Cant remove hao123.com

K

Kelchan35

Active member
Joined
Jun 18, 2014
Posts
38
Can't remove hao123.com from google chrome and Internet Explorer

Cant remove hao123.com from google chrome and internet explorer, i tried those ways suggested in google

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/16/2014 1:08:57 PM
System Uptime: 8/14/2014 9:08:02 AM (8 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8Z68-V GEN3
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz | LGA1155 | 3101/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 31.455 GiB free.
D: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 346.767 GiB free.
F: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: USB\VID_0CF3&PID_3000\6&DF2EE03&0&7
Manufacturer:
Name:
PNP Device ID: USB\VID_0CF3&PID_3000\6&DF2EE03&0&7
Service:
.
==== System Restore Points ===================
.
RP87: 8/8/2014 9:06:14 AM - Revo Uninstaller Pro's restore point - 西瓜
RP88: 8/8/2014 9:09:20 AM - Installed SpyHunter
RP90: 8/8/2014 9:26:55 AM - Revo Uninstaller Pro's restore point - SpyHunter
RP91: 8/8/2014 9:27:02 AM - Removed SpyHunter
RP92: 8/9/2014 8:35:23 AM - Windows Update
RP93: 8/10/2014 1:46:39 AM - Installed Java 7 Update 67
RP94: 8/12/2014 11:08:35 PM - Windows Update
.
==== Installed Programs ======================
.
3DMark
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.07)
Asmedia ASM104x USB 3.0 Host Controller Driver
BattleBlock Theater
Borderlands 2
Canon MF3010
Castle Crashers
Craft The World
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DiRT 3
Dota 2
Farm Frenzy 4
Flvto Youtube Downloader
Futuremark SystemInfo
Giana Sisters: Twisted Dreams
Google Chrome
Google Update Helper
Happy Wars
Intel(R) Management Engine Components
Intel(R) Network Connections 19.1.51.0
Intel? Trusted Connect Service Client
Internet Download Manager
Java 7 Update 67
Java Auto Updater
Kingdom Rush
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft XNA Framework Redistributable 4.0
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
NVIDIA 3D Vision Controller Driver 340.50
NVIDIA 3D Vision Driver 340.52
NVIDIA Control Panel 340.52
NVIDIA GeForce Experience 2.1.1
NVIDIA Graphics Driver 340.52
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 15.3.33
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 15.3.33
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.23
OpenAL
Photo Common
Photo Gallery
Plantronics? GameCom 780 Software for Dolby? Headphone
Rapture3D 2.4.8 Game
Razer Synapse 2.0
Realtek High Definition Audio Driver
Revo Uninstaller Pro 3.0.8
Risk of Rain
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
SHIELD Streaming
Skullgirls
Skullgirls ∞Endless Beta∞
Skype Click to Call
Skype? 6.16
Steam
Terraria
TP-LINK TL-WN727N Driver
Unlocker 1.9.2
Uplay
VLC media player
Watch_Dogs
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinZip 18.5
Yet Another Cleaner!
μTorrent
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.67.2
Run by User at 17:12:54 on 2014-08-14
Microsoft Windows 7 Home Premium 6.1.7601.1.936.65.1033.18.16351.10025 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Plantronics\GameCom780\GameCom780.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
E:\Program File\Steam\Steam.exe
E:\Program File\Steam\steamapps\common\dota 2 beta\dota.exe
E:\Program File\Steam\GameOverlayUI.exe
C:\Users\User\Downloads\Compressed\QvodPlayer5.16绿色无广告修正版\QvodPlayer.exe
C:\Users\User\Downloads\Compressed\QvodPlayer5.16绿色无广告修正版\QvodTerminal.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: XGBHOer Class: {D688CDAC-8854-46AC-A2D0-DD4B6122F3D0} - C:\Users\Public\Documents\xbho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Steam] "E:\Program File\Steam\steam.exe" -silent
uRun: [uTorrent] "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: ???????? - <no file>
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3BD21325-D921-4663-8DBE-A5BB6134AD5A} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{BB862F00-1B27-46A1-AD77-D3AF5347408C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BB862F00-1B27-46A1-AD77-D3AF5347408C}\14055435E2D697 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [GamecomSound] C:\Program Files\Plantronics\GameCom780\GameCom780.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-6-18 283064]
R1 iSafeKrnl;iSafeKrnl Mini-Filter Driver;C:\Program Files (x86)\iSafe\iSafeKrnl.sys [2014-8-8 247488]
R1 iSafeKrnlKit;iSafeKrnl Kit Driver;C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [2014-8-8 78016]
R1 iSafeKrnlR3;iSafeKrnl Ring3 Driver;C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [2014-8-8 65216]
R1 iSafeNetFilter;iSafeNetFilter NDIS Driver;C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [2014-8-8 48640]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-6-17 180136]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2014-3-11 260360]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2014-6-17 165144]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-6-17 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-6-17 18956064]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-7-30 411936]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2014-6-17 363800]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-17 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-17 40392]
R3 PlantronicsGC;PLTGC Interface;C:\Windows\System32\drivers\PLTGC.sys [2014-6-25 1327104]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2014-5-19 39080]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-5-19 155816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2014-6-17 137488]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 iSafeKrnlBoot;iSafeKrnl Boot Driver;C:\Windows\System32\drivers\iSafeKrnlBoot.sys [2014-8-8 45248]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-18 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-6-18 31800]
S3 SdoKeyCrypt;SdoKeyCrypt;C:\Windows\System32\SdoKeyCrypt.sys [2014-7-25 69560]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-18 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-6-18 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-18 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-08-14 01:20:02 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D665DFB-4738-41A3-9805-EB10EDA21DC6}\gapaengine.dll
2014-08-14 01:19:53 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CE10192E-2480-4BD4-9C5A-60B8CEF4E572}\mpengine.dll
2014-08-12 15:08:43 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-09 17:47:00 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-09 17:43:18 -------- d-----w- C:\Users\User\AppData\Roaming\FlvtoConverter
2014-08-09 17:43:18 -------- d-----w- C:\Users\User\AppData\Local\FlvtoYoutubeDownloader
2014-08-09 17:43:02 -------- d-----w- C:\Program Files (x86)\Flvto Youtube Downloader
2014-08-08 01:30:14 45248 ----a-w- C:\Windows\System32\drivers\iSafeKrnlBoot.sys
2014-08-08 01:30:14 -------- d-----w- C:\Windows\System32\log
2014-08-08 01:30:13 -------- d-----w- C:\Program Files (x86)\iSafe
2014-08-08 01:30:09 -------- d-----w- C:\Users\User\AppData\Roaming\iSafe
2014-08-08 01:09:31 -------- d-----w- C:\Program Files\Enigma Software Group
2014-08-08 01:09:06 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-08 01:09:06 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-08-03 03:17:44 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9F82C1E0-4EC8-4068-AD11-1CD4266F7008}\gapaengine.dll
2014-07-30 12:45:42 609240 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-07-28 14:39:04 -------- d-sh--w- C:\ProgramData\DSS
2014-07-28 14:39:04 -------- d-----w- C:\ProgramData\Codemasters
2014-07-28 14:38:07 -------- d-----w- C:\Windows\SysWow64\xlive
2014-07-28 14:38:04 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-28 14:37:49 19087360 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll
2014-07-28 14:37:49 1417216 ----a-w- C:\Windows\SysWow64\rapture3d_oal.dll
2014-07-28 14:37:48 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-07-28 14:37:48 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-07-28 14:37:48 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-07-28 14:37:48 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-07-28 14:37:48 -------- d-----w- C:\Program Files (x86)\OpenAL
2014-07-28 14:37:48 -------- d-----w- C:\Program Files (x86)\BRS
2014-07-25 03:12:07 -------- d-----w- C:\Users\User\AppData\Roaming\SNDA
2014-07-25 02:38:08 69560 ----a-w- C:\Windows\System32\SdoKeyCrypt.sys
2014-07-23 12:59:14 -------- d-----w- C:\Users\User\AppData\Roaming\AlawarEntertainment
2014-07-21 13:18:41 -------- d-----w- C:\ProgramData\QvodPlayer
2014-07-19 17:56:41 -------- d-----w- C:\Program Files (x86)\SNDA
2014-07-19 14:30:12 -------- d-----w- C:\ProgramData\Oracle
.
==================== Find3M ====================
.
2014-08-08 01:25:15 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-08 01:25:15 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-08 01:06:22 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-25 13:50:29 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-07-25 13:50:29 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-07-25 13:50:11 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-07-25 13:50:11 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-18 15:33:53 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-06-17 05:49:58 1937312 ----a-w- C:\Windows\System32\FMAPO64.dll
2014-06-17 05:43:20 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2014-06-09 08:41:00 180136 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-28 23:32:14 80384 ----a-w- C:\Windows\System32\RazerCoinstaller.dll
2014-05-24 02:33:58 864256 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2014-05-24 02:33:56 325120 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
2014-05-20 02:44:03 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-05-20 02:44:03 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-05-20 02:44:03 1889112 ----a-w- C:\Windows\System32\nvdispco6433788.dll
2014-05-20 02:44:03 1541576 ----a-w- C:\Windows\System32\nvdispgenco6433788.dll
2014-05-20 02:44:03 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-05-19 06:47:30 39080 ----a-w- C:\Windows\System32\drivers\rzendpt.sys
2014-05-19 06:47:28 155816 ----a-w- C:\Windows\System32\drivers\rzudd.sys
2014-05-19 06:26:50 89088 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
2014-05-19 06:26:50 155136 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2014-05-19 06:26:46 117248 ----a-w- C:\Windows\SysWow64\rzdisplaydll.dll
.
============= FINISH: 17:13:08.34 ===============

Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Yet Another Cleaner!
Java 7 Update 67
Adobe Flash Player 14.0.0.145
Adobe Reader XI
Google Chrome 35.0.1916.153
Google Chrome 36.0.1985.125
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````
 
Last edited by a moderator:
Hi, Kelchan35.

1. Based on the information at WOT, yac.mx | WOT Reputation Scorecard | WOT (Web of Trust), I suggest you consider uninstalling "Yet Another Cleaner!"

2. Please download Adware Cleaner by Xplode. Please save it to your desktop!
  • Close all open programs and internet browsers.
  • Double-click AdwCleaner.exe to run the tool.
    Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button.
  • AdwCleaner will begin. Be patient as the scan may take some time to complete.
  • After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
 
# AdwCleaner v3.305 - Report created 15/08/2014 at 00:19:42
# Updated 14/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\Programs\adwcleaner_3.305.exe
# Option : Scan


***** [ Services ] *****


Service Found : iSafeKrnl
Service Found : iSafeNetFilter


***** [ Files / Folders ] *****


File Found : C:\Users\User\AppData\Roaming\LiveSupport.exe_log.txt
File Found : C:\Users\User\AppData\Roaming\regsvr32.exe_log.txt
Folder Found : C:\Program Files (x86)\baidu
Folder Found : C:\Program Files (x86)\iSafe
Folder Found : C:\ProgramData\apn
Folder Found : C:\Users\User\AppData\Local\Temp\apn
Folder Found : C:\Users\User\AppData\Roaming\iSafe


***** [ Scheduled Tasks ] *****




***** [ Shortcuts ] *****




***** [ Registry ] *****


Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\Software\iSafe
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe


***** [ Browsers ] *****


-\\ Internet Explorer v11.0.9600.17207




-\\ Mozilla Firefox v


-\\ Google Chrome v36.0.1985.143


[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]




*************************


AdwCleaner[R0].txt - [1786 octets] - [15/08/2014 00:19:42]


########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1846 octets] ##########
 
Thank you. Let's take care of what AdwCleaner shows and use a second tool that often digs a bit deeper.

1. Double-click AdwCleaner.exe to run the tool again.
  • Click the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
    Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • After the scan has finished,
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

2. Please download Junkware Removal Tool to your desktop.
  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

3. Please download Shortcut Cleaner by Grinler to your desktop.
  • Run the tool by double-clicking it.
  • The tool will open and scan your system for Windows shortcuts that have been hijacked by unwanted or malicious software.
  • When finished, the log (sc-cleaner.txt) will be saved to your desktop.
  • Please post the contents of sc-cleaner.txt in your next reply.

4. Please rescan with DDS. I won't need the Attach.txt log this time, just the DDS.txt.

Due to the number and length of logs requested, it may be necessary to create two replies.
 
