
    Folder Found : C:\ProgramData\apn
    Folder Found : C:\Users\User\AppData\Local\Temp\apn
    Folder Found : C:\Users\User\AppData\Roaming\iSafe


    ***** [ Scheduled Tasks ] *****




    ***** [ Shortcuts ] *****




    ***** [ Registry ] *****


    Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKLM\Software\iSafe
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe


    ***** [ Browsers ] *****


    -\\ Internet Explorer v11.0.9600.17207




    -\\ Mozilla Firefox v


    -\\ Google Chrome v36.0.1985.143


    [ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]




    *************************


    AdwCleaner[R0].txt - [1786 octets] - [15/08/2014 00:19:42]


    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1846 octets] ##########

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Cant remove hao123.com

    Thank you. Let's take care of what AdwCleaner shows and use a second tool that often digs a bit deeper.

    1. Double-click AdwCleaner.exe to run the tool again.
    • Click the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • After the scan has finished,
    • This time click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    2. Please download Junkware Removal Tool to your desktop.
    • Disable your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    3. Please download Shortcut Cleaner by Grinler to your desktop.
    • Run the tool by double-clicking it.
    • The tool will open and scan your system for Windows shortcuts that have been hijacked by unwanted or malicious software.
    • When finished, the log (sc-cleaner.txt) will be saved to your desktop.
    • Please post the contents of sc-cleaner.txt in your next reply.


    4. Please rescan with DDS. I won't need the Attach.txt log this time, just the DDS.txt.

    Due to the number and length of logs requested, it may be necessary to create two replies.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5

    Re: Cant remove hao123.com

    # AdwCleaner v3.305 - Report created 15/08/2014 at 16:05:43
    # Updated 14/08/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : User - USER-PC
    # Running from : C:\Users\User\Downloads\Programs\adwcleaner_3.305.exe
    # Option : Clean


    ***** [ Services ] *****




    ***** [ Files / Folders ] *****




    ***** [ Scheduled Tasks ] *****




    ***** [ Shortcuts ] *****




    ***** [ Registry ] *****


    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}


    ***** [ Browsers ] *****


    -\\ Internet Explorer v11.0.9600.17239




    -\\ Mozilla Firefox v


    -\\ Google Chrome v36.0.1985.143


    [ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}


    *************************


    AdwCleaner[R0].txt - [1926 octets] - [15/08/2014 00:19:42]
    AdwCleaner[R1].txt - [1074 octets] - [15/08/2014 16:05:08]
    AdwCleaner[S0].txt - [2169 octets] - [15/08/2014 00:22:21]
    AdwCleaner[S1].txt - [1145 octets] - [15/08/2014 16:05:43]


    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1205 octets] ##########

  6. #6

    Re: Cant remove hao123.com

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by User on 08/15/2014 Fri at 16:07:38.47
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








    ~~~ Services






    ~~~ Registry Values






    ~~~ Registry Keys


    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}






    ~~~ Files






    ~~~ Folders






    ~~~ Event Viewer Logs were cleared










    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 08/15/2014 Fri at 16:11:24.30
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  7. #7

    Re: Cant remove hao123.com

    Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler)
    Bleeping Computer - Technical Support and Computer Help
    Copyright 2008-2014 BleepingComputer.com
    More Information about Shortcut Cleaner can be found at this link:
    Shortcut Cleaner Download


    Windows Version: Windows 7 Home Premium Service Pack 1
    Program started at: 08/15/2014 04:12:20 PM.


    Scanning for registry hijacks:


    * No issues found in the Registry.


    Searching for Hijacked Shortcuts:


    Searching C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\


    Searching C:\ProgramData\Microsoft\Windows\Start Menu\


    Searching C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\


    Searching C:\Users\Public\Desktop\


    Searching C:\Users\User\Desktop




    0 bad shortcuts found.


    Program finished at: 08/15/2014 04:12:21 PM
    Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)

