Toaru

k i think ive deleted them all

Results of screen317's Security Check version 0.99.77 Windows 7 x86 (UAC is enabled) Out of date service pack!! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 45 Adobe Flash Player 11.9.900.152 Adobe Reader XI Mozilla Firefox (25.0.1) Google Chrome 30.0.1599.101 Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````

it doesnt seem to be redirecting me anymore. thanks a lot! if it happens again i will be sure to come back and ask you. anything else i need to do?

ComboFix 13-11-27.01 - Wei 11/26/2013 22:29:42.1.4 - x86 Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2046.554 [GMT -5:00] Running from: c:\users\Wei\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\CFLog c:\cflog\CrashLog_20120403.txt c:\cflog\CrashLog_20120406.txt c:\cflog\CrashLog_20120930.txt c:\windows\system32\FlashPlayerApp.exe . Infected copy of c:\windows\system32\userinit.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe . . ((((((((((((((((((((((((( Files Created from 2013-10-27 to 2013-11-27 ))))))))))))))))))))))))))))))) . . 2013-11-27 03:36 . 2013-11-27 03:38 -------- d-----w- c:\users\Wei\AppData\Local\temp 2013-11-27 03:36 . 2013-11-27 03:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-27 02:12 . 2013-11-27 02:12 -------- d-----w- C:\FRST 2013-11-27 01:17 . 2013-11-27 01:26 -------- d-----w- C:\AdwCleaner 2013-11-27 00:55 . 2013-11-27 03:12 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-11-27 00:55 . 2013-11-27 02:56 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2013-11-27 00:55 . 2013-11-27 02:51 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-11-26 23:13 . 2013-11-27 00:46 -------- d-----w- c:\users\Wei\AppData\Roaming\Anvisoft 2013-11-26 23:12 . 2013-11-26 23:12 -------- d-----w- c:\programdata\Anvisoft 2013-11-26 23:12 . 2013-11-27 00:46 -------- d-----w- c:\program files\Anvisoft 2013-11-26 22:38 . 2013-11-26 22:38 -------- d-----w- c:\program files\Enigma Software Group 2013-11-26 22:38 . 2013-11-27 00:47 -------- d-----w- c:\windows\220FB0354744483A9A0B41DF77061583.TMP 2013-11-26 22:38 . 2013-11-26 22:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2013-11-22 03:03 . 2013-11-22 03:03 -------- d-----w- c:\programdata\McAfee Security Scan 2013-11-22 03:03 . 2013-11-22 03:03 -------- d-----w- c:\program files\McAfee Security Scan 2013-10-31 19:21 . 2013-10-31 19:22 -------- d-----w- c:\program files\Canon 2013-10-31 19:19 . 2013-10-31 19:19 -------- d-----w- c:\program files\Common Files\Canon 2013-10-28 23:24 . 2013-10-28 23:26 -------- d-----w- c:\users\Wei\.Creative-Scape.net . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-11-22 03:03 . 2012-01-27 17:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-10-08 11:50 . 2013-10-20 02:38 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim"="c:\program files\AIM\aim.exe" [2011-05-03 4321112] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480] "tsnp2std"="c:\windows\tsnp2std.exe" [2007-02-13 262144] "snp2std"="c:\windows\vsnp2std.exe" [2006-12-05 344064] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-09-18 152392] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . R2 WebGuardUpdate;Tencent WebGuard Update Service;c:\program files\Tencent\WebGuard\WebGuardUpdate.exe [x] R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 FXDrv32;FXDrv32;D:\FXDrv32.sys [x] R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-12-03 11680] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776] R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 vtany;vtany;c:\windows\vtany.sys [x] R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-12-03 70048] R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-11-15 13728] R3 XDva390;XDva390;c:\windows\system32\XDva390.sys [x] R3 XDva394;XDva394;c:\windows\system32\XDva394.sys [x] R3 XDva397;XDva397;c:\windows\system32\XDva397.sys [x] R3 XDva400;XDva400;c:\windows\system32\XDva400.sys [x] R3 XDva404;XDva404;c:\windows\system32\XDva404.sys [x] R3 XDva405;XDva405;c:\windows\system32\XDva405.sys [x] R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x] R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2012-09-29 666720] R3 xspirit;xspirit;c:\windows\xspirit.sys [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2009-02-12 22312] S1 QQProtect;QQProtect;c:\windows\system32\drivers\QQProtect.sys [2013-08-06 173152] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-08 369256] S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840] S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [2012-12-11 528256] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1509593049-3746581815-257761438-1001Core.job - c:\users\Wei\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 06:15] . 2013-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1509593049-3746581815-257761438-1001UA.job - c:\users\Wei\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-27 06:15] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com Trusted Zone: soso.com\toolbar Trusted Zone: toolbar.soso.com\* Trusted Zone: qq.com\cache.tv Trusted Zone: qq.com\qqlivecaption Trusted Zone: qq.com\qqlivehabit Trusted Zone: qq.com\qqlivesearch Trusted Zone: qq.com\video_1 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Wei\AppData\Roaming\Mozilla\Firefox\Profiles\si0nzlfc.default\ FF - ExtSQL: !HIDDEN! 2012-04-03 18:19; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . BHO-{45B9637E-351B-7FAB-4362-0E1519ABA160} - c:\program files\TENCENT\WebGuard\webguard.dll HKCU-Run-AdobeBridge - (no file) HKCU-Run-Akamai NetSession Interface - c:\users\Wei\AppData\Local\Akamai\netsession_win.exe HKLM-Run-kxesc - c:\program files\kingsoft\kingsoft antivirus\kxetray.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock] "ImagePath"="c:\windows\system32\xsherlock.xem" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\NVIDIA Corporation\Display\NvXDSync.exe c:\windows\system32\nvvsvc.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\PnkBstrA.exe c:\program files\Tablet\Pen\Pen_TabletUser.exe c:\program files\Tablet\Pen\WacomHost.exe c:\program files\Tablet\Pen\Pen_Tablet.exe c:\program files\Tablet\Pen\Pen_TouchUser.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe c:\windows\system32\DllHost.exe . ************************************************************************** . Completion time: 2013-11-26 22:40:31 - machine was rebooted ComboFix-quarantined-files.txt 2013-11-27 03:40 . Pre-Run: 95,788,703,744 bytes free Post-Run: 98,537,455,616 bytes free . - - End Of File - - 85C97222CFDF6DB83B31092F313F3C78 A36C5E4F47E84449FF07ED3517B43A31