# AdwCleaner v3.305 - Report created 15/08/2014 at 16:05:43
# Updated 14/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Downloads\Programs\adwcleaner_3.305.exe
# Option : Clean


***** [ Services ] *****




***** [ Files / Folders ] *****




***** [ Scheduled Tasks ] *****




***** [ Shortcuts ] *****




***** [ Registry ] *****


Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}


***** [ Browsers ] *****


-\\ Internet Explorer v11.0.9600.17239




-\\ Mozilla Firefox v


-\\ Google Chrome v36.0.1985.143


[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}


*************************


AdwCleaner[R0].txt - [1926 octets] - [15/08/2014 00:19:42]
AdwCleaner[R1].txt - [1074 octets] - [15/08/2014 16:05:08]
AdwCleaner[S0].txt - [2169 octets] - [15/08/2014 00:22:21]
AdwCleaner[S1].txt - [1145 octets] - [15/08/2014 16:05:43]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1205 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on 08/15/2014 Fri at 16:07:38.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








~~~ Services






~~~ Registry Values






~~~ Registry Keys


Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}






~~~ Files






~~~ Folders






~~~ Event Viewer Logs were cleared










~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/15/2014 Fri at 16:11:24.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler)
Bleeping Computer - Technical Support and Computer Help
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
Shortcut Cleaner Download


Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 08/15/2014 04:12:20 PM.


Scanning for registry hijacks:


* No issues found in the Registry.


Searching for Hijacked Shortcuts:


Searching C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\


Searching C:\ProgramData\Microsoft\Windows\Start Menu\


Searching C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\


Searching C:\Users\Public\Desktop\


Searching C:\Users\User\Desktop




0 bad shortcuts found.


Program finished at: 08/15/2014 04:12:21 PM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239 BrowserJavaVersion: 10.67.2
Run by User at 16:13:22 on 2014-08-15
Microsoft Windows 7 Home Premium 6.1.7601.1.936.65.1033.18.16351.13002 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Plantronics\GameCom780\GameCom780.exe
C:\Windows\System32\StikyNot.exe
E:\Program File\Steam\Steam.exe
C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Program File\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\explorer.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: XGBHOer Class: {D688CDAC-8854-46AC-A2D0-DD4B6122F3D0} - C:\Users\Public\Documents\xbho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Steam] "E:\Program File\Steam\steam.exe" -silent
uRun: [uTorrent] "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: ???????? - <no file>
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3BD21325-D921-4663-8DBE-A5BB6134AD5A} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{BB862F00-1B27-46A1-AD77-D3AF5347408C} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BB862F00-1B27-46A1-AD77-D3AF5347408C}\14055435E2D697 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [GamecomSound] C:\Program Files\Plantronics\GameCom780\GameCom780.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-6-18 283064]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-6-17 180136]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2014-3-11 260360]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2014-6-17 165144]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 133928]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-6-17 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-6-17 18956064]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-7-30 411936]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2014-6-17 363800]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-17 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-6-17 40392]
R3 PlantronicsGC;PLTGC Interface;C:\Windows\System32\drivers\PLTGC.sys [2014-6-25 1327104]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2014-5-19 39080]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-5-19 155816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2014-6-17 137488]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 iSafeKrnlBoot;iSafeKrnl Boot Driver;C:\Windows\System32\drivers\iSafeKrnlBoot.sys [2014-8-8 45248]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-18 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-6-18 31800]
S3 SdoKeyCrypt;SdoKeyCrypt;C:\Windows\System32\SdoKeyCrypt.sys [2014-7-25 69560]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-18 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-6-18 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-18 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-08-15 08:07:37 -------- d-----w- C:\Windows\ERUNT
2014-08-14 17:00:16 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C7FE969C-9C56-454A-B3BE-6D44C03502E1}\mpengine.dll
2014-08-14 16:58:06 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-14 16:58:06 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-14 16:58:06 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-14 16:58:06 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-14 16:58:05 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-14 16:58:05 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-14 16:57:55 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-14 16:57:55 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-14 16:20:00 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-08-14 16:19:30 -------- d-----w- C:\AdwCleaner
2014-08-14 01:20:02 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D665DFB-4738-41A3-9805-EB10EDA21DC6}\gapaengine.dll
2014-08-14 01:19:53 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-14 01:15:05 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-14 01:15:04 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-14 01:15:03 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-14 01:15:03 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-09 17:47:00 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-09 17:43:18 -------- d-----w- C:\Users\User\AppData\Roaming\FlvtoConverter
2014-08-09 17:43:18 -------- d-----w- C:\Users\User\AppData\Local\FlvtoYoutubeDownloader
2014-08-09 17:43:02 -------- d-----w- C:\Program Files (x86)\Flvto Youtube Downloader
2014-08-08 01:30:14 45248 ----a-w- C:\Windows\System32\drivers\iSafeKrnlBoot.sys
2014-08-08 01:30:14 -------- d-----w- C:\Windows\System32\log
2014-08-08 01:09:31 -------- d-----w- C:\Program Files\Enigma Software Group
2014-08-08 01:09:06 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-08 01:09:06 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-07-30 12:45:42 609240 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-07-28 14:39:04 -------- d-sh--w- C:\ProgramData\DSS
2014-07-28 14:39:04 -------- d-----w- C:\ProgramData\Codemasters
2014-07-28 14:38:07 -------- d-----w- C:\Windows\SysWow64\xlive
2014-07-28 14:38:04 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-07-28 14:37:49 19087360 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll
2014-07-28 14:37:49 1417216 ----a-w- C:\Windows\SysWow64\rapture3d_oal.dll
2014-07-28 14:37:48 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-07-28 14:37:48 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-07-28 14:37:48 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-07-28 14:37:48 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-07-28 14:37:48 -------- d-----w- C:\Program Files (x86)\OpenAL
2014-07-28 14:37:48 -------- d-----w- C:\Program Files (x86)\BRS
2014-07-25 03:12:07 -------- d-----w- C:\Users\User\AppData\Roaming\SNDA
2014-07-25 02:38:08 69560 ----a-w- C:\Windows\System32\SdoKeyCrypt.sys
2014-07-23 12:59:14 -------- d-----w- C:\Users\User\AppData\Roaming\AlawarEntertainment
2014-07-21 13:18:41 -------- d-----w- C:\ProgramData\QvodPlayer
2014-07-19 17:56:41 -------- d-----w- C:\Program Files (x86)\SNDA
2014-07-19 14:30:12 -------- d-----w- C:\ProgramData\Oracle
.
==================== Find3M ====================
.
2014-08-08 01:25:15 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-08 01:25:15 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-08 01:06:22 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:50:29 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-07-25 13:50:29 1126480 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-07-25 13:50:11 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-07-25 13:50:11 1283136 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-16 03:25:04 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:24 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-16 02:12:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-07-02 18:55:43 6783776 ----a-w- C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43 3522392 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41 935368 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41 62808 ----a-w- C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41 386520 ----a-w- C:\Windows\System32\nvmctray.dll
2014-07-02 10:14:12 3826628 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-06-18 15:33:53 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-17 05:49:58 1937312 ----a-w- C:\Windows\System32\FMAPO64.dll
2014-06-17 05:43:20 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-06-09 08:41:00 180136 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\Windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-28 23:32:14 80384 ----a-w- C:\Windows\System32\RazerCoinstaller.dll
2014-05-24 02:33:58 864256 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2014-05-24 02:33:56 325120 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
2014-05-20 02:44:03 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-05-20 02:44:03 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-05-20 02:44:03 1889112 ----a-w- C:\Windows\System32\nvdispco6433788.dll
2014-05-20 02:44:03 1541576 ----a-w- C:\Windows\System32\nvdispgenco6433788.dll
2014-05-20 02:44:03 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-05-19 06:47:30 39080 ----a-w- C:\Windows\System32\drivers\rzendpt.sys
2014-05-19 06:47:28 155816 ----a-w- C:\Windows\System32\drivers\rzudd.sys
2014-05-19 06:26:50 89088 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
2014-05-19 06:26:50 155136 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2014-05-19 06:26:46 117248 ----a-w- C:\Windows\SysWow64\rzdisplaydll.dll
.
============= FINISH: 16:13:32.30 ===============
 