  8. #8

    Re: Cant remove hao123.com

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.67.2
    Run by User at 16:13:22 on 2014-08-15
    Microsoft Windows 7 Home Premium 6.1.7601.1.936.65.1033.18.16351.13002 [GMT 8:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Plantronics\GameCom780\GameCom780.exe
    C:\Windows\System32\StikyNot.exe
    E:\Program File\Steam\Steam.exe
    C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    E:\Program File\Steam\bin\steamwebhelper.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\explorer.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/
    uProxyOverride = <local>
    mWinlogon: Userinit = userinit.exe,
    BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: XGBHOer Class: {D688CDAC-8854-46AC-A2D0-DD4B6122F3D0} - C:\Users\Public\Documents\xbho.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [Steam] "E:\Program File\Steam\steam.exe" -silent
    uRun: [uTorrent] "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: ???????? - <no file>
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{3BD21325-D921-4663-8DBE-A5BB6134AD5A} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{BB862F00-1B27-46A1-AD77-D3AF5347408C} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{BB862F00-1B27-46A1-AD77-D3AF5347408C}\14055435E2D697 : DHCPNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [GamecomSound] C:\Program Files\Plantronics\GameCom780\GameCom780.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-6-18 283064]
    R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
    R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
    R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-6-17 180136]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
    R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2014-3-11 260360]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2014-6-17 165144]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-6-17 1720608]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-6-17 18956064]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-7-30 411936]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2014-6-17 363800]
    R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
    R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
    R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-17 20256]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-17 40392]
    R3 PlantronicsGC;PLTGC Interface;C:\Windows\System32\drivers\PLTGC.sys [2014-6-25 1327104]
    R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2014-5-19 39080]
    R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-5-19 155816]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
    S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2014-6-17 137488]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
    S3 iSafeKrnlBoot;iSafeKrnl Boot Driver;C:\Windows\System32\drivers\iSafeKrnlBoot.sys [2014-8-8 45248]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-18 19456]
    S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-6-18 31800]
    S3 SdoKeyCrypt;SdoKeyCrypt;C:\Windows\System32\SdoKeyCrypt.sys [2014-7-25 69560]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-18 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-6-18 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-18 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    .
    =============== Created Last 30 ================
    .
    2014-08-15 08:07:37 -------- d-----w- C:\Windows\ERUNT
    2014-08-14 17:00:16 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C7FE969C-9C56-454A-B3BE-6D44C03502E1}\mpengine.dll
    2014-08-14 16:58:06 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
    2014-08-14 16:58:06 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
    2014-08-14 16:58:06 171160 ----a-w- C:\Windows\System32\infocardapi.dll
    2014-08-14 16:58:06 1389208 ----a-w- C:\Windows\System32\icardagt.exe
    2014-08-14 16:58:05 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
    2014-08-14 16:58:05 8856 ----a-w- C:\Windows\System32\icardres.dll
    2014-08-14 16:57:55 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
    2014-08-14 16:57:55 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
    2014-08-14 16:20:00 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
    2014-08-14 16:19:30 -------- d-----w- C:\AdwCleaner
    2014-08-14 01:20:02 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D665DFB-4738-41A3-9805-EB10EDA21DC6}\gapaengine.dll
    2014-08-14 01:19:53 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-08-14 01:15:05 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
    2014-08-14 01:15:04 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
    2014-08-14 01:15:03 529920 ----a-w- C:\Windows\System32\aepdu.dll
    2014-08-14 01:15:03 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-08-09 17:47:00 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-08-09 17:43:18 -------- d-----w- C:\Users\User\AppData\Roaming\FlvtoConverter
    2014-08-09 17:43:18 -------- d-----w- C:\Users\User\AppData\Local\FlvtoYoutubeDownloader
    2014-08-09 17:43:02 -------- d-----w- C:\Program Files (x86)\Flvto Youtube Downloader
    2014-08-08 01:30:14 45248 ----a-w- C:\Windows\System32\drivers\iSafeKrnlBoot.sys
    2014-08-08 01:30:14 -------- d-----w- C:\Windows\System32\log
    2014-08-08 01:09:31 -------- d-----w- C:\Program Files\Enigma Software Group
    2014-08-08 01:09:06 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
    2014-08-08 01:09:06 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2014-07-30 12:45:42 609240 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2014-07-28 14:39:04 -------- d-sh--w- C:\ProgramData\DSS
    2014-07-28 14:39:04 -------- d-----w- C:\ProgramData\Codemasters
    2014-07-28 14:38:07 -------- d-----w- C:\Windows\SysWow64\xlive
    2014-07-28 14:38:04 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2014-07-28 14:37:49 19087360 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll
    2014-07-28 14:37:49 1417216 ----a-w- C:\Windows\SysWow64\rapture3d_oal.dll
    2014-07-28 14:37:48 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2014-07-28 14:37:48 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2014-07-28 14:37:48 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2014-07-28 14:37:48 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2014-07-28 14:37:48 -------- d-----w- C:\Program Files (x86)\OpenAL
    2014-07-28 14:37:48 -------- d-----w- C:\Program Files (x86)\BRS
    2014-07-25 03:12:07 -------- d-----w- C:\Users\User\AppData\Roaming\SNDA
    2014-07-25 02:38:08 69560 ----a-w- C:\Windows\System32\SdoKeyCrypt.sys
    2014-07-23 12:59:14 -------- d-----w- C:\Users\User\AppData\Roaming\AlawarEntertainment
    2014-07-21 13:18:41 -------- d-----w- C:\ProgramData\QvodPlayer
    2014-07-19 17:56:41 -------- d-----w- C:\Program Files (x86)\SNDA
    2014-07-19 14:30:12 -------- d-----w- C:\ProgramData\Oracle
    .
    ==================== Find3M ====================
    .
    2014-08-08 01:25:15 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-08-08 01:25:15 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-08-08 01:06:22 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-07-25 13:50:29 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
    2014-07-25 13:50:29 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
    2014-07-25 13:50:11 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
    2014-07-25 13:50:11 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
    2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
    2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
    2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-07-16 03:25:04 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-07-16 02:46:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-07-16 02:12:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
    2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
    2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
    2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
    2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
    2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
    2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
    2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
    2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
    2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
    2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
    2014-06-18 15:33:53 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
    2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
    2014-06-17 05:49:58 1937312 ----a-w- C:\Windows\System32\FMAPO64.dll
    2014-06-17 05:43:20 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
    2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2014-06-09 08:41:00 180136 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
    2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
    2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
    2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
    2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
    2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
    2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
    2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
    2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
    2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
    2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
    2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
    2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2014-05-28 23:32:14 80384 ----a-w- C:\Windows\System32\RazerCoinstaller.dll
    2014-05-24 02:33:58 864256 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
    2014-05-24 02:33:56 325120 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
    2014-05-20 02:44:03 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
    2014-05-20 02:44:03 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2014-05-20 02:44:03 1889112 ----a-w- C:\Windows\System32\nvdispco6433788.dll
    2014-05-20 02:44:03 1541576 ----a-w- C:\Windows\System32\nvdispgenco6433788.dll
    2014-05-20 02:44:03 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    2014-05-19 06:47:30 39080 ----a-w- C:\Windows\System32\drivers\rzendpt.sys
    2014-05-19 06:47:28 155816 ----a-w- C:\Windows\System32\drivers\rzudd.sys
    2014-05-19 06:26:50 89088 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
    2014-05-19 06:26:50 155136 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
    2014-05-19 06:26:46 117248 ----a-w- C:\Windows\SysWow64\rzdisplaydll.dll
    .
    ============= FINISH: 16:13:32.30 ===============

  9. #9
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Cant remove hao123.com

    Thank you for the logs, Kelchan35. Let's take this another step, please.

    Please follow these instructions carefully. Download ComboFix from the following location: Link 1

    !!! IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

      Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
    • If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
    • Double-click ComboFix.exe on your desktop and follow the prompts.
    • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    • When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  10. #10