i updated and ran MBAR again, it says no malware found. but that happened last time too, even though there are viruses.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-11-2013 01 Ran by Wei at 2013-11-26 21:48:21 Run:1 Running from C:\Users\Wei\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) C:\Users\Wei\AppData\Local\Temp\hcuninstaller_20131008_174105_2504.exe C:\Users\Wei\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\Wei\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Wei\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe C:\Users\Wei\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Wei\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe C:\Users\Wei\AppData\Local\Temp\NGM.exe C:\Users\Wei\AppData\Local\Temp\NGMDll.dll C:\Users\Wei\AppData\Local\Temp\NGMResource.dll C:\Users\Wei\AppData\Local\Temp\NGMSetup.exe C:\Users\Wei\AppData\Local\Temp\ntdll_dump.dll C:\Users\Wei\AppData\Local\Temp\qqsafeud.exe C:\Users\Wei\AppData\Local\Temp\Quarantine.exe C:\Users\Wei\AppData\Local\Temp\QzoneMusic.exe C:\Users\Wei\AppData\Local\Temp\SHSetup.exe C:\Users\Wei\AppData\Local\Temp\StpA26E_TMP.EXE C:\Users\Wei\AppData\Local\Temp\StpD1C7_TMP.EXE C:\Users\Wei\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Wei\AppData\Local\Temp\swt-win32-3740.dll C:\Users\Wei\AppData\Local\Temp\ubi5661.tmp.exe C:\Users\Wei\AppData\Local\Temp\unicows.dll C:\Users\Wei\AppData\Local\Temp\Uninstaller-5920.exe C:\Users\Wei\AppData\Local\Temp\uttCC0B.tmp.exe C:\Users\Wei\AppData\Local\Temp\vrayuninst.dll C:\Users\Wei\jagex_cl_loginapplet_LIVE.dat C:\Users\Wei\jagex_cl_oldschool_LIVE.dat C:\Users\Wei\jagex_cl_runescape_LIVE.dat C:\Users\Wei\random.dat ***************** HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully. C:\Users\Wei\AppData\Local\Temp\hcuninstaller_20131008_174105_2504.exe => Moved successfully. C:\Users\Wei\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully. C:\Users\Wei\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully. C:\Users\Wei\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe => Moved successfully. C:\Users\Wei\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully. C:\Users\Wei\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe => Moved successfully. C:\Users\Wei\AppData\Local\Temp\NGM.exe => Moved successfully. C:\Users\Wei\AppData\Local\Temp\NGMDll.dll => Moved successfully. C:\Users\Wei\AppData\Local\Temp\NGMResource.dll => Moved successfully. C:\Users\Wei\AppData\Local\Temp\NGMSetup.exe => Moved successfully. C:\Users\Wei\AppData\Local\Temp\ntdll_dump.dll => Moved successfully. C:\Users\Wei\AppData\Local\Temp\qqsafeud.exe => Moved successfully. C:\Users\Wei\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\Wei\AppData\Local\Temp\QzoneMusic.exe => Moved successfully. C:\Users\Wei\AppData\Local\Temp\SHSetup.exe => Moved successfully. C:\Users\Wei\AppData\Local\Temp\StpA26E_TMP.EXE => Moved successfully. C:\Users\Wei\AppData\Local\Temp\StpD1C7_TMP.EXE => Moved successfully. C:\Users\Wei\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully. C:\Users\Wei\AppData\Local\Temp\swt-win32-3740.dll => Moved successfully. C:\Users\Wei\AppData\Local\Temp\ubi5661.tmp.exe => Moved successfully. C:\Users\Wei\AppData\Local\Temp\unicows.dll => Moved successfully. C:\Users\Wei\AppData\Local\Temp\Uninstaller-5920.exe => Moved successfully. C:\Users\Wei\AppData\Local\Temp\uttCC0B.tmp.exe => Moved successfully. C:\Users\Wei\AppData\Local\Temp\vrayuninst.dll => Moved successfully. C:\Users\Wei\jagex_cl_loginapplet_LIVE.dat => Moved successfully. C:\Users\Wei\jagex_cl_oldschool_LIVE.dat => Moved successfully. C:\Users\Wei\jagex_cl_runescape_LIVE.dat => Moved successfully. C:\Users\Wei\random.dat => Moved successfully. ==== End of Fixlog ====

hi, this is happening in both firefox and google chrome. FRST.TXT Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-11-2013 01 Ran by Wei (administrator) on WEI-PC on 26-11-2013 21:12:29 Running from C:\Users\Wei\Desktop Microsoft Windows 7 Enterprise (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe () C:\Windows\System32\PnkBstrA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Windows\FixCamera.exe (SONIX) C:\Windows\tsnp2std.exe (Sonix) C:\Windows\vsnp2std.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [] - [x] HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-03-15] (Adobe Systems Incorporated) HKLM\...\Run: [switchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM\...\Run: [FixCamera] - C:\Windows\FixCamera.exe [20480 2007-02-12] () HKLM\...\Run: [tsnp2std] - C:\Windows\tsnp2std.exe [262144 2007-02-13] (SONIX) HKLM\...\Run: [snp2std] - C:\Windows\vsnp2std.exe [344064 2006-12-05] (Sonix) HKLM\...\Run: [kxesc] - "c:\program files\kingsoft\kingsoft antivirus\kxetray.exe" -autorun HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.) HKLM\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\faae6410-b8be-4742-ac2c-28a42afc7e7d.exe [180184 2013-11-23] (AVAST Software) HKCU\...\Run: [Aim] - C:\Program Files\AIM\aim.exe [4321112 2011-05-03] (AOL Inc.) HKCU\...\Run: [AdobeBridge] - [x] HKCU\...\Run: [Akamai NetSession Interface] - "C:\Users\Wei\AppData\Local\Akamai\netsession_win.exe" HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) MountPoints2: {0233541d-6318-11e1-8913-90fba6edbae1} - E:\LaunchU3.exe -a ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9215BC5017DDCC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us SearchScopes: HKLM - DefaultScope value is missing. BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: WebGuard - {45B9637E-351B-7FAB-4362-0E1519ABA160} - C:\Program Files\TENCENT\WebGuard\webguard.dll No File BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Wei\AppData\Roaming\Mozilla\Firefox\Profiles\si0nzlfc.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @kingsfot.com/npkws - c:\program files\kingsoft\kingsoft antivirus\npkws.dll No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: @qq.com/npqscall - C:\Program Files\Common Files\Tencent\Npchrome\npactivex.dll No File FF Plugin: @qq.com/QQPhotoDrawEx - C:\Program Files\Tencent\Qzone\Ver_247.312\npQQPhotoDrawEx.dll No File FF Plugin: @qq.com/QzoneMusic - C:\Program Files\Tencent\QZoneMusic\2013.9.4.23.3.16\npQzoneMusic.dll No File FF Plugin: @qq.com/TXSSO - C:\Program Files\Common Files\Tencent\TXSSO\1.2.2.22\Bin\npSSOAxCtrlForPTLogin.dll No File FF Plugin: @tencent.com/npQQMailWebKit,version=1.0.0.1 - C:\Program Files\QQMailPlugin\npQQMailWebKit.dll (Tencent) FF Plugin: @tencent.com/nptxftnWebKit,version=1.0.0.1 - C:\Program Files\QQMailPlugin\nptxftnWebKit.dll (Tencent Technology (Shenzhen) Company Limited) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Wei\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Wei\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Extension: tabmix - C:\Users\Wei\AppData\Roaming\Mozilla\Firefox\Profiles\si0nzlfc.