Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Do I have anything from a keygen?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Do I have anything from a keygen?

Unread postby piehls » April 1st, 2015, 12:42 am

Sorry for the incorrect format last time. I