    Re: Cant remove hao123.com

    ComboFix 14-08-15.01 - User 5/2014 Fri 22:44:35.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.936.65.1033.18.16351.11357 [GMT 8:00]
    执行位置: c:\users\User\Downloads\Programs\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\PFRO.log
    E:\install.exe
    .
    .
    ((((((((((((((((((((((((( 2014-07-15 至 2014-08-15 的新的档案 )))))))))))))))))))))))))))))))
    .
    .
    2014-08-15 14:47 . 2014-08-15 14:47 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-08-15 08:07 . 2014-08-15 08:07 -------- d-----w- c:\windows\ERUNT
    2014-08-14 17:00 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7FE969C-9C56-454A-B3BE-6D44C03502E1}\mpengine.dll
    2014-08-14 16:58 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
    2014-08-14 16:58 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
    2014-08-14 16:58 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
    2014-08-14 16:58 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
    2014-08-14 16:58 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
    2014-08-14 16:58 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
    2014-08-14 16:57 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
    2014-08-14 16:57 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
    2014-08-14 16:20 . 2010-08-30 00:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
    2014-08-14 16:19 . 2014-08-15 08:05 -------- d-----w- C:\AdwCleaner
    2014-08-14 01:20 . 2014-06-18 13:13 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D665DFB-4738-41A3-9805-EB10EDA21DC6}\gapaengine.dll
    2014-08-14 01:19 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-08-14 01:15 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
    2014-08-14 01:15 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
    2014-08-14 01:15 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
    2014-08-14 01:15 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
    2014-08-09 17:47 . 2014-08-09 17:47 -------- d-----w- c:\program files (x86)\Common Files\Java
    2014-08-09 17:47 . 2014-08-09 17:46 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-08-09 17:46 . 2014-08-09 17:46 -------- d-----w- c:\program files (x86)\Java
    2014-08-09 17:43 . 2014-08-09 18:19 -------- d-----w- c:\users\User\AppData\Roaming\FlvtoConverter
    2014-08-09 17:43 . 2014-08-09 17:43 -------- d-----w- c:\users\User\AppData\Local\FlvtoYoutubeDownloader
    2014-08-09 17:43 . 2014-08-09 17:43 -------- d-----w- c:\program files (x86)\Flvto Youtube Downloader
    2014-08-08 01:30 . 2014-08-08 01:30 -------- d-----w- c:\windows\system32\log
    2014-08-08 01:30 . 2014-07-25 10:13 45248 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys
    2014-08-08 01:09 . 2014-08-08 01:09 -------- d-----w- c:\program files\Enigma Software Group
    2014-08-08 01:09 . 2014-08-08 01:27 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
    2014-08-08 01:09 . 2014-08-08 01:09 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2014-07-30 12:45 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2014-07-28 14:39 . 2014-07-28 14:39 -------- d-sh--w- c:\programdata\DSS
    2014-07-28 14:39 . 2014-07-28 14:39 -------- d-----w- c:\programdata\Codemasters
    2014-07-28 14:38 . 2014-07-28 14:38 -------- d-----w- c:\windows\SysWow64\xlive
    2014-07-28 14:38 . 2014-07-28 14:38 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
    2014-07-28 14:37 . 2011-03-19 07:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
    2014-07-28 14:37 . 2010-09-22 05:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
    2014-07-28 14:37 . 2014-07-28 14:37 -------- d-----w- c:\program files (x86)\BRS
    2014-07-28 14:37 . 2014-07-28 14:37 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2014-07-28 14:37 . 2014-07-28 14:37 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2014-07-28 14:37 . 2014-07-28 14:37 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2014-07-28 14:37 . 2014-07-28 14:37 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2014-07-28 14:37 . 2014-07-28 14:37 -------- d-----w- c:\program files (x86)\OpenAL
    2014-07-25 03:12 . 2014-07-25 03:12 -------- d-----w- c:\users\User\AppData\Roaming\SNDA
    2014-07-25 02:38 . 2014-07-25 02:38 69560 ----a-w- c:\windows\system32\SdoKeyCrypt.sys
    2014-07-23 12:59 . 2014-07-23 12:59 -------- d-----w- c:\users\User\AppData\Roaming\AlawarEntertainment
    2014-07-21 13:18 . 2014-08-14 16:21 -------- d-----w- c:\programdata\QvodPlayer
    2014-07-19 17:56 . 2014-07-27 02:43 -------- d-----w- c:\program files (x86)\SNDA
    2014-07-19 14:30 . 2014-08-09 17:47 -------- d-----w- c:\programdata\Oracle
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-08-15 01:58 . 2014-07-15 04:41 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
    2014-08-14 17:00 . 2014-06-18 10:37 99218768 ----a-w- c:\windows\system32\MRT.exe
    2014-08-08 01:25 . 2014-06-18 09:43 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-08-08 01:25 . 2014-06-18 09:43 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-08-08 01:06 . 2014-06-18 15:12 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-07-25 13:50 . 2014-06-18 12:00 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
    2014-07-25 13:50 . 2014-06-17 06:05 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2014-07-25 13:50 . 2014-06-18 12:00 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
    2014-07-25 13:50 . 2014-06-17 06:05 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
    2014-07-02 20:48 . 2014-06-17 06:04 75040 ----a-w- c:\windows\system32\OpenCL.dll
    2014-07-02 20:48 . 2014-06-17 06:04 61912 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2014-07-02 20:48 . 2014-06-17 06:02 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
    2014-07-02 20:48 . 2014-06-17 06:02 3196816 ----a-w- c:\windows\system32\nvapi64.dll
    2014-07-02 20:48 . 2014-06-17 06:02 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
    2014-07-02 20:48 . 2014-06-17 06:02 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2014-07-02 20:48 . 2014-06-17 06:02 16122344 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2014-07-02 20:48 . 2014-06-17 06:02 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2014-07-02 18:55 . 2014-06-17 06:04 6783776 ----a-w- c:\windows\system32\nvcpl.dll
    2014-07-02 18:55 . 2014-06-17 06:04 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
    2014-07-02 18:55 . 2014-06-17 06:04 935368 ----a-w- c:\windows\system32\nvvsvc.exe
    2014-07-02 18:55 . 2014-06-17 06:04 62808 ----a-w- c:\windows\system32\nvshext.dll
    2014-07-02 18:55 . 2014-06-17 06:04 386520 ----a-w- c:\windows\system32\nvmctray.dll
    2014-07-02 10:14 . 2014-06-17 06:04 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
    2014-06-18 16:30 . 2012-07-17 06:37 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2014-06-18 15:33 . 2014-06-18 15:33 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2014-06-18 13:13 . 2014-06-24 04:21 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2014-06-18 10:17 . 2014-06-18 10:17 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
    2014-06-18 10:17 . 2014-06-18 10:17 942592 ----a-w- c:\windows\system32\jsIntl.dll
    2014-06-18 10:17 . 2014-06-18 10:17 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2014-06-18 10:17 . 2014-06-18 10:17 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2014-06-18 10:17 . 2014-06-18 10:17 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2014-06-18 10:17 . 2014-06-18 10:17 81408 ----a-w- c:\windows\system32\icardie.dll
    2014-06-18 10:17 . 2014-06-18 10:17 774144 ----a-w- c:\windows\system32\jscript.dll
    2014-06-18 10:17 . 2014-06-18 10:17 77312 ----a-w- c:\windows\system32\tdc.ocx
    2014-06-18 10:17 . 2014-06-18 10:17 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2014-06-18 10:17 . 2014-06-18 10:17 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2014-06-18 10:17 . 2014-06-18 10:17 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
    2014-06-18 10:17 . 2014-06-18 10:17 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
    2014-06-18 10:17 . 2014-06-18 10:17 62464 ----a-w- c:\windows\system32\pngfilt.dll