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR DefaultSearchURL: (Search the web (Babylon)) - http://www.google.com CHR DefaultSuggestURL: (Search the web (Babylon)) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Users\Wei\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Wei\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Wei\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Google Update) - C:\Users\Wei\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Google Wallet) - C:\Users\Wei\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR StartMenuInternet: Google Chrome - C:\Users\Wei\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2012-10-07] () R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [528256 2012-12-11] (Wacom Technology, Corp.) S3 xsherlock; C:\Windows\system32\xsherlock.xem [666720 2012-09-29] (Wellbia.com Co., Ltd.) S2 WebGuardUpdate; C:\Program Files\Tencent\WebGuard\WebGuardUpdate.exe /Service [x] ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [20624 2012-10-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-27] () R1 ElRawDisk; C:\Windows\system32\drivers\rsdrv.sys [22312 2009-02-12] (EldoS Corporation) S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [11680 2012-12-03] (Windows ® Win 7 DDK provider) R1 QQProtect; C:\Windows\system32\drivers\QQProtect.sys [173152 2013-08-05] (Tencent) R3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12007296 2007-03-10] () S3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [70048 2012-12-03] (Wacom Technology) S3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13728 2012-11-15] (Wacom Technology) S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] S3 FXDrv32; \??\D:\FXDrv32.sys [x] S3 vtany; \??\C:\Windows\vtany.sys [x] S3 XDva390; \??\C:\Windows\system32\XDva390.sys [x] S3 XDva394; \??\C:\Windows\system32\XDva394.sys [x] S3 XDva397; \??\C:\Windows\system32\XDva397.sys [x] S3 XDva400; \??\C:\Windows\system32\XDva400.sys [x] S3 XDva404; \??\C:\Windows\system32\XDva404.sys [x] S3 XDva405; \??\C:\Windows\system32\XDva405.sys [x] S3 xhunter1; \??\C:\Windows\xhunter1.sys [x] S3 xspirit; \??\C:\Windows\xspirit.sys [x] U3 mbr; \??\C:\Users\Wei\AppData\Local\Temp\mbr.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-26 21:12 - 2013-11-26 21:13 - 00016691 _____ C:\Users\Wei\Desktop\FRST.txt 2013-11-26 21:12 - 2013-11-26 21:12 - 01091605 _____ (Farbar) C:\Users\Wei\Desktop\FRST.exe 2013-11-26 21:12 - 2013-11-26 21:12 - 00000000 ____D C:\FRST 2013-11-26 21:03 - 2013-11-26 21:03 - 00003141 _____ C:\Users\Wei\Desktop\RKreport[0]_S_11262013_210326.txt 2013-11-26 20:56 - 2013-11-26 20:56 - 00013316 _____ C:\Users\Wei\Desktop\dds.txt 2013-11-26 20:56 - 2013-11-26 20:56 - 00005524 _____ C:\Users\Wei\Desktop\attach.txt 2013-11-26 20:55 - 2013-11-26 20:56 - 00688992 ____R (Swearware) C:\Users\Wei\Desktop\dds.scr 2013-11-26 20:17 - 2013-11-26 20:26 - 00000000 ____D C:\AdwCleaner 2013-11-26 20:16 - 2013-11-26 20:16 - 01091882 _____ C:\Users\Wei\Desktop\adwcleaner.exe 2013-11-26 19:55 - 2013-11-26 20:15 - 00000000 ____D C:\Users\Wei\Desktop\mbar 2013-11-26 19:55 - 2013-11-26 20:15 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-11-26 19:55 - 2013-11-26 19:55 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2013-11-26 19:55 - 2013-11-26 19:55 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-11-26 19:54 - 2013-11-26 19:54 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Wei\Desktop\mbar-1.07.0.1007.exe 2013-11-26 19:50 - 2013-11-26 19:54 - 00000000 ____D C:\Users\Wei\Desktop\RK_Quarantine 2013-11-26 19:46 - 2013-11-26 19:46 - 03687936 _____ C:\Users\Wei\Desktop\RogueKiller.exe 2013-11-26 18:13 - 2013-11-26 19:46 - 00000000 ____D C:\Users\Wei\AppData\Roaming\Anvisoft 2013-11-26 18:12 - 2013-11-26 19:46 - 00000000 ____D C:\Program Files\Anvisoft 2013-11-26 18:12 - 2013-11-26 18:12 - 00000000 ____D C:\ProgramData\Anvisoft 2013-11-26 17:38 - 2013-11-26 19:47 - 00000000 ____D C:\Windows\220FB0354744483A9A0B41DF77061583.TMP 2013-11-26 17:38 - 2013-11-26 17:38 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-11-26 17:38 - 2013-11-26 17:38 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2013-11-24 08:06 - 2013-11-24 08:06 - 00000000 ____D C:\Users\Wei\Downloads\Johnny English (2003) 2013-11-23 10:06 - 2013-11-23 10:18 - 00000000 ____D C:\Users\Wei\Downloads\The.Grandmaster.2013.BDRip.XviD-ESPiSE 2013-11-21 22:03 - 2013-11-21 22:03 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-11-21 22:03 - 2013-11-21 22:03 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-11-15 22:08 - 2013-11-15 22:08 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-14 07:51 - 2013-11-14 07:51 - 00000000 ____D C:\Users\Wei\Downloads\Stuck.In.Love.2012.BRRip XViD juggs 2013-10-31 15:57 - 2013-11-21 19:14 - 00000000 ____D C:\Users\Wei\Desktop\canon 2013-10-31 14:22 - 2013-10-31 14:22 - 00001102 _____ C:\Users\Public\Desktop\Digital Photo Professional.lnk 2013-10-31 14:22 - 2013-10-31 14:22 - 00001037 _____ C:\Users\Public\Desktop\EOS Utility.lnk 2013-10-31 14:21 - 2013-10-31 14:22 - 00000000 ____D C:\Program Files\Canon 2013-10-31 14:19 - 2013-10-31 14:19 - 00000000 ____D C:\Program Files\Common Files\Canon 2013-10-29 15:25 - 2013-10-29 15:31 - 00000000 ____D C:\Users\Wei\Downloads\The Shining (1980) 2013-10-28 18:24 - 2013-10-28 18:26 - 00000000 ____D C:\Users\Wei\.Creative-Scape.net 2013-10-28 17:32 - 2013-10-28 17:32 - 00000000 ____D C:\Users\Wei\Documents\AeriaGames 2013-10-27 19:43 - 2013-10-27 19:43 - 00000000 ____D C:\Users\Wei\AppData\Local\EMU ==================== One Month Modified Files and Folders ======= 2013-11-26 21:13 - 2013-11-26 21:12 - 00016691 _____ C:\Users\Wei\Desktop\FRST.txt 2013-11-26 21:12 - 2013-11-26 21:12 - 01091605 _____ (Farbar) C:\Users\Wei\Desktop\FRST.exe 2013-11-26 21:12 - 2013-11-26 21:12 - 00000000 ____D C:\FRST 2013-11-26 21:03 - 2013-11-26 21:03 - 00003141 _____ C:\Users\Wei\Desktop\RKreport[0]_S_11262013_210326.txt 2013-11-26 20:58 - 2012-01-27 12:24 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1509593049-3746581815-257761438-1001UA.job 2013-11-26 20:56 - 2013-11-26 20:56 - 00013316 _____ C:\Users\Wei\Desktop\dds.txt 2013-11-26 20:56 - 2013-11-26 20:56 - 00005524 _____ C:\Users\Wei\Desktop\attach.txt 2013-11-26 20:56 - 2013-11-26 20:55 - 00688992 ____R (Swearware) C:\Users\Wei\Desktop\dds.scr 2013-11-26 20:34 - 2009-07-13 23:34 - 00014544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-26 20:34 - 2009-07-13 23:34 - 00014544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-26 20:31 - 2010-12-13 14:29 - 00778150 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-26 20:30 - 2012-01-27 12:12 - 01403237 _____ C:\Windows\WindowsUpdate.log 2013-11-26 20:27 - 2012-10-07 10:51 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-26 20:26 - 2013-11-26 20:17 - 00000000 ____D C:\AdwCleaner 2013-11-26 20:26 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-26 20:26 - 2009-07-13 23:39 - 00106240 _____ C:\Windows\setupact.log 2013-11-26 20:23 - 2012-09-29 17:59 - 00000000 ____D C:\ProgramData\NexonUS 2013-11-26 20:20 - 2012-01-28 09:33 - 00057808 _____ C:\Windows\PFRO.log 2013-11-26 20:16 - 2013-11-26 20:16 - 01091882 _____ C:\Users\Wei\Desktop\adwcleaner.exe 2013-11-26 20:15 - 2013-11-26 19:55 - 00000000 ____D C:\Users\Wei\Desktop\mbar 2013-11-26 20:15 - 2013-11-26 19:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-11-26 19:55 - 2013-11-26 19:55 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2013-11-26 19:55 - 2013-11-26 19:55 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2013-11-26 19:54 - 2013-11-26 19:54 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Wei\Desktop\mbar-1.07.0.1007.exe 2013-11-26 19:54 - 2013-11-26 19:50 - 00000000 ____D C:\Users\Wei\Desktop\RK_Quarantine 2013-11-26 19:48 - 