Thank you for the logs, Kelchan35. Let's take this another step, please.

Please follow these instructions carefully. Download ComboFix from the following location: Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

    Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
  • If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.
 
ComboFix 14-08-15.01 - User 5/2014 Fri 22:44:35.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.936.65.1033.18.16351.11357 [GMT 8:00]
执行位置: c:\users\User\Downloads\Programs\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
E:\install.exe
.
.
((((((((((((((((((((((((( 2014-07-15 至 2014-08-15 的新的档案 )))))))))))))))))))))))))))))))
.
.
2014-08-15 14:47 . 2014-08-15 14:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-15 08:07 . 2014-08-15 08:07 -------- d-----w- c:\windows\ERUNT
2014-08-14 17:00 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7FE969C-9C56-454A-B3BE-6D44C03502E1}\mpengine.dll
2014-08-14 16:58 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 16:58 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 16:58 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-14 16:58 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-14 16:58 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 16:58 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-14 16:57 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 16:57 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 16:20 . 2010-08-30 00:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-14 16:19 . 2014-08-15 08:05 -------- d-----w- C:\AdwCleaner
2014-08-14 01:20 . 2014-06-18 13:13 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D665DFB-4738-41A3-9805-EB10EDA21DC6}\gapaengine.dll
2014-08-14 01:19 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-14 01:15 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-14 01:15 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-14 01:15 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-14 01:15 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-09 17:47 . 2014-08-09 17:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-09 17:47 . 2014-08-09 17:46 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-09 17:46 . 2014-08-09 17:46 -------- d-----w- c:\program files (x86)\Java
2014-08-09 17:43 . 2014-08-09 18:19 -------- d-----w- c:\users\User\AppData\Roaming\FlvtoConverter
2014-08-09 17:43 . 2014-08-09 17:43 -------- d-----w- c:\users\User\AppData\Local\FlvtoYoutubeDownloader
2014-08-09 17:43 . 2014-08-09 17:43 -------- d-----w- c:\program files (x86)\Flvto Youtube Downloader
2014-08-08 01:30 . 2014-08-08 01:30 -------- d-----w- c:\windows\system32\log
2014-08-08 01:30 . 2014-07-25 10:13 45248 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-08-08 01:09 . 2014-08-08 01:09 -------- d-----w- c:\program files\Enigma Software Group
2014-08-08 01:09 . 2014-08-08 01:27 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-08 01:09 . 2014-08-08 01:09 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-07-30 12:45 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-07-28 14:39 . 2014-07-28 14:39 -------- d-sh--w- c:\programdata\DSS
2014-07-28 14:39 . 2014-07-28 14:39 -------- d-----w- c:\programdata\Codemasters
2014-07-28 14:38 . 2014-07-28 14:38 -------- d-----w- c:\windows\SysWow64\xlive
2014-07-28 14:38 . 2014-07-28 14:38 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2014-07-28 14:37 . 2011-03-19 07:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2014-07-28 14:37 . 2010-09-22 05:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2014-07-28 14:37 . 2014-07-28 14:37 -------- d-----w- c:\program files (x86)\BRS
2014-07-28 14:37 . 2014-07-28 14:37 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2014-07-28 14:37 . 2014-07-28 14:37 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-07-28 14:37 . 2014-07-28 14:37 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2014-07-28 14:37 . 2014-07-28 14:37 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-07-28 14:37 . 2014-07-28 14:37 -------- d-----w- c:\program files (x86)\OpenAL
2014-07-25 03:12 . 2014-07-25 03:12 -------- d-----w- c:\users\User\AppData\Roaming\SNDA
2014-07-25 02:38 . 2014-07-25 02:38 69560 ----a-w- c:\windows\system32\SdoKeyCrypt.sys
2014-07-23 12:59 . 2014-07-23 12:59 -------- d-----w- c:\users\User\AppData\Roaming\AlawarEntertainment
2014-07-21 13:18 . 2014-08-14 16:21 -------- d-----w- c:\programdata\QvodPlayer
2014-07-19 17:56 . 2014-07-27 02:43 -------- d-----w- c:\program files (x86)\SNDA
2014-07-19 14:30 . 2014-08-09 17:47 -------- d-----w- c:\programdata\Oracle
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-15 01:58 . 2014-07-15 04:41 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-08-14 17:00 . 2014-06-18 10:37 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-08 01:25 . 2014-06-18 09:43 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-08 01:25 . 2014-06-18 09:43 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-08 01:06 . 2014-06-18 15:12 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-25 13:50 . 2014-06-18 12:00 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2014-06-17 06:05 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-06-18 12:00 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2014-06-17 06:05 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-07-02 20:48 . 2014-06-17 06:04 75040 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2014-06-17 06:04 61912 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2014-06-17 06:02 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2014-06-17 06:02 3196816 ----a-w- c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2014-06-17 06:02 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2014-06-17 06:02 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2014-06-17 06:02 16122344 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2014-06-17 06:02 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-07-02 18:55 . 2014-06-17 06:04 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2014-06-17 06:04 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2014-06-17 06:04 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2014-06-17 06:04 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2014-06-17 06:04 386520 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 10:14 . 2014-06-17 06:04 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-18 16:30 . 2012-07-17 06:37 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-06-18 15:33 . 2014-06-18 15:33 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-06-18 13:13 . 2014-06-24 04:21 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-06-18 10:17 . 2014-06-18 10:17 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-06-18 10:17 . 2014-06-18 10:17 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-06-18 10:17 . 2014-06-18 10:17 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-06-18 10:17 . 2014-06-18 10:17 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-06-18 10:17 . 2014-06-18 10:17 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-06-18 10:17 . 2014-06-18 10:17 81408 ----a-w- c:\windows\system32\icardie.dll
2014-06-18 10:17 . 2014-06-18 10:17 774144 ----a-w- c:\windows\system32\jscript.dll
2014-06-18 10:17 . 2014-06-18 10:17 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-06-18 10:17 . 2014-06-18 10:17 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-06-18 10:17 . 2014-06-18 10:17 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-06-18 10:17 . 2014-06-18 10:17 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-06-18 10:17 . 2014-06-18 10:17 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-06-18 10:17 . 2014-06-18 10:17 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-06-18 10:17 . 2014-06-18 10:17 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-06-18 10:17 . 2014-06-18 10:17 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-06-18 10:17 . 2014-06-18 10:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-06-18 10:17 . 2014-06-18 10:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-06-18 10:17 . 2014-06-18 10:17 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-06-18 10:17 . 2014-06-18 10:17 413696 ----a-w- c:\windows\system32\html.iec