    2014-06-18 10:17 . 2014-06-18 10:17 616104 ----a-w- c:\windows\system32\ieapfltr.dat
    2014-06-18 10:17 . 2014-06-18 10:17 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
    2014-06-18 10:17 . 2014-06-18 10:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2014-06-18 10:17 . 2014-06-18 10:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2014-06-18 10:17 . 2014-06-18 10:17 48128 ----a-w- c:\windows\system32\imgutil.dll
    2014-06-18 10:17 . 2014-06-18 10:17 413696 ----a-w- c:\windows\system32\html.iec
    2014-06-18 10:17 . 2014-06-18 10:17 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
    2014-06-18 10:17 . 2014-06-18 10:17 337408 ----a-w- c:\windows\SysWow64\html.iec
    2014-06-18 10:17 . 2014-06-18 10:17 30208 ----a-w- c:\windows\system32\licmgr10.dll
    2014-06-18 10:17 . 2014-06-18 10:17 247808 ----a-w- c:\windows\system32\msls31.dll
    2014-06-18 10:17 . 2014-06-18 10:17 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2014-06-18 10:17 . 2014-06-18 10:17 243200 ----a-w- c:\windows\system32\webcheck.dll
    2014-06-18 10:17 . 2014-06-18 10:17 235520 ----a-w- c:\windows\system32\url.dll
    2014-06-18 10:17 . 2014-06-18 10:17 235008 ----a-w- c:\windows\system32\elshyph.dll
    2014-06-18 10:17 . 2014-06-18 10:17 182272 ----a-w- c:\windows\SysWow64\msls31.dll
    2014-06-18 10:17 . 2014-06-18 10:17 167424 ----a-w- c:\windows\system32\iexpress.exe
    2014-06-18 10:17 . 2014-06-18 10:17 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
    2014-06-18 10:17 . 2014-06-18 10:17 147968 ----a-w- c:\windows\system32\occache.dll
    2014-06-18 10:17 . 2014-06-18 10:17 143872 ----a-w- c:\windows\system32\wextract.exe
    2014-06-18 10:17 . 2014-06-18 10:17 139264 ----a-w- c:\windows\SysWow64\wextract.exe
    2014-06-18 10:17 . 2014-06-18 10:17 13824 ----a-w- c:\windows\system32\mshta.exe
    2014-06-18 10:17 . 2014-06-18 10:17 135680 ----a-w- c:\windows\system32\iepeers.dll
    2014-06-18 10:17 . 2014-06-18 10:17 13312 ----a-w- c:\windows\SysWow64\mshta.exe
    2014-06-18 10:17 . 2014-06-18 10:17 13312 ----a-w- c:\windows\system32\msfeedssync.exe
    2014-06-18 10:17 . 2014-06-18 10:17 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
    2014-06-18 10:17 . 2014-06-18 10:17 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2014-06-18 10:17 . 2014-06-18 10:17 105984 ----a-w- c:\windows\system32\iesysprep.dll
    2014-06-18 10:17 . 2014-06-18 10:17 101376 ----a-w- c:\windows\system32\inseng.dll
    2014-06-18 02:18 . 2014-07-08 21:08 692736 ----a-w- c:\windows\system32\osk.exe
    2014-06-18 01:51 . 2014-07-08 21:08 646144 ----a-w- c:\windows\SysWow64\osk.exe
    2014-06-17 05:50 . 2014-06-17 05:56 2580824 ----a-w- c:\windows\system32\WavesGUILib.dll
    2014-06-17 05:50 . 2014-06-17 05:56 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 198896 ----a-w- c:\windows\system32\SRSHP64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 121744 ----a-w- c:\windows\system32\SFSS_APO.dll
    2014-06-17 05:50 . 2014-06-17 05:56 81232 ----a-w- c:\windows\system32\SFCOM64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 78160 ----a-w- c:\windows\system32\SFAPO64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 74064 ----a-w- c:\windows\SysWow64\SFCOM.dll
    2014-06-17 05:50 . 2014-06-17 05:56 220496 ----a-w- c:\windows\system32\SFNHK64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 626792 ----a-w- c:\windows\system32\RtkApi64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 2813544 ----a-w- c:\windows\system32\RtkAPO64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 2186344 ----a-w- c:\windows\system32\RtPgEx64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 1247848 ----a-w- c:\windows\system32\RTCOM64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 2565736 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
    2014-06-17 05:50 . 2014-06-17 05:56 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
    2014-06-17 05:50 . 2014-06-17 05:56 78680 ----a-w- c:\windows\system32\RTEEG64A.dll
    2014-06-17 05:50 . 2014-06-17 05:56 375128 ----a-w- c:\windows\system32\RTEEP64A.dll
    2014-06-17 05:50 . 2014-06-17 05:56 204120 ----a-w- c:\windows\system32\RTEED64A.dll
    2014-06-17 05:50 . 2014-06-17 05:56 101208 ----a-w- c:\windows\system32\RTEEL64A.dll
    2014-06-17 05:50 . 2014-06-17 05:56 83048 ----a-w- c:\windows\system32\RCoInst64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 310104 ----a-w- c:\windows\system32\RP3DHT64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 310104 ----a-w- c:\windows\system32\RP3DAA64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 544768 ----a-w- c:\windows\system32\RCoRes64.dat
    2014-06-17 05:50 . 2014-06-17 05:56 1718616 ----a-w- c:\windows\system32\R4EEP64A.dll
    2014-06-17 05:50 . 2014-06-17 05:56 74584 ----a-w- c:\windows\system32\R4EEG64A.dll
    2014-06-17 05:50 . 2014-06-17 05:56 421720 ----a-w- c:\windows\system32\R4EED64A.dll
    2014-06-17 05:50 . 2014-06-17 05:56 127832 ----a-w- c:\windows\system32\R4EEL64A.dll
    2014-06-17 05:50 . 2014-06-17 05:56 108888 ----a-w- c:\windows\system32\R4EEA64A.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *注意* 空白与合法缺省登录将不会被显示
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D688CDAC-8854-46AC-A2D0-DD4B6122F3D0}]
    2014-08-07 16:19 276944 ----a-w- c:\users\Public\Documents\xbho.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="e:\program file\Steam\steam.exe" [2014-08-13 1937600]
    "uTorrent"="c:\users\User\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-13 1302096]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-06-18 3837520]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-06-23 585560]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 iSafeKrnlKit;iSafeKrnl Kit Driver;c:\program files (x86)\iSafe\iSafeKrnlKit.sys;c:\program files (x86)\iSafe\iSafeKrnlKit.sys [x]
    R1 iSafeKrnlR3;iSafeKrnl Ring3 Driver;c:\program files (x86)\iSafe\iSafeKrnlR3.sys;c:\program files (x86)\iSafe\iSafeKrnlR3.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeKrnlBoot.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
    R3 SDGame;SDGame;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    R3 SdoKeyCrypt;SdoKeyCrypt;c:\windows\system32\SdoKeyCrypt.sys;c:\windows\SYSNATIVE\SdoKeyCrypt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 PlantronicsGC;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys;c:\windows\SYSNATIVE\drivers\PLTGC.sys [x]
    S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
    S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-08-14 11:49 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
    .
    ‘计划任务’ 文件夹 里的内容
    .
    2014-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-18 01:25]
    .
    2014-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-18 14:43]
    .
    2014-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-18 14:43]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2014-04-21 10:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
    "GamecomSound"="c:\program files\Plantronics\GameCom780\GameCom780.exe" [2011-12-01 777448]
    .
    ------- 而外的扫描 -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: ????????
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    AddRemove-Steam - c:\program files (x86)\Steam\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1231026493-4201216510-2864048854-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):a5,2f,ab,4e,5b,74,b8,84,a7,eb,cb,36,0e,98,28,09,f2,e0,5d,17,8d,
    91,17,9a,8b,73,7a,b2,d5,4d,5e,72,b5,7e,35,6e,30,22,04,c9,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-1231026493-4201216510-2864048854-1000_Classes\Wow6432Node\CLSID\{9751a294-c487-49fa-8b1f-a2651b7ddf8e}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:000000e1
    "Therad"=dword:00000001
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.14"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    完成时间: 2014-08-15 22:48:32
    ComboFix-quarantined-files.txt 2014-08-15 14:48
    .
    Pre-Run: 34,821,120,000 bytes free
    Post-Run: 42,642,259,968 bytes free
    .
    - - End Of File - - C1B05C5CE79D52B0D9EAF79C58EA81AB
    A36C5E4F47E84449FF07ED3517B43A31