2013-06-08 12:11 - 00000000 ____D C:\Users\Wei\AppData\Roaming\uTorrent 2013-11-26 19:47 - 2013-11-26 17:38 - 00000000 ____D C:\Windows\220FB0354744483A9A0B41DF77061583.TMP 2013-11-26 19:46 - 2013-11-26 19:46 - 03687936 _____ C:\Users\Wei\Desktop\RogueKiller.exe 2013-11-26 19:46 - 2013-11-26 18:13 - 00000000 ____D C:\Users\Wei\AppData\Roaming\Anvisoft 2013-11-26 19:46 - 2013-11-26 18:12 - 00000000 ____D C:\Program Files\Anvisoft 2013-11-26 19:27 - 2012-01-27 12:29 - 00000000 ____D C:\Program Files\AIM 2013-11-26 18:18 - 2012-10-05 20:51 - 00000000 ____D C:\Program Files\Adobe Download Assistant 2013-11-26 18:12 - 2013-11-26 18:12 - 00000000 ____D C:\ProgramData\Anvisoft 2013-11-26 17:58 - 2012-01-27 12:24 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1509593049-3746581815-257761438-1001Core.job 2013-11-26 17:38 - 2013-11-26 17:38 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-11-26 17:38 - 2013-11-26 17:38 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2013-11-24 08:06 - 2013-11-24 08:06 - 00000000 ____D C:\Users\Wei\Downloads\Johnny English (2003) 2013-11-23 10:18 - 2013-11-23 10:06 - 00000000 ____D C:\Users\Wei\Downloads\The.Grandmaster.2013.BDRip.XviD-ESPiSE 2013-11-22 00:21 - 2012-01-27 12:25 - 00000000 ____D C:\Users\Wei\AppData\Local\Adobe 2013-11-21 22:03 - 2013-11-21 22:03 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2013-11-21 22:03 - 2013-11-21 22:03 - 00000000 ____D C:\Program Files\McAfee Security Scan 2013-11-21 22:03 - 2012-09-20 16:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-11-21 22:03 - 2012-01-27 12:24 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-11-21 19:14 - 2013-10-31 15:57 - 00000000 ____D C:\Users\Wei\Desktop\canon 2013-11-19 17:05 - 2012-01-28 09:33 - 00000000 ____D C:\Users\Wei\AppData\Roaming\Skype 2013-11-17 12:56 - 2012-04-25 18:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-11-15 22:08 - 2013-11-15 22:08 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-14 22:46 - 2013-08-28 06:49 - 00000000 __SHD C:\AI_RecycleBin 2013-11-14 22:46 - 2013-06-11 21:36 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin 2013-11-14 20:56 - 2013-06-11 21:35 - 00000000 ____D C:\Users\Wei\AppData\Roaming\Riot Games 2013-11-14 07:51 - 2013-11-14 07:51 - 00000000 ____D C:\Users\Wei\Downloads\Stuck.In.Love.2012.BRRip XViD juggs 2013-11-05 14:30 - 2013-09-04 22:02 - 00000000 ____D C:\Users\Wei\Documents\Tencent Files 2013-10-31 14:22 - 2013-10-31 14:22 - 00001102 _____ C:\Users\Public\Desktop\Digital Photo Professional.lnk 2013-10-31 14:22 - 2013-10-31 14:22 - 00001037 _____ C:\Users\Public\Desktop\EOS Utility.lnk 2013-10-31 14:22 - 2013-10-31 14:21 - 00000000 ____D C:\Program Files\Canon 2013-10-31 14:19 - 2013-10-31 14:19 - 00000000 ____D C:\Program Files\Common Files\Canon 2013-10-29 15:31 - 2013-10-29 15:25 - 00000000 ____D C:\Users\Wei\Downloads\The Shining (1980) 2013-10-28 18:26 - 2013-10-28 18:24 - 00000000 ____D C:\Users\Wei\.Creative-Scape.net 2013-10-28 18:24 - 2012-01-27 12:12 - 00000000 ____D C:\Users\Wei 2013-10-28 17:32 - 2013-10-28 17:32 - 00000000 ____D C:\Users\Wei\Documents\AeriaGames 2013-10-27 19:43 - 2013-10-27 19:43 - 00000000 ____D C:\Users\Wei\AppData\Local\EMU Files to move or delete: ==================== C:\Users\Wei\jagex_cl_loginapplet_LIVE.dat C:\Users\Wei\jagex_cl_oldschool_LIVE.dat C:\Users\Wei\jagex_cl_runescape_LIVE.dat C:\Users\Wei\random.dat Some content of TEMP: ==================== C:\Users\Wei\AppData\Local\Temp\hcuninstaller_20131008_174105_2504.exe C:\Users\Wei\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\Wei\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Wei\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe C:\Users\Wei\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Wei\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe C:\Users\Wei\AppData\Local\Temp\NGM.exe C:\Users\Wei\AppData\Local\Temp\NGMDll.dll C:\Users\Wei\AppData\Local\Temp\NGMResource.dll C:\Users\Wei\AppData\Local\Temp\NGMSetup.exe C:\Users\Wei\AppData\Local\Temp\ntdll_dump.dll C:\Users\Wei\AppData\Local\Temp\qqsafeud.exe C:\Users\Wei\AppData\Local\Temp\Quarantine.exe C:\Users\Wei\AppData\Local\Temp\QzoneMusic.exe C:\Users\Wei\AppData\Local\Temp\SHSetup.exe C:\Users\Wei\AppData\Local\Temp\StpA26E_TMP.EXE C:\Users\Wei\AppData\Local\Temp\StpD1C7_TMP.EXE C:\Users\Wei\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Wei\AppData\Local\Temp\swt-win32-3740.dll C:\Users\Wei\AppData\Local\Temp\ubi5661.tmp.exe C:\Users\Wei\AppData\Local\Temp\unicows.dll C:\Users\Wei\AppData\Local\Temp\Uninstaller-5920.exe C:\Users\Wei\AppData\Local\Temp\uttCC0B.tmp.exe C:\Users\Wei\AppData\Local\Temp\vrayuninst.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-20 00:29 ==================== End Of Log ============================ ADDITION.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-11-2013 01 Ran by Wei at 2013-11-26 21:14:43 Running from C:\Users\Wei\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C} AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 7.1.8) 4500_G510nz_Help (Version: 000.0.439.000) 4500G510nz (Version: 000.0.439.000) 4500G510nz_Software_Min (Version: 000.0.423.000) Adobe AIR (Version: 3.3.0.3670) Adobe Content Viewer (Version: 1.4.0) Adobe Download Assistant (Version: 1.2.3) Adobe Flash Player 11 ActiveX (Version: 11.1.102.55) Adobe Flash Player 11 Plugin (Version: 11.9.900.152) Adobe Help Manager (Version: 4.0.244) Adobe Photoshop CS5.1 (Version: 12.1) Adobe Reader XI (11.0.03) (Version: 11.0.03) Adobe Shockwave Player 11.6 (Version: 11.6.3.633) AIM 7 Apple Application Support (Version: 2.3.6) Apple Mobile Device Support (Version: 7.0.0.117) Apple Software Update (Version: 2.1.3.127) Audacity 1.3.14 (Unicode) avast! Free Antivirus (Version: 8.0.1489.0) Bonjour (Version: 3.0.0.10) BufferChm (Version: 130.0.331.000) Canon Utilities Digital Photo Professional 3.10 (Version: 3.10.2.0) Canon Utilities EOS Utility (Version: 2.10.2.0) Canon Utilities Movie Uploader for YouTube (Version: 1.2.0.7) Canon Utilities PhotoStitch (Version: 3.1.22.46) Defraggler (Version: 2.12) Destinations (Version: 130.0.0.0) DeviceDiscovery (Version: 130.0.372.000) DocMgr (Version: 130.0.000.000) DocProc (Version: 13.0.0.0) Fax (Version: 130.0.418.000) Google Chrome (HKCU Version: 31.0.1650.57) GPBaseService2 (Version: 130.0.371.000) HP Customer Participation Program 13.0 (Version: 13.0) HP Document Manager 2.0 (Version: 2.0) HP Imaging Device Functions 13.0 (Version: 13.0) HP Officejet 4500 G510n-z (Version: 13.0) HP Smart Web Printing 4.5 (Version: 4.5) HP Solution Center 13.0 (Version: 13.0) HP Update (Version: 5.003.001.001) HPProductAssistant (Version: 130.0.371.000) Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930) Intel® TV Wizard iTunes (Version: 11.1.0.126) Java 7 Update 45 (Version: 7.0.450) Java Auto Updater (Version: 2.1.9.8) LAME v3.99.3 (for Windows) MarketResearch (Version: 130.0.374.000) McAfee Security Scan Plus (Version: 3.0.285.6) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000) Microsoft Silverlight (Version: 5.0.61118.