2014-06-18 10:17 . 2014-06-18 10:17 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-06-18 10:17 . 2014-06-18 10:17 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-06-18 10:17 . 2014-06-18 10:17 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-06-18 10:17 . 2014-06-18 10:17 247808 ----a-w- c:\windows\system32\msls31.dll
2014-06-18 10:17 . 2014-06-18 10:17 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-06-18 10:17 . 2014-06-18 10:17 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-06-18 10:17 . 2014-06-18 10:17 235520 ----a-w- c:\windows\system32\url.dll
2014-06-18 10:17 . 2014-06-18 10:17 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-06-18 10:17 . 2014-06-18 10:17 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-06-18 10:17 . 2014-06-18 10:17 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-06-18 10:17 . 2014-06-18 10:17 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-06-18 10:17 . 2014-06-18 10:17 147968 ----a-w- c:\windows\system32\occache.dll
2014-06-18 10:17 . 2014-06-18 10:17 143872 ----a-w- c:\windows\system32\wextract.exe
2014-06-18 10:17 . 2014-06-18 10:17 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-06-18 10:17 . 2014-06-18 10:17 13824 ----a-w- c:\windows\system32\mshta.exe
2014-06-18 10:17 . 2014-06-18 10:17 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-06-18 10:17 . 2014-06-18 10:17 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-06-18 10:17 . 2014-06-18 10:17 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-06-18 10:17 . 2014-06-18 10:17 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-06-18 10:17 . 2014-06-18 10:17 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-06-18 10:17 . 2014-06-18 10:17 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-06-18 10:17 . 2014-06-18 10:17 101376 ----a-w- c:\windows\system32\inseng.dll
2014-06-18 02:18 . 2014-07-08 21:08 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-08 21:08 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 05:50 . 2014-06-17 05:56 2580824 ----a-w- c:\windows\system32\WavesGUILib.dll
2014-06-17 05:50 . 2014-06-17 05:56 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2014-06-17 05:50 . 2014-06-17 05:56 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2014-06-17 05:50 . 2014-06-17 05:56 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2014-06-17 05:50 . 2014-06-17 05:56 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2014-06-17 05:50 . 2014-06-17 05:56 121744 ----a-w- c:\windows\system32\SFSS_APO.dll
2014-06-17 05:50 . 2014-06-17 05:56 81232 ----a-w- c:\windows\system32\SFCOM64.dll
2014-06-17 05:50 . 2014-06-17 05:56 78160 ----a-w- c:\windows\system32\SFAPO64.dll
2014-06-17 05:50 . 2014-06-17 05:56 74064 ----a-w- c:\windows\SysWow64\SFCOM.dll
2014-06-17 05:50 . 2014-06-17 05:56 220496 ----a-w- c:\windows\system32\SFNHK64.dll
2014-06-17 05:50 . 2014-06-17 05:56 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2014-06-17 05:50 . 2014-06-17 05:56 626792 ----a-w- c:\windows\system32\RtkApi64.dll
2014-06-17 05:50 . 2014-06-17 05:56 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2014-06-17 05:50 . 2014-06-17 05:56 2813544 ----a-w- c:\windows\system32\RtkAPO64.dll
2014-06-17 05:50 . 2014-06-17 05:56 2186344 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-06-17 05:50 . 2014-06-17 05:56 1247848 ----a-w- c:\windows\system32\RTCOM64.dll
2014-06-17 05:50 . 2014-06-17 05:56 2565736 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-06-17 05:50 . 2014-06-17 05:56 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-06-17 05:50 . 2014-06-17 05:56 78680 ----a-w- c:\windows\system32\RTEEG64A.dll
2014-06-17 05:50 . 2014-06-17 05:56 375128 ----a-w- c:\windows\system32\RTEEP64A.dll
2014-06-17 05:50 . 2014-06-17 05:56 204120 ----a-w- c:\windows\system32\RTEED64A.dll
2014-06-17 05:50 . 2014-06-17 05:56 101208 ----a-w- c:\windows\system32\RTEEL64A.dll
2014-06-17 05:50 . 2014-06-17 05:56 83048 ----a-w- c:\windows\system32\RCoInst64.dll
2014-06-17 05:50 . 2014-06-17 05:56 310104 ----a-w- c:\windows\system32\RP3DHT64.dll
2014-06-17 05:50 . 2014-06-17 05:56 310104 ----a-w- c:\windows\system32\RP3DAA64.dll
2014-06-17 05:50 . 2014-06-17 05:56 544768 ----a-w- c:\windows\system32\RCoRes64.dat
2014-06-17 05:50 . 2014-06-17 05:56 1718616 ----a-w- c:\windows\system32\R4EEP64A.dll
2014-06-17 05:50 . 2014-06-17 05:56 74584 ----a-w- c:\windows\system32\R4EEG64A.dll
2014-06-17 05:50 . 2014-06-17 05:56 421720 ----a-w- c:\windows\system32\R4EED64A.dll
2014-06-17 05:50 . 2014-06-17 05:56 127832 ----a-w- c:\windows\system32\R4EEL64A.dll
2014-06-17 05:50 . 2014-06-17 05:56 108888 ----a-w- c:\windows\system32\R4EEA64A.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D688CDAC-8854-46AC-A2D0-DD4B6122F3D0}]
2014-08-07 16:19 276944 ----a-w- c:\users\Public\Documents\xbho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\program file\Steam\steam.exe" [2014-08-13 1937600]
"uTorrent"="c:\users\User\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-13 1302096]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-06-18 3837520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-06-23 585560]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 iSafeKrnlKit;iSafeKrnl Kit Driver;c:\program files (x86)\iSafe\iSafeKrnlKit.sys;c:\program files (x86)\iSafe\iSafeKrnlKit.sys [x]
R1 iSafeKrnlR3;iSafeKrnl Ring3 Driver;c:\program files (x86)\iSafe\iSafeKrnlR3.sys;c:\program files (x86)\iSafe\iSafeKrnlR3.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeKrnlBoot.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SDGame;SDGame;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 SdoKeyCrypt;SdoKeyCrypt;c:\windows\system32\SdoKeyCrypt.sys;c:\windows\SYSNATIVE\SdoKeyCrypt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 PlantronicsGC;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys;c:\windows\SYSNATIVE\drivers\PLTGC.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-14 11:49 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
‘计划任务’ 文件夹 里的内容
.
2014-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-18 01:25]
.
2014-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-18 14:43]
.
2014-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-18 14:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"GamecomSound"="c:\program files\Plantronics\GameCom780\GameCom780.exe" [2011-12-01 777448]
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: ????????
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Steam - c:\program files (x86)\Steam\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1231026493-4201216510-2864048854-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a5,2f,ab,4e,5b,74,b8,84,a7,eb,cb,36,0e,98,28,09,f2,e0,5d,17,8d,
91,17,9a,8b,73,7a,b2,d5,4d,5e,72,b5,7e,35,6e,30,22,04,c9,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1231026493-4201216510-2864048854-1000_Classes\Wow6432Node\CLSID\{9751a294-c487-49fa-8b1f-a2651b7ddf8e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e1
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2014-08-15 22:48:32
ComboFix-quarantined-files.txt 2014-08-15 14:48
.
Pre-Run: 34,821,120,000 bytes free
Post-Run: 42,642,259,968 bytes free
.
- - End Of File - - C1B05C5CE79D52B0D9EAF79C58EA81AB
A36C5E4F47E84449FF07ED3517B43A31
 