  11. #11
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Cant remove hao123.com

    Let's take care of the SpyHunter remnants that you installed and subsequently uninstalled.

    Custom CFScript

    Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.[/size]

    • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:
    Code:
    Folder::
    c:\program files\Enigma Software Group
    c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
    
    RegLock::
    [HKEY_USERS\S-1-5-21-1231026493-4201216510-2864048854-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):a5,2f,ab,4e,5b,74,b8,84,a7,eb,cb,36,0e,98,28,09,f2,e0,5d,17,8d,
    91,17,9a,8b,73,7a,b2,d5,4d,5e,72,b5,7e,35,6e,30,22,04,c9,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-1231026493-4201216510-2864048854-1000_Classes\Wow6432Node\CLSID\{9751a294-c487-49fa-8b1f-a2651b7ddf8e}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:000000e1
    "Therad"=dword:00000001
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    • Save this as CFScript.txt and place it on your desktop.
    • Close any open browsers.
    • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.



    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    Please let me know how your computer is now.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  12. #12

    Re: Cant remove hao123.com

    ComboFix 14-08-15.01 - User 6/2014 Sat 13:47:42.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.936.65.1033.18.16351.14307 [GMT 8:00]
    执行位置: c:\users\User\Desktop\ComboFix.exe
    Command switches used :: c:\users\User\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * 成功创造新还原点
    .
    .
    ((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Enigma Software Group
    c:\program files\Enigma Software Group\SpyHunter\Data\dns.dat
    c:\program files\Enigma Software Group\SpyHunter\gas.dat
    c:\program files\Enigma Software Group\SpyHunter\gil.dat
    c:\program files\Enigma Software Group\SpyHunter\Rollback\arch_0e3db225a990c269b84145528d4a2971_130519350292290000.esg
    c:\program files\Enigma Software Group\SpyHunter\Rollback\arch_11f6f9216d8f77eac196b07d66e819ea_130519350208350000.esg
    c:\program files\Enigma Software Group\SpyHunter\Rollback\arch_130519350208430000.xml
    c:\program files\Enigma Software Group\SpyHunter\Rollback\arch_130519350263140000.xml
    c:\program files\Enigma Software Group\SpyHunter\Rollback\arch_130519350292550000.xml
    c:\program files\Enigma Software Group\SpyHunter\Rollback\arch_fd394deca9a02fb3daf069b7bb3b5758_130519350262950000.esg
    c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
    c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCall.dll
    c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla.dll
    c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla2.dll
    c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla21.dll
    c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla31.exe
    c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla32.dll
    c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla33.dll
    c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla34.dll
    c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.dll
    c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.exe
    c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseData.ini
    .
    .
    ((((((((((((((((((((((((( 2014-07-16 至 2014-08-16 的新的档案 )))))))))))))))))))))))))))))))
    .
    .
    2014-08-16 05:50 . 2014-08-16 05:50 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-08-16 03:58 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D2D8326-3077-47F0-A557-E93C422F57A0}\mpengine.dll
    2014-08-15 14:56 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-08-15 08:07 . 2014-08-15 08:07 -------- d-----w- c:\windows\ERUNT
    2014-08-14 16:58 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
    2014-08-14 16:58 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
    2014-08-14 16:58 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
    2014-08-14 16:58 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
    2014-08-14 16:58 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
    2014-08-14 16:58 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
    2014-08-14 16:57 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
    2014-08-14 16:57 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
    2014-08-14 16:20 . 2010-08-30 00:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
    2014-08-14 16:19 . 2014-08-15 08:05 -------- d-----w- C:\AdwCleaner
    2014-08-14 01:20 . 2014-06-18 13:13 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D665DFB-4738-41A3-9805-EB10EDA21DC6}\gapaengine.dll
    2014-08-14 01:15 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
    2014-08-14 01:15 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
    2014-08-14 01:15 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
    2014-08-14 01:15 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
    2014-08-09 17:47 . 2014-08-09 17:47 -------- d-----w- c:\program files (x86)\Common Files\Java
    2014-08-09 17:47 . 2014-08-09 17:46 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-08-09 17:46 . 2014-08-09 17:46 -------- d-----w- c:\program files (x86)\Java
    2014-08-09 17:43 . 2014-08-09 18:19 -------- d-----w- c:\users\User\AppData\Roaming\FlvtoConverter
    2014-08-09 17:43 . 2014-08-09 17:43 -------- d-----w- c:\users\User\AppData\Local\FlvtoYoutubeDownloader
    2014-08-09 17:43 . 2014-08-09 17:43 -------- d-----w- c:\program files (x86)\Flvto Youtube Downloader
    2014-08-08 01:30 . 2014-08-08 01:30 -------- d-----w- c:\windows\system32\log
    2014-08-08 01:30 . 2014-07-25 10:13 45248 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys
    2014-08-08 01:09 . 2014-08-08 01:09 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2014-07-30 12:45 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2014-07-28 14:39 . 2014-07-28 14:39 -------- d-sh--w- c:\programdata\DSS
    2014-07-28 14:39 . 2014-07-28 14:39 -------- d-----w- c:\programdata\Codemasters
    2014-07-28 14:38 . 2014-07-28 14:38 -------- d-----w- c:\windows\SysWow64\xlive
    2014-07-28 14:38 . 2014-07-28 14:38 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