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053) Microsoft_VC90_ATL_x86 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000) Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1) Mozilla Maintenance Service (Version: 25.0.1) Network (Version: 130.0.374.000) NVIDIA 3D Vision Driver 260.89 (Version: 260.89) NVIDIA Control Panel 260.89 (Version: 260.89) NVIDIA Graphics Driver 260.89 (Version: 260.89) NVIDIA HD Audio Driver 1.1.9.0 (Version: 1.1.9.0) NVIDIA Install Application (Version: 2.0.14.0) NVIDIA PhysX (Version: 9.10.0514) NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514) NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6089) OCR Software by I.R.I.S. 13.0 (Version: 13.0) Origin (Version: 9.3.1.4482) PDF Settings CS5 (Version: 10.0) PunkBuster Services (Version: 0.992) QuickTime (Version: 7.73.80.64) Scan (Version: 13.0.0.0) Skype™ 5.5 (Version: 5.5.124) SmartWebPrinting (Version: 130.0.373.000) SolutionCenter (Version: 130.0.373.000) Status (Version: 130.0.373.000) TeamViewer 7 (Version: 7.0.12541) Toolbox (Version: 130.0.648.000) TrayApp (Version: 130.0.376.000) USB2.0 PC Camera (SN9C201&202) (Version: 5.7.19.106) VLC media player 1.1.11 (Version: 1.1.11) Wacom (Version: 5.3.2-1) WebGuard (Version: 7.3.2.3) WebReg (Version: 130.0.132.017) WebTablet FB Plugin 32 bit (Version: 2.1.0.2) WinRAR 4.10 (32-bit) (Version: 4.10.0) ==================== Restore Points ========================= 23-11-2013 07:58:52 Scheduled Checkpoint 26-11-2013 22:38:11 Installed SpyHunter 26-11-2013 23:06:48 Removed SpyHunter 26-11-2013 23:07:44 Removed SpyHunter 27-11-2013 00:46:31 Removed SpyHunter 27-11-2013 01:22:50 删除 腾讯QQ2013。 ==================== Hosts content: ========================== 2012-02-29 18:12 - 2013-11-26 19:54 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {09F4A528-9B0F-4F79-9AFB-967230E81751} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {2DDE3BF1-7C4F-4E4A-A319-9D6797670879} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {2F76EED0-31B5-4CF6-8DE3-73DE5084C4B7} - System32\Tasks\AdobeAAMUpdater-1.0-Wei-PC-Wei => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-03-15] (Adobe Systems Incorporated) Task: {3A7936A7-6FB0-4866-BEFD-0948A8D479E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1509593049-3746581815-257761438-1001Core => C:\Users\Wei\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-01] (Google Inc.) Task: {5F0D6055-2A81-4137-84B1-7C9A74607C5A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {9BA603D8-757E-4B6A-B44D-B56F0444016A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1509593049-3746581815-257761438-1001UA => C:\Users\Wei\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-01] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1509593049-3746581815-257761438-1001Core.job => C:\Users\Wei\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1509593049-3746581815-257761438-1001UA.job => C:\Users\Wei\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-24 20:17 - 2010-03-24 20:17 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-01-27 12:28 - 2012-01-09 19:44 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll 2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-15 16:22 - 2012-12-11 12:07 - 00963456 _____ () C:\Program Files\Tablet\Pen\libxml2.dll 2013-11-15 22:08 - 2013-11-15 22:08 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2013-11-21 22:03 - 2013-11-21 22:03 - 16237448 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Officejet 4500 G510n-z Description: Officejet 4500 G510n-z Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Unknown Device Description: Unknown Device Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (11/26/2013 07:46:36 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary AnviSmartDefender Web Guard. System Error: The system cannot find the file specified. . Error: (11/26/2013 07:46:36 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary asdrm. System Error: The system cannot find the file specified. . Error: (11/16/2013 11:50:56 AM) (Source: Application Hang) (User: ) Description: The program firefox.exe version 25.0.1.5064 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: fe4 Start Time: 01cee2c2654c4bac Termination Time: 114 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: 3edeffd0-4edf-11e3-82e3-90fba6edbae1 Error: (11/15/2013 00:56:14 PM) (Source: Application Error) (User: ) Description: Faulting application name: plugin-container.exe, version: 25.0.0.5046, time stamp: 0x526b1daa Faulting module name: mozalloc.dll, version: 25.0.0.5046, time stamp: 0x526af0bc Exception code: 0x80000003 Fault offset: 0x0000119c Faulting process id: 0x1098 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 Error: (11/14/2013 09:01:55 PM) (Source: Application Hang) (User: ) Description: The program firefox.exe version 25.0.0.5046 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 14e8 Start Time: 01cee17c2ff9df40 Termination Time: 179 Application Path: C:\Program Files\Mozilla Firefox\firefox.exe Report Id: e478079a-4d99-11e3-808d-90fba6edbae1 Error: (11/14/2013 10:36:02 AM) (Source: Application Error) (User: ) Description: Faulting application name: firefox.exe, version: 25.0.0.5046, time stamp: 0x526b1e27 Faulting module name: xul.dll, version: 25.0.0.5046, time stamp: 0x526b1d27 Exception code: 0xc0000005 Fault offset: 0x001157e7 Faulting process id: 0x1310 Faulting application start time: 0xfirefox.exe0 Faulting application path: firefox.exe1 Faulting module path: firefox.exe2 Report Id: firefox.exe3 Error: (10/26/2013 03:47:59 PM) (Source: Application Hang) (User: ) Description: The program patcher_cf.exe version 1.0.0.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 14e4 Start Time: 01ced28bcd967dc5 Termination Time: 3 Application Path: C:\Program Files\Z8Games\CrossFire\patcher_cf.exe Report Id: e4496330-3e7f-11e3-901b-90fba6edbae1 Error: (10/26/2013 03:41:45 PM) (Source: Application Hang) (User: ) Description: The program patcher_cf.exe version 1.0.0.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 92c Start Time: 01ced28b7a5eb932 Termination Time: 3 Application Path: C:\Program Files\Z8Games\CrossFire\patcher_cf.exe Report Id: 05a4b81f-3e7f-11e3-901b-90fba6edbae1 Error: (10/26/2013 03:39:05 PM) (Source: Application Hang) (User: ) Description: The program patcher_cf.exe version 1.0.0.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 770 Start Time: 01ced28b28df0bf1 Termination Time: 10 Application Path: C:\Program Files\Z8Games\CrossFire\patcher_cf.exe Report Id: a51a61d5-3e7e-11e3-901b-90fba6edbae1 Error: (10/22/2013 02:27:39 PM) (Source: Application Hang) (User: ) Description: The program Conquer_v5788_P2P_20131008.exe version 1.0.