Let's take care of the SpyHunter remnants that you installed and subsequently uninstalled.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.[/size]

  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:
Code: 
Folder::
c:\program files\Enigma Software Group
c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP

RegLock::
[HKEY_USERS\S-1-5-21-1231026493-4201216510-2864048854-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a5,2f,ab,4e,5b,74,b8,84,a7,eb,cb,36,0e,98,28,09,f2,e0,5d,17,8d,
91,17,9a,8b,73,7a,b2,d5,4d,5e,72,b5,7e,35,6e,30,22,04,c9,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1231026493-4201216510-2864048854-1000_Classes\Wow6432Node\CLSID\{9751a294-c487-49fa-8b1f-a2651b7ddf8e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e1
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.


    CF_CFScript.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please let me know how your computer is now.
 
ComboFix 14-08-15.01 - User 6/2014 Sat 13:47:42.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.936.65.1033.18.16351.14307 [GMT 8:00]
执行位置: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功创造新还原点
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Enigma Software Group
c:\program files\Enigma Software Group\SpyHunter\Data\dns.dat
c:\program files\Enigma Software Group\SpyHunter\gas.dat
c:\program files\Enigma Software Group\SpyHunter\gil.dat
c:\program files\Enigma Software Group\SpyHunter\Rollback\arch_0e3db225a990c269b84145528d4a2971_130519350292290000.esg
c:\program files\Enigma Software Group\SpyHunter\Rollback\arch_11f6f9216d8f77eac196b07d66e819ea_130519350208350000.esg
c:\program files\Enigma Software Group\SpyHunter\Rollback\arch_130519350208430000.xml
c:\program files\Enigma Software Group\SpyHunter\Rollback\arch_130519350263140000.xml
c:\program files\Enigma Software Group\SpyHunter\Rollback\arch_130519350292550000.xml
c:\program files\Enigma Software Group\SpyHunter\Rollback\arch_fd394deca9a02fb3daf069b7bb3b5758_130519350262950000.esg
c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCall.dll
c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla.dll
c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla2.dll
c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla21.dll
c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla31.exe
c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla32.dll
c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla33.dll
c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla34.dll
c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.dll
c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.exe
c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseData.ini
.
.
((((((((((((((((((((((((( 2014-07-16 至 2014-08-16 的新的档案 )))))))))))))))))))))))))))))))
.
.
2014-08-16 05:50 . 2014-08-16 05:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-16 03:58 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D2D8326-3077-47F0-A557-E93C422F57A0}\mpengine.dll
2014-08-15 14:56 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-15 08:07 . 2014-08-15 08:07 -------- d-----w- c:\windows\ERUNT
2014-08-14 16:58 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 16:58 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 16:58 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-14 16:58 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-14 16:58 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 16:58 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-14 16:57 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 16:57 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 16:20 . 2010-08-30 00:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-14 16:19 . 2014-08-15 08:05 -------- d-----w- C:\AdwCleaner
2014-08-14 01:20 . 2014-06-18 13:13 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D665DFB-4738-41A3-9805-EB10EDA21DC6}\gapaengine.dll
2014-08-14 01:15 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-14 01:15 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-14 01:15 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-14 01:15 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-09 17:47 . 2014-08-09 17:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-09 17:47 . 2014-08-09 17:46 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-09 17:46 . 2014-08-09 17:46 -------- d-----w- c:\program files (x86)\Java
2014-08-09 17:43 . 2014-08-09 18:19 -------- d-----w- c:\users\User\AppData\Roaming\FlvtoConverter
2014-08-09 17:43 . 2014-08-09 17:43 -------- d-----w- c:\users\User\AppData\Local\FlvtoYoutubeDownloader
2014-08-09 17:43 . 2014-08-09 17:43 -------- d-----w- c:\program files (x86)\Flvto Youtube Downloader
2014-08-08 01:30 . 2014-08-08 01:30 -------- d-----w- c:\windows\system32\log
2014-08-08 01:30 . 2014-07-25 10:13 45248 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-08-08 01:09 . 2014-08-08 01:09 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-07-30 12:45 . 2014-07-02 17:44 609240 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-07-28 14:39 . 2014-07-28 14:39 -------- d-sh--w- c:\programdata\DSS
2014-07-28 14:39 . 2014-07-28 14:39 -------- d-----w- c:\programdata\Codemasters
2014-07-28 14:38 . 2014-07-28 14:38 -------- d-----w- c:\windows\SysWow64\xlive
2014-07-28 14:38 . 2014-07-28 14:38 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2014-07-28 14:37 . 2011-03-19 07:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2014-07-28 14:37 . 2010-09-22 05:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2014-07-28 14:37 . 2014-07-28 14:37 -------- d-----w- c:\program files (x86)\BRS
2014-07-28 14:37 . 2014-07-28 14:37 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2014-07-28 14:37 . 2014-07-28 14:37 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-07-28 14:37 . 2014-07-28 14:37 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2014-07-28 14:37 . 2014-07-28 14:37 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-07-28 14:37 . 2014-07-28 14:37 -------- d-----w- c:\program files (x86)\OpenAL
2014-07-25 03:12 . 2014-07-25 03:12 -------- d-----w- c:\users\User\AppData\Roaming\SNDA
2014-07-25 02:38 . 2014-07-25 02:38 69560 ----a-w- c:\windows\system32\SdoKeyCrypt.sys
2014-07-23 12:59 . 2014-07-23 12:59 -------- d-----w- c:\users\User\AppData\Roaming\AlawarEntertainment
2014-07-21 13:18 . 2014-08-14 16:21 -------- d-----w- c:\programdata\QvodPlayer
2014-07-19 17:56 . 2014-07-27 02:43 -------- d-----w- c:\program files (x86)\SNDA
2014-07-19 14:30 . 2014-08-09 17:47 -------- d-----w- c:\programdata\Oracle
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-15 20:39 . 2014-07-15 04:41 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-08-14 17:00 . 2014-06-18 10:37 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-08-08 01:25 . 2014-06-18 09:43 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-08 01:25 . 2014-06-18 09:43 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-08 01:06 . 2014-06-18 15:12 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-25 13:50 . 2014-06-18 12:00 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2014-06-17 06:05 1126480 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-06-18 12:00 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2014-06-17 06:05 1283136 ----a-w- c:\windows\system32\nvspcap64.dll
2014-07-02 20:48 . 2014-06-17 06:04 75040 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2014-06-17 06:04 61912 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2014-06-17 06:02 965312 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2014-06-17 06:02 3196816 ----a-w- c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2014-06-17 06:02 2814656 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2014-06-17 06:02 18626304 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2014-06-17 06:02 16122344 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2014-06-17 06:02 14498552 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-07-02 18:55 . 2014-06-17 06:04 6783776 ----a-w- c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2014-06-17 06:04 3522392 ----a-w- c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2014-06-17 06:04 935368 ----a-w- c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2014-06-17 06:04 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2014-06-17 06:04 386520 ----a-w- c:\windows\system32\nvmctray.dll
2014-07-02 10:14 . 2014-06-17 06:04 3826628 ----a-w- c:\windows\system32\nvcoproc.bin