    2014-07-28 14:37 . 2011-03-19 07:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
    2014-07-28 14:37 . 2010-09-22 05:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
    2014-07-28 14:37 . 2014-07-28 14:37 -------- d-----w- c:\program files (x86)\BRS
    2014-07-28 14:37 . 2014-07-28 14:37 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2014-07-28 14:37 . 2014-07-28 14:37 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2014-07-28 14:37 . 2014-07-28 14:37 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2014-07-28 14:37 . 2014-07-28 14:37 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2014-07-28 14:37 . 2014-07-28 14:37 -------- d-----w- c:\program files (x86)\OpenAL
    2014-07-25 03:12 . 2014-07-25 03:12 -------- d-----w- c:\users\User\AppData\Roaming\SNDA
    2014-07-25 02:38 . 2014-07-25 02:38 69560 ----a-w- c:\windows\system32\SdoKeyCrypt.sys
    2014-07-23 12:59 . 2014-07-23 12:59 -------- d-----w- c:\users\User\AppData\Roaming\AlawarEntertainment
    2014-07-21 13:18 . 2014-08-14 16:21 -------- d-----w- c:\programdata\QvodPlayer
    2014-07-19 17:56 . 2014-07-27 02:43 -------- d-----w- c:\program files (x86)\SNDA
    2014-07-19 14:30 . 2014-08-09 17:47 -------- d-----w- c:\programdata\Oracle
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-08-15 20:39 . 2014-07-15 04:41 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
    2014-08-14 17:00 . 2014-06-18 10:37 99218768 ----a-w- c:\windows\system32\MRT.exe
    2014-08-08 01:25 . 2014-06-18 09:43 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-08-08 01:25 . 2014-06-18 09:43 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-08-08 01:06 . 2014-06-18 15:12 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-07-25 13:50 . 2014-06-18 12:00 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
    2014-07-25 13:50 . 2014-06-17 06:05 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2014-07-25 13:50 . 2014-06-18 12:00 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
    2014-07-25 13:50 . 2014-06-17 06:05 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
    2014-07-02 20:48 . 2014-06-17 06:04 75040 ----a-w- c:\windows\system32\OpenCL.dll
    2014-07-02 20:48 . 2014-06-17 06:04 61912 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2014-07-02 20:48 . 2014-06-17 06:02 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
    2014-07-02 20:48 . 2014-06-17 06:02 3196816 ----a-w- c:\windows\system32\nvapi64.dll
    2014-07-02 20:48 . 2014-06-17 06:02 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
    2014-07-02 20:48 . 2014-06-17 06:02 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2014-07-02 20:48 . 2014-06-17 06:02 16122344 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2014-07-02 20:48 . 2014-06-17 06:02 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2014-07-02 18:55 . 2014-06-17 06:04 6783776 ----a-w- c:\windows\system32\nvcpl.dll
    2014-07-02 18:55 . 2014-06-17 06:04 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
    2014-07-02 18:55 . 2014-06-17 06:04 935368 ----a-w- c:\windows\system32\nvvsvc.exe
    2014-07-02 18:55 . 2014-06-17 06:04 62808 ----a-w- c:\windows\system32\nvshext.dll
    2014-07-02 18:55 . 2014-06-17 06:04 386520 ----a-w- c:\windows\system32\nvmctray.dll
    2014-07-02 10:14 . 2014-06-17 06:04 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
    2014-06-18 16:30 . 2012-07-17 06:37 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2014-06-18 15:33 . 2014-06-18 15:33 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2014-06-18 13:13 . 2014-06-24 04:21 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2014-06-18 10:17 . 2014-06-18 10:17 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
    2014-06-18 10:17 . 2014-06-18 10:17 942592 ----a-w- c:\windows\system32\jsIntl.dll
    2014-06-18 10:17 . 2014-06-18 10:17 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2014-06-18 10:17 . 2014-06-18 10:17 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2014-06-18 10:17 . 2014-06-18 10:17 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2014-06-18 10:17 . 2014-06-18 10:17 81408 ----a-w- c:\windows\system32\icardie.dll
    2014-06-18 10:17 . 2014-06-18 10:17 774144 ----a-w- c:\windows\system32\jscript.dll
    2014-06-18 10:17 . 2014-06-18 10:17 77312 ----a-w- c:\windows\system32\tdc.ocx
    2014-06-18 10:17 . 2014-06-18 10:17 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2014-06-18 10:17 . 2014-06-18 10:17 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2014-06-18 10:17 . 2014-06-18 10:17 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
    2014-06-18 10:17 . 2014-06-18 10:17 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
    2014-06-18 10:17 . 2014-06-18 10:17 62464 ----a-w- c:\windows\system32\pngfilt.dll
    2014-06-18 10:17 . 2014-06-18 10:17 616104 ----a-w- c:\windows\system32\ieapfltr.dat
    2014-06-18 10:17 . 2014-06-18 10:17 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
    2014-06-18 10:17 . 2014-06-18 10:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2014-06-18 10:17 . 2014-06-18 10:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2014-06-18 10:17 . 2014-06-18 10:17 48128 ----a-w- c:\windows\system32\imgutil.dll
    2014-06-18 10:17 . 2014-06-18 10:17 413696 ----a-w- c:\windows\system32\html.iec
    2014-06-18 10:17 . 2014-06-18 10:17 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
    2014-06-18 10:17 . 2014-06-18 10:17 337408 ----a-w- c:\windows\SysWow64\html.iec
    2014-06-18 10:17 . 2014-06-18 10:17 30208 ----a-w- c:\windows\system32\licmgr10.dll
    2014-06-18 10:17 . 2014-06-18 10:17 247808 ----a-w- c:\windows\system32\msls31.dll
    2014-06-18 10:17 . 2014-06-18 10:17 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2014-06-18 10:17 . 2014-06-18 10:17 243200 ----a-w- c:\windows\system32\webcheck.dll
    2014-06-18 10:17 . 2014-06-18 10:17 235520 ----a-w- c:\windows\system32\url.dll
    2014-06-18 10:17 . 2014-06-18 10:17 235008 ----a-w- c:\windows\system32\elshyph.dll
    2014-06-18 10:17 . 2014-06-18 10:17 182272 ----a-w- c:\windows\SysWow64\msls31.dll
    2014-06-18 10:17 . 2014-06-18 10:17 167424 ----a-w- c:\windows\system32\iexpress.exe
    2014-06-18 10:17 . 2014-06-18 10:17 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