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1db0 Start Time: 01cecf5a07a44cc5 Termination Time: 102 Application Path: C:\Users\Wei\Desktop\Conquer_v5788_P2P_20131008.exe Report Id: 00da926b-3b50-11e3-8fd2-90fba6edbae1 System errors: ============= Error: (11/26/2013 08:27:05 PM) (Source: Service Control Manager) (User: ) Description: The Tencent WebGuard Update Service service failed to start due to the following error: %%2 Error: (11/26/2013 08:21:20 PM) (Source: Service Control Manager) (User: ) Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). Error: (11/26/2013 08:21:12 PM) (Source: Service Control Manager) (User: ) Description: The Tencent WebGuard Update Service service failed to start due to the following error: %%2 Error: (11/26/2013 08:15:15 PM) (Source: mbamchameleon) (User: ) Description: M FILES\MCAFEE SECURITY SCAN\3.0.285\SSSCHEDULER.EXE Error: (11/26/2013 08:15:15 PM) (Source: mbamchameleon) (User: ) Description: lume2\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTUI.EXE Error: (11/26/2013 08:15:15 PM) (Source: mbamchameleon) (User: ) Description: ume2\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE Error: (11/26/2013 07:55:33 PM) (Source: mbamchameleon) (User: ) Description: M FILES\MCAFEE SECURITY SCAN\3.0.285\SSSCHEDULER.EXE Error: (11/26/2013 07:55:32 PM) (Source: mbamchameleon) (User: ) Description: lume2\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTUI.EXE Error: (11/26/2013 07:55:32 PM) (Source: mbamchameleon) (User: ) Description: ume2\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE Error: (11/26/2013 07:55:32 PM) (Source: mbamchameleon) (User: ) Description: M FILES\MCAFEE SECURITY SCAN\3.0.285\SSSCHEDULER.EXE Microsoft Office Sessions: ========================= Error: (11/26/2013 07:46:36 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary AnviSmartDefender Web Guard. System Error: The system cannot find the file specified. Error: (11/26/2013 07:46:36 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary asdrm. System Error: The system cannot find the file specified. Error: (11/16/2013 11:50:56 AM) (Source: Application Hang)(User: ) Description: firefox.exe25.0.1.5064fe401cee2c2654c4bac114C:\Program Files\Mozilla Firefox\firefox.exe3edeffd0-4edf-11e3-82e3-90fba6edbae1 Error: (11/15/2013 00:56:14 PM) (Source: Application Error)(User: ) Description: plugin-container.exe25.0.0.5046526b1daamozalloc.dll25.0.0.5046526af0bc800000030000119c109801cee22878b2632dC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dll375de47d-4e1f-11e3-87d6-90fba6edbae1 Error: (11/14/2013 09:01:55 PM) (Source: Application Hang)(User: ) Description: firefox.exe25.0.0.504614e801cee17c2ff9df40179C:\Program Files\Mozilla Firefox\firefox.exee478079a-4d99-11e3-808d-90fba6edbae1 Error: (11/14/2013 10:36:02 AM) (Source: Application Error)(User: ) Description: firefox.exe25.0.0.5046526b1e27xul.dll25.0.0.5046526b1d27c0000005001157e7131001cee12427943ad7C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dll7763d580-4d42-11e3-808d-90fba6edbae1 Error: (10/26/2013 03:47:59 PM) (Source: Application Hang)(User: ) Description: patcher_cf.exe1.0.0.614e401ced28bcd967dc53C:\Program Files\Z8Games\CrossFire\patcher_cf.exee4496330-3e7f-11e3-901b-90fba6edbae1 Error: (10/26/2013 03:41:45 PM) (Source: Application Hang)(User: ) Description: patcher_cf.exe1.0.0.692c01ced28b7a5eb9323C:\Program Files\Z8Games\CrossFire\patcher_cf.exe05a4b81f-3e7f-11e3-901b-90fba6edbae1 Error: (10/26/2013 03:39:05 PM) (Source: Application Hang)(User: ) Description: patcher_cf.exe1.0.0.677001ced28b28df0bf110C:\Program Files\Z8Games\CrossFire\patcher_cf.exea51a61d5-3e7e-11e3-901b-90fba6edbae1 Error: (10/22/2013 02:27:39 PM) (Source: Application Hang)(User: ) Description: Conquer_v5788_P2P_20131008.exe1.0.2.01db001cecf5a07a44cc5102C:\Users\Wei\Desktop\Conquer_v5788_P2P_20131008.exe00da926b-3b50-11e3-8fd2-90fba6edbae1 CodeIntegrity Errors: =================================== Date: 2013-06-08 08:11:59.540 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-08 08:09:25.515 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-08 07:06:45.020 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-07 21:58:31.750 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-07 17:53:20.894 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-07 16:53:38.282 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-07 16:27:43.564 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-07 08:38:04.048 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-07 07:01:46.393 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. Date: 2013-06-07 06:54:46.280 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 61% Total physical RAM: 2046.18 MB Available physical RAM: 792.91 MB Total Pagefile: 4092.36 MB Available Pagefile: 2671.11 MB Total Virtual: 2047.88 MB Available Virtual: 1892.29 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.95 GB) (Free:89.34 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: B70D4D30) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ==================== End Of Log ============================

roguekiller report RogueKiller V8.7.9 [Nov 25 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User : Wei [Admin rights] Mode : Scan -- Date : 11/26/2013 21:03:26 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] SSDT[66] : NtCreateFile @ 0x8325AF0E -> HOOKED (C:\Windows\System32\drivers\QQProtect.sys @ 0x8DAF1FD0) [Address] SSDT[87] : NtCreateThread @ 0x832EAC6A -> HOOKED (C:\Windows\System32\drivers\QQProtect.sys @ 0x8DAED73A) [Address] SSDT[88] : NtCreateThreadEx @ 0x83248DD1 -> HOOKED (C:\Windows\System32\drivers\QQProtect.sys @ 0x8DAEDB9A) [Address] SSDT[102] : NtDeleteFile @ 0x831CAA0E -> HOOKED (C:\Windows\System32\drivers\QQProtect.sys @ 0x8DAF1E66) [Address] SSDT[179] : NtOpenFile @ 0x8328A654 -> HOOKED (C:\Windows\System32\drivers\QQProtect.sys @ 0x8DAF2172) [Address] SSDT[190] : NtOpenProcess @ 0x832915C1 -> HOOKED (C:\Windows\System32\drivers\QQProtect.sys @ 0x8DAF715A) [Address] SSDT[217] : NtQueryAttributesFile @ 0x83272BD8 -> HOOKED (C:\Windows\System32\drivers\QQProtect.sys @ 0x8DAF7B6A) [Address] SSDT[269] : NtQueueApcThread @ 0x831FCB48 -> HOOKED (C:\Windows\System32\drivers\QQProtect.sys @ 0x8DAF8090) [Address] SSDT[277] : NtReadVirtualMemory @ 0x83293C09 -> HOOKED (C:\Windows\System32\drivers\QQProtect.sys @ 0x8DAE7B02) [Address] SSDT[316] : NtSetContextThread @ 0x832EBD6F -> HOOKED (C:\Windows\System32\drivers\QQProtect.sys @ 0x8DAF75DC) [Address] SSDT[329] : NtSetInformationFile @ 0x8325FF3F -> HOOKED (C:\Windows\System32\drivers\QQProtect.sys @ 0x8DAF1DAA) [Address] Shadow SSDT[396] : NtUserFindWindowEx -> HOOKED (C:\Windows\System32\drivers\QQProtect.sys @ 0x8DAE948A) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600HLHX-60JJPV0 ATA Device +++++ --- User --- [MBR] 2299356359541f1b48428cdf444a8c8b [bSP] 296e94dfad9a6f0cdf523b03adf4d84f : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152525 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_11262013_210326.txt >>