2014-06-18 16:30 . 2012-07-17 06:37 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-06-18 15:33 . 2014-06-18 15:33 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-06-18 13:13 . 2014-06-24 04:21 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-06-18 10:17 . 2014-06-18 10:17 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-06-18 10:17 . 2014-06-18 10:17 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-06-18 10:17 . 2014-06-18 10:17 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-06-18 10:17 . 2014-06-18 10:17 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-06-18 10:17 . 2014-06-18 10:17 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-06-18 10:17 . 2014-06-18 10:17 81408 ----a-w- c:\windows\system32\icardie.dll
2014-06-18 10:17 . 2014-06-18 10:17 774144 ----a-w- c:\windows\system32\jscript.dll
2014-06-18 10:17 . 2014-06-18 10:17 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-06-18 10:17 . 2014-06-18 10:17 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-06-18 10:17 . 2014-06-18 10:17 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-06-18 10:17 . 2014-06-18 10:17 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-06-18 10:17 . 2014-06-18 10:17 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-06-18 10:17 . 2014-06-18 10:17 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-06-18 10:17 . 2014-06-18 10:17 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-06-18 10:17 . 2014-06-18 10:17 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-06-18 10:17 . 2014-06-18 10:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-06-18 10:17 . 2014-06-18 10:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-06-18 10:17 . 2014-06-18 10:17 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-06-18 10:17 . 2014-06-18 10:17 413696 ----a-w- c:\windows\system32\html.iec
2014-06-18 10:17 . 2014-06-18 10:17 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-06-18 10:17 . 2014-06-18 10:17 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-06-18 10:17 . 2014-06-18 10:17 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-06-18 10:17 . 2014-06-18 10:17 247808 ----a-w- c:\windows\system32\msls31.dll
2014-06-18 10:17 . 2014-06-18 10:17 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-06-18 10:17 . 2014-06-18 10:17 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-06-18 10:17 . 2014-06-18 10:17 235520 ----a-w- c:\windows\system32\url.dll
2014-06-18 10:17 . 2014-06-18 10:17 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-06-18 10:17 . 2014-06-18 10:17 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-06-18 10:17 . 2014-06-18 10:17 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-06-18 10:17 . 2014-06-18 10:17 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-06-18 10:17 . 2014-06-18 10:17 147968 ----a-w- c:\windows\system32\occache.dll
2014-06-18 10:17 . 2014-06-18 10:17 143872 ----a-w- c:\windows\system32\wextract.exe
2014-06-18 10:17 . 2014-06-18 10:17 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-06-18 10:17 . 2014-06-18 10:17 13824 ----a-w- c:\windows\system32\mshta.exe
2014-06-18 10:17 . 2014-06-18 10:17 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-06-18 10:17 . 2014-06-18 10:17 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-06-18 10:17 . 2014-06-18 10:17 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-06-18 10:17 . 2014-06-18 10:17 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-06-18 10:17 . 2014-06-18 10:17 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-06-18 10:17 . 2014-06-18 10:17 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-06-18 10:17 . 2014-06-18 10:17 101376 ----a-w- c:\windows\system32\inseng.dll
2014-06-18 02:18 . 2014-07-08 21:08 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-08 21:08 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 05:50 . 2014-06-17 05:56 2580824 ----a-w- c:\windows\system32\WavesGUILib.dll
2014-06-17 05:50 . 2014-06-17 05:56 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2014-06-17 05:50 . 2014-06-17 05:56 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2014-06-17 05:50 . 2014-06-17 05:56 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2014-06-17 05:50 . 2014-06-17 05:56 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2014-06-17 05:50 . 2014-06-17 05:56 121744 ----a-w- c:\windows\system32\SFSS_APO.dll
2014-06-17 05:50 . 2014-06-17 05:56 81232 ----a-w- c:\windows\system32\SFCOM64.dll
2014-06-17 05:50 . 2014-06-17 05:56 78160 ----a-w- c:\windows\system32\SFAPO64.dll
2014-06-17 05:50 . 2014-06-17 05:56 74064 ----a-w- c:\windows\SysWow64\SFCOM.dll
2014-06-17 05:50 . 2014-06-17 05:56 220496 ----a-w- c:\windows\system32\SFNHK64.dll
2014-06-17 05:50 . 2014-06-17 05:56 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2014-06-17 05:50 . 2014-06-17 05:56 626792 ----a-w- c:\windows\system32\RtkApi64.dll
2014-06-17 05:50 . 2014-06-17 05:56 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2014-06-17 05:50 . 2014-06-17 05:56 2813544 ----a-w- c:\windows\system32\RtkAPO64.dll
2014-06-17 05:50 . 2014-06-17 05:56 2186344 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-06-17 05:50 . 2014-06-17 05:56 1247848 ----a-w- c:\windows\system32\RTCOM64.dll
2014-06-17 05:50 . 2014-06-17 05:56 2565736 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-06-17 05:50 . 2014-06-17 05:56 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-06-17 05:50 . 2014-06-17 05:56 78680 ----a-w- c:\windows\system32\RTEEG64A.dll
2014-06-17 05:50 . 2014-06-17 05:56 375128 ----a-w- c:\windows\system32\RTEEP64A.dll
2014-06-17 05:50 . 2014-06-17 05:56 204120 ----a-w- c:\windows\system32\RTEED64A.dll
2014-06-17 05:50 . 2014-06-17 05:56 101208 ----a-w- c:\windows\system32\RTEEL64A.dll
2014-06-17 05:50 . 2014-06-17 05:56 83048 ----a-w- c:\windows\system32\RCoInst64.dll
2014-06-17 05:50 . 2014-06-17 05:56 310104 ----a-w- c:\windows\system32\RP3DHT64.dll
2014-06-17 05:50 . 2014-06-17 05:56 310104 ----a-w- c:\windows\system32\RP3DAA64.dll
2014-06-17 05:50 . 2014-06-17 05:56 544768 ----a-w- c:\windows\system32\RCoRes64.dat
2014-06-17 05:50 . 2014-06-17 05:56 1718616 ----a-w- c:\windows\system32\R4EEP64A.dll
2014-06-17 05:50 . 2014-06-17 05:56 74584 ----a-w- c:\windows\system32\R4EEG64A.dll
2014-06-17 05:50 . 2014-06-17 05:56 421720 ----a-w- c:\windows\system32\R4EED64A.dll
2014-06-17 05:50 . 2014-06-17 05:56 127832 ----a-w- c:\windows\system32\R4EEL64A.dll
2014-06-17 05:50 . 2014-06-17 05:56 108888 ----a-w- c:\windows\system32\R4EEA64A.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D688CDAC-8854-46AC-A2D0-DD4B6122F3D0}]
2014-08-07 16:19 276944 ----a-w- c:\users\Public\Documents\xbho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\program file\Steam\steam.exe" [2014-08-13 1937600]
"uTorrent"="c:\users\User\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-13 1302096]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-06-18 3837520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-06-23 585560]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 iSafeKrnlKit;iSafeKrnl Kit Driver;c:\program files (x86)\iSafe\iSafeKrnlKit.sys;c:\program files (x86)\iSafe\iSafeKrnlKit.sys [x]
R1 iSafeKrnlR3;iSafeKrnl Ring3 Driver;c:\program files (x86)\iSafe\iSafeKrnlR3.sys;c:\program files (x86)\iSafe\iSafeKrnlR3.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeKrnlBoot.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SDGame;SDGame;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 SdoKeyCrypt;SdoKeyCrypt;c:\windows\system32\SdoKeyCrypt.sys;c:\windows\SYSNATIVE\SdoKeyCrypt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 PlantronicsGC;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys;c:\windows\SYSNATIVE\drivers\PLTGC.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-14 11:49 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
‘计划任务’ 文件夹 里的内容
.
2014-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-18 01:25]
.
2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-18 14:43]
.
2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-18 14:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 10:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"GamecomSound"="c:\program files\Plantronics\GameCom780\GameCom780.exe" [2011-12-01 777448]
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: ????????
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Steam - c:\program files (x86)\Steam\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2014-08-16 13:51:07
ComboFix-quarantined-files.txt 2014-08-16 05:51
ComboFix2.txt 2014-08-15 14:48
.
Pre-Run: 42,600,783,872 bytes free
Post-Run: 42,263,793,664 bytes free
.
- - End Of File - - B02DD21AF19BDE2832E24C25E5C13109
A36C5E4F47E84449FF07ED3517B43A31
 