    2014-06-18 10:17 . 2014-06-18 10:17 147968 ----a-w- c:\windows\system32\occache.dll
    2014-06-18 10:17 . 2014-06-18 10:17 143872 ----a-w- c:\windows\system32\wextract.exe
    2014-06-18 10:17 . 2014-06-18 10:17 139264 ----a-w- c:\windows\SysWow64\wextract.exe
    2014-06-18 10:17 . 2014-06-18 10:17 13824 ----a-w- c:\windows\system32\mshta.exe
    2014-06-18 10:17 . 2014-06-18 10:17 135680 ----a-w- c:\windows\system32\iepeers.dll
    2014-06-18 10:17 . 2014-06-18 10:17 13312 ----a-w- c:\windows\SysWow64\mshta.exe
    2014-06-18 10:17 . 2014-06-18 10:17 13312 ----a-w- c:\windows\system32\msfeedssync.exe
    2014-06-18 10:17 . 2014-06-18 10:17 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
    2014-06-18 10:17 . 2014-06-18 10:17 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2014-06-18 10:17 . 2014-06-18 10:17 105984 ----a-w- c:\windows\system32\iesysprep.dll
    2014-06-18 10:17 . 2014-06-18 10:17 101376 ----a-w- c:\windows\system32\inseng.dll
    2014-06-18 02:18 . 2014-07-08 21:08 692736 ----a-w- c:\windows\system32\osk.exe
    2014-06-18 01:51 . 2014-07-08 21:08 646144 ----a-w- c:\windows\SysWow64\osk.exe
    2014-06-17 05:50 . 2014-06-17 05:56 2580824 ----a-w- c:\windows\system32\WavesGUILib.dll
    2014-06-17 05:50 . 2014-06-17 05:56 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 198896 ----a-w- c:\windows\system32\SRSHP64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 121744 ----a-w- c:\windows\system32\SFSS_APO.dll
    2014-06-17 05:50 . 2014-06-17 05:56 81232 ----a-w- c:\windows\system32\SFCOM64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 78160 ----a-w- c:\windows\system32\SFAPO64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 74064 ----a-w- c:\windows\SysWow64\SFCOM.dll
    2014-06-17 05:50 . 2014-06-17 05:56 220496 ----a-w- c:\windows\system32\SFNHK64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 626792 ----a-w- c:\windows\system32\RtkApi64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 2813544 ----a-w- c:\windows\system32\RtkAPO64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 2186344 ----a-w- c:\windows\system32\RtPgEx64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 1247848 ----a-w- c:\windows\system32\RTCOM64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 2565736 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
    2014-06-17 05:50 . 2014-06-17 05:56 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
    2014-06-17 05:50 . 2014-06-17 05:56 78680 ----a-w- c:\windows\system32\RTEEG64A.dll
    2014-06-17 05:50 . 2014-06-17 05:56 375128 ----a-w- c:\windows\system32\RTEEP64A.dll
    2014-06-17 05:50 . 2014-06-17 05:56 204120 ----a-w- c:\windows\system32\RTEED64A.dll
    2014-06-17 05:50 . 2014-06-17 05:56 101208 ----a-w- c:\windows\system32\RTEEL64A.dll
    2014-06-17 05:50 . 2014-06-17 05:56 83048 ----a-w- c:\windows\system32\RCoInst64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 310104 ----a-w- c:\windows\system32\RP3DHT64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 310104 ----a-w- c:\windows\system32\RP3DAA64.dll
    2014-06-17 05:50 . 2014-06-17 05:56 544768 ----a-w- c:\windows\system32\RCoRes64.dat
    2014-06-17 05:50 . 2014-06-17 05:56 1718616 ----a-w- c:\windows\system32\R4EEP64A.dll
    2014-06-17 05:50 . 2014-06-17 05:56 74584 ----a-w- c:\windows\system32\R4EEG64A.dll
    2014-06-17 05:50 . 2014-06-17 05:56 421720 ----a-w- c:\windows\system32\R4EED64A.dll
    2014-06-17 05:50 . 2014-06-17 05:56 127832 ----a-w- c:\windows\system32\R4EEL64A.dll
    2014-06-17 05:50 . 2014-06-17 05:56 108888 ----a-w- c:\windows\system32\R4EEA64A.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *注意* 空白与合法缺省登录将不会被显示
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D688CDAC-8854-46AC-A2D0-DD4B6122F3D0}]
    2014-08-07 16:19 276944 ----a-w- c:\users\Public\Documents\xbho.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="e:\program file\Steam\steam.exe" [2014-08-13 1937600]
    "uTorrent"="c:\users\User\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-13 1302096]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-06-18 3837520]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-06-23 585560]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 iSafeKrnlKit;iSafeKrnl Kit Driver;c:\program files (x86)\iSafe\iSafeKrnlKit.sys;c:\program files (x86)\iSafe\iSafeKrnlKit.sys [x]
    R1 iSafeKrnlR3;iSafeKrnl Ring3 Driver;c:\program files (x86)\iSafe\iSafeKrnlR3.sys;c:\program files (x86)\iSafe\iSafeKrnlR3.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeKrnlBoot.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
    R3 SDGame;SDGame;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    R3 SdoKeyCrypt;SdoKeyCrypt;c:\windows\system32\SdoKeyCrypt.sys;c:\windows\SYSNATIVE\SdoKeyCrypt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
    S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 PlantronicsGC;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys;c:\windows\SYSNATIVE\drivers\PLTGC.sys [x]
    S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
    S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-08-14 11:49 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
    .
    ‘计划任务’ 文件夹 里的内容
    .
    2014-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-18 01:25]
    .
    2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-18 14:43]
    .
    2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-18 14:43]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2014-04-21 10:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
    "GamecomSound"="c:\program files\Plantronics\GameCom780\GameCom780.exe" [2011-12-01 777448]
    .
    ------- 而外的扫描 -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: ????????
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    AddRemove-Steam - c:\program files (x86)\Steam\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.14"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    完成时间: 2014-08-16 13:51:07
    ComboFix-quarantined-files.txt 2014-08-16 05:51
    ComboFix2.txt 2014-08-15 14:48
    .
    Pre-Run: 42,600,783,872 bytes free
    Post-Run: 42,263,793,664 bytes free
    .
    - - End Of File - - B02DD21AF19BDE2832E24C25E5C13109
    A36C5E4F47E84449FF07ED3517B43A31