DDS.TXT DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.7600.16700 BrowserJavaVersion: 10.45.2 Run by Wei at 20:56:13 on 2013-11-26 Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2046.917 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Tablet\Pen\WTabletServiceCon.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Tablet\Pen\Pen_TabletUser.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Tablet\Pen\WacomHost.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\FixCamera.exe C:\Windows\tsnp2std.exe C:\Windows\vsnp2std.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AIM\aim.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Tablet\Pen\Pen_Tablet.exe C:\Program Files\Tablet\Pen\Pen_TouchUser.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k HPService C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs . ============== Pseudo HJT Report =============== . BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: WebGuard: {45B9637E-351B-7FAB-4362-0E1519ABA160} - BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US uRun: [AdobeBridge] <no file> mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui mRun: [FixCamera] c:\windows\FixCamera.exe mRun: [tsnp2std] c:\windows\tsnp2std.exe mRun: [snp2std] c:\windows\vsnp2std.exe mRun: [kxesc] "c:\program files\kingsoft\kingsoft antivirus\kxetray.exe" -autorun mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [20131121] c:\program files\avast software\avast\setup\emupdate\faae6410-b8be-4742-ac2c-28a42afc7e7d.exe /check StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: NameServer = 192.168.1.1 TCP: Interfaces\{662D631C-F11A-4F81-ABF8-CE39041A1AC6} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Notify: igfxcui - igfxdev.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\wei\appdata\roaming\mozilla\firefox\profiles\si0nzlfc.default\ FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - plugin: c:\program files\qqmailplugin\npQQMailWebKit.dll FF - plugin: c:\program files\qqmailplugin\nptxftnWebKit.dll FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll FF - plugin: c:\users\wei\appdata\local\google\update\1.3.21.165\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll FF - ExtSQL: !HIDDEN! 2012-04-03 18:19; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3 . ============= SERVICES / DRIVERS =============== . R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-25 49376] R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-25 175176] R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-1-26 20624] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-25 770344] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-25 369584] R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2013-5-15 22312] R1 QQProtect;QQProtect;c:\windows\system32\drivers\QQProtect.sys [2013-9-4 173152] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-25 29816] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-25 66336] R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-25 46808] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-8 369256] R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-1-27 3027840] R2 WTabletServiceCon;Wacom Consumer Service;c:\program files\tablet\pen\WTabletServiceCon.exe [2013-9-15 528256] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 WebGuardUpdate;Tencent WebGuard Update Service;c:\program files\tencent\webguard\webguardupdate.exe /service --> c:\program files\tencent\webguard\WebGuardUpdate.exe [?] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 hidkmdf;KMDF Driver;c:\windows\system32\drivers\hidkmdf.sys [2013-9-15 11680] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.285\McCHSvc.exe [2012-9-5 234776] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\drivers\wachidrouter.sys [2013-9-15 70048] S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\drivers\wacomrouterfilter.sys [2013-9-15 13728] S3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2012-9-29 666720] . =============== Created Last 30 ================ . 2013-11-27 01:17:01 -------- d-----w- C:\AdwCleaner 2013-11-27 00:55:54 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-11-27 00:55:53 105176 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2013-11-27 00:55:30 75992 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-11-26 23:13:12 -------- d-----w- c:\users\wei\appdata\roaming\Anvisoft 2013-11-26 23:12:59 -------- d-----w- c:\programdata\Anvisoft 2013-11-26 23:12:57 -------- d-----w- c:\program files\Anvisoft 2013-11-26 22:38:47 -------- d-----w- c:\program files\Enigma Software Group 2013-11-26 22:38:05 -------- d-----w- c:\windows\220FB0354744483A9A0B41DF77061583.TMP 2013-11-26 22:38:04 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2013-11-22 03:03:22 -------- d-----w- c:\programdata\McAfee Security Scan 2013-11-22 03:03:19 -------- d-----w- c:\program files\McAfee Security Scan 2013-10-31 19:21:49 -------- d-----w- c:\program files\Canon 2013-10-31 19:19:37 -------- d-----w- c:\program files\common files\Canon 2013-10-28 23:24:32 -------- d-----w- c:\users\wei\.Creative-Scape.net . ==================== Find3M ==================== . 2013-11-22 03:03:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-11-22 03:03:17 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-10-08 11:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . ============= FINISH: 20:56:36.53 =============== ATTACH.TXT . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Enterprise Boot Device: \Device\HarddiskVolume1 Install Date: 1/27/2012 12:12:16 PM System Uptime: 11/26/2013 8:26:44 PM (0 hours ago) . Motherboard: Foxconn | | G31MXP/G31MXP-K Processor: Intel® Core2 Quad CPU Q8300 @ 2.50GHz | Socket 775 | 2498/333mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 149 GiB total, 89.426 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Officejet 4500 G510n-z Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Officejet 4500 G510n-z PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . Class GUID: Description: Device ID: ACPI\PNP0510\4&1301ABF&0 Manufacturer: Name: PNP Device ID: ACPI\PNP0510\4&1301ABF&0 Service: . Class GUID: {36fc9e60-c465-11cf-8056-444553540000} Description: Unknown Device Device ID: USB\VID_0000&PID_0000\5&38C522B7&0&1 Manufacturer: (Standard USB Host Controller) Name: Unknown Device PNP Device ID: USB\VID_0000&PID_0000\5&38C522B7&0&1 Service: . ==== System Restore Points =================== . RP191: 11/23/2013 2:58:52 AM - Scheduled Checkpoint RP192: 11/26/2013 5:38:11 PM - Installed SpyHunter RP193: 11/26/2013 6:06:48 PM - Removed SpyHunter RP194: 11/26/2013 6:07:44 PM - Removed SpyHunter RP195: 11/26/2013 7:46:31 PM - Removed SpyHunter . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer 4500_G510nz_Help 4500G510nz 4500G510nz_Software_Min Adobe AIR Adobe Content Viewer Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Manager Adobe Photoshop CS5.1 Adobe Reader XI (11.0.03) Adobe Shockwave Player 11.6 AIM 7 Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.3.14 (Unicode) avast! Free Antivirus Bonjour BufferChm Canon Utilities Digital Photo Professional 3.10 Canon Utilities EOS Utility Canon Utilities Movie Uploader for YouTube Canon Utilities PhotoStitch Defraggler Destinations DeviceDiscovery DocMgr DocProc Fax Google Chrome GPBaseService2 HP Customer Participation Program 13.0 HP Document Manager 2.0 HP Imaging Device Functions 13.0 HP Officejet 4500 G510n-z HP Smart Web Printing 4.5 HP Solution Center 13.0 HP Update HPProductAssistant Intel® Graphics Media Accelerator Driver Intel® TV Wizard iTunes Java 7 Update 45 Java Auto Updater LAME v3.99.3 (for Windows) MarketResearch McAfee Security Scan Plus Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mozilla Firefox 25.0.1 (x86 en-US) Mozilla Maintenance Service Network NVIDIA 3D Vision Driver 260.89 NVIDIA Control Panel 260.89 NVIDIA Graphics Driver 260.89 NVIDIA HD Audio Driver 1.1.9.