The log is above ^

My internet explorer still same, cant remove hao123 as for my google chrome if i press the desktop icon it will still appear hao123 but if i press the google chrome in my taskbar it opens the websites i set
 
@Corrine, I hope you don't mind me jumping in here, I've just read something that may help.

Right click the Chrome shortcut on your desktop and choose Properties. In the Target box, remove http://Hao123.com. You should just be left with a path to chrome.exe ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe").

If that doesn't work, I'll leave Corrine to clean anything else up that combofix found :)

Stephen
 
Tekno Venus said:
@Corrine, I hope you don't mind me jumping in here, I've just read something that may help.

Right click the Chrome shortcut on your desktop and choose Properties. In the Target box, remove http://Hao123.com. You should just be left with a path to chrome.exe ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe").

If that doesn't work, I'll leave Corrine to clean anything else up that combofix found :)

Stephen
Click to expand...
problem solved lol.. thx all is there still anything ?
 
You'll have to wait for Corrine to give the all clear on that - there may be something left.
 
Thank you, Stephen!

Kelchan35, for Internet Explorer, you will need to reset Internet Explorer settings to return them to the state they were in when Internet Explorer was first installed on your PC.


  • Open Internet Explorer, click on the “gear icon” in the upper right part of the browser, then click on Internet Options.
  • In the “Internet Options” dialog box, click on the “Advanced” tab, then click on the “Reset” button.
  • In the “Reset Internet Explorer settings” section, select the “Delete personal settings” check box, then click on “Reset” button.
  • When Internet Explorer has completed its task, click on the “Close” button in the confirmation dialogue box.
  • Close and reopen the browser.

If everything is back to normal after resetting IE, I'll provide instructions for cleaning up the tools we used.
 
Excellent, Kelchan35.

Some advice first and a strong word of caution: P2P programs form a direct conduit on to your computer. They have always been a target of malware writers. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. Use of P2P programs can result in Identity Theft.

Let's take care of removing the tools used:

Please download Delfix from here.

Ensure the following boxes are checked:
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore
    delfix.jpg
  • Click Run
Please refer to the Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?".

Also see Answers to common security questions - Best Practices - Anti-Virus and Anti-Malware Software by quietman7.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top