  13. #13

    Re: Cant remove hao123.com

    The log is above ^

    My internet explorer still same, cant remove hao123 as for my google chrome if i press the desktop icon it will still appear hao123 but if i press the google chrome in my taskbar it opens the websites i set

  14. #14
    Tekno Venus's Avatar
    Join Date
    Jul 2012
    Location
    UK
    Age
    20
    Posts
    5,976
    • specs System Specs
      • Manufacturer:
        Custom Built
      • Motherboard:
        ASUS Z170I ITX
      • CPU:
        Intel Core i7 6700K
      • Memory:
        16GB DDR4
      • Hard Drives:
        500GB Samsung 850 EVO, 2TB Seagate HDD
      • Power Supply:
        450W Corsair SFX
      • Case:
        Silverstone SG13 ITX
      • Cooling:
        Corsair H60i
      • Display:
        Dell U2715H - 2160x1440 27 inch
      • Operating System:
        Windows 10 Pro x64

    Re: Cant remove hao123.com

    @Corrine, I hope you don't mind me jumping in here, I've just read something that may help.

    Right click the Chrome shortcut on your desktop and choose Properties. In the Target box, remove http://Hao123.com. You should just be left with a path to chrome.exe ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe").

    If that doesn't work, I'll leave Corrine to clean anything else up that combofix found :)

    Stephen


  15. #15

    Re: Cant remove hao123.com

    Quote Originally Posted by Tekno Venus View Post
    @Corrine, I hope you don't mind me jumping in here, I've just read something that may help.

    Right click the Chrome shortcut on your desktop and choose Properties. In the Target box, remove http://Hao123.com. You should just be left with a path to chrome.exe ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe").

    If that doesn't work, I'll leave Corrine to clean anything else up that combofix found :)

    Stephen
    problem solved lol.. thx all is there still anything ?

  16. #16
    Tekno Venus's Avatar
    Join Date
    Jul 2012
    Location
    UK
    Age
    20
    Posts
    5,976
    • specs System Specs
      • Manufacturer:
        Custom Built
      • Motherboard:
        ASUS Z170I ITX
      • CPU:
        Intel Core i7 6700K
      • Memory:
        16GB DDR4
      • Hard Drives:
        500GB Samsung 850 EVO, 2TB Seagate HDD
      • Power Supply:
        450W Corsair SFX
      • Case:
        Silverstone SG13 ITX
      • Cooling:
        Corsair H60i
      • Display:
        Dell U2715H - 2160x1440 27 inch
      • Operating System:
        Windows 10 Pro x64

    Re: Cant remove hao123.com

    You'll have to wait for Corrine to give the all clear on that - there may be something left.


  17. #17
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Cant remove hao123.com

    Thank you, Stephen!

    Kelchan35, for Internet Explorer, you will need to reset Internet Explorer settings to return them to the state they were in when Internet Explorer was first installed on your PC.


    • Open Internet Explorer, click on the “gear icon” in the upper right part of the browser, then click on Internet Options.
    • In the “Internet Options” dialog box, click on the “Advanced” tab, then click on the “Reset” button.
    • In the “Reset Internet Explorer settings” section, select the “Delete personal settings” check box, then click on “Reset” button.
    • When Internet Explorer has completed its task, click on the “Close” button in the confirmation dialogue box.
    • Close and reopen the browser.


    If everything is back to normal after resetting IE, I'll provide instructions for cleaning up the tools we used.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  18. #18

    Re: Cant remove hao123.com

    the internet explorer issue also solved thru Tekno Venus method

  19. #19
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    9,050

    Re: Cant remove hao123.com

    Excellent, Kelchan35.

    Some advice first and a strong word of caution: P2P programs form a direct conduit on to your computer. They have always been a target of malware writers. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. Use of P2P programs can result in Identity Theft.

    Let's take care of removing the tools used:

    Please download Delfix from here.

    Ensure the following boxes are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Click Run

    Please refer to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?".

    Also see Answers to common security questions - Best Practices - Anti-Virus and Anti-Malware Software by quietman7.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  20. #20

    Re: Cant remove hao123.com

    Hi, really thx alot ! Appreciate alot ! <3

Page 1 of 2 12 Last

Similar Threads

  1. cant remove hao123
    By Kelchan35 in forum General Help & Information
    Replies: 3
    Last Post: 08-08-2014, 01:48 PM
  2. how to manually remove KB2661254-v2
    By askjoy in forum General Help & Information
    Replies: 2
    Last Post: 03-05-2013, 01:45 PM
  3. Replies: 0
    Last Post: 05-22-2012, 11:03 PM

Log in

Log in