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.10.0514 NVIDIA Stereoscopic 3D Driver OCR Software by I.R.I.S. 13.0 Origin PDF Settings CS5 PunkBuster Services QuickTime Scan Skype™ 5.5 SmartWebPrinting SolutionCenter Status TeamViewer 7 Toolbox TrayApp USB2.0 PC Camera (SN9C201&202) VLC media player 1.1.11 Wacom WebGuard WebReg WebTablet FB Plugin 32 bit WinRAR 4.10 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 11/26/2013 8:27:05 PM, Error: Service Control Manager [7000] - The Tencent WebGuard Update Service service failed to start due to the following error: The system cannot find the file specified. 11/26/2013 8:21:20 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). 11/26/2013 8:15:15 PM, Error: mbamchameleon [61440] - 11/22/2013 2:00:28 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization. 11/21/2013 6:26:08 PM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================

Hi, this started only today. I try to go on a site and a malware warning pops up and then i get redirected to a page saying nginx web server was installed. i attached a screenshot of it. how do i get rid of this???

thanks a lot for the help =)

Results of screen317's Security Check version 0.99.64 Windows 7 x86 (UAC is enabled) Out of date service pack!! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 17 Java version out of Date! Adobe Flash Player 11.7.700.169 Adobe Reader 10.1.5 Adobe Reader out of Date! Mozilla Firefox (21.0) Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````

# AdwCleaner v2.302 - Logfile created 06/08/2013 at 11:28:09 # Updated 06/06/2013 by Xplode # Operating system : Windows 7 Enterprise (32 bits) # User : Wei - WEI-PC # Boot Mode : Normal # Running from : C:\Users\Wei\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\user.js File Deleted : C:\Users\Wei\AppData\Local\Temp\Uninstall.exe Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Wei\AppData\Local\Babylon Folder Deleted : C:\Users\Wei\AppData\Local\Temp\BabylonToolbar Folder Deleted : C:\Users\Wei\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\Wei\AppData\Roaming\Babylon ***** [Registry] ***** Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\BabylonToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\b Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\Software\Tarma Installer Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7600.16700 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=6cc32f7300000000000090fba6edbae1 --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?babsrc=NT_ss&affID=110482&mntrId=6cc32f7300000000000090fba6edbae1 --> hxxp://www.google.com -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Wei\AppData\Roaming\Mozilla\Firefox\Profiles\si0nzlfc.default\prefs.js C:\Users\Wei\AppData\Roaming\Mozilla\Firefox\Profiles\si0nzlfc.default\user.js ... Deleted ! Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110482"); Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "6cc32f7300000000000090fba6edbae1"); Deleted : user_pref("extensions.BabylonToolbar_i.id", "6cc32f7300000000000090fba6edbae1"); Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15394"); Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false); Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:52:19"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); -\\ Google Chrome v27.0.1453.110 File : C:\Users\Wei\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.23] : icon_url = "hxxp://www.babylon.com/favicon.ico", Deleted [l.26] : keyword = "babylon.com", Deleted [l.30] : search_url = "hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=110482&mntrId=6c[...] Deleted [l.1956] : homepage = "hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=6cc32f7300000000000090fb[...] Deleted [l.2456] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=6[...] ************************* AdwCleaner[R1].txt - [8475 octets] - [08/06/2013 10:55:53] AdwCleaner[R2].txt - [8535 octets] - [08/06/2013 11:27:59] AdwCleaner[s1].txt - [8617 octets] - [08/06/2013 11:28:09] ########## EOF - C:\AdwCleaner[s1].txt - [8677 octets] ##########

here # AdwCleaner v2.302 - Logfile created 06/08/2013 at 10:55:53 # Updated 06/06/2013 by Xplode # Operating system : Windows 7 Enterprise (32 bits) # User : Wei - WEI-PC # Boot Mode : Normal # Running from : C:\Users\Wei\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml File Found : C:\user.js File Found : C:\Users\Wei\AppData\Local\Temp\Uninstall.exe Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\Wei\AppData\Local\Babylon Folder Found : C:\Users\Wei\AppData\Local\Temp\BabylonToolbar Folder Found : C:\Users\Wei\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\Wei\AppData\Roaming\Babylon ***** [Registry] ***** Key Found : HKCU\Software\BabylonToolbar Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Softonic Key Found : HKLM\Software\Babylon Key Found : HKLM\Software\BabylonToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\b Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Found : HKLM\Software\Tarma Installer Key Found : HKU\S-1-5-21-1509593049-3746581815-257761438-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7600.16700 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=6cc32f7300000000000090fba6edbae1 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?babsrc=NT_ss&affID=110482&mntrId=6cc32f7300000000000090fba6edbae1 -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Wei\AppData\Roaming\Mozilla\Firefox\Profiles\si0nzlfc.default\prefs.js Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar_i.babExt", ""); Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110482"); Found : user_pref("extensions.BabylonToolbar_i.hardId", "6cc32f7300000000000090fba6edbae1"); Found : user_pref("extensions.BabylonToolbar_i.id", "6cc32f7300000000000090fba6edbae1"); Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15394"); Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar_i.newTab", false); Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:52:19"); Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); -\\ Google Chrome v27.0.1453.110 File : C:\Users\Wei\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.23] : icon_url = "hxxp://www.babylon.com/favicon.ico", Found [l.26] : keyword = "babylon.com", Found [l.30] : search_url = "hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=110482&mntrId=6cc32f7300000000000090fba6edbae1", Found [l.1956] : homepage = "hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=6cc32f7300000000000090fba6edbae1", Found [l.2456] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=6cc32f7300000000000090fba6edbae1" ] ************************* AdwCleaner[R1].txt - [8346 octets] - [08/06/2013 10:55:53] ########## EOF - C:\AdwCleaner[R1].txt - [8406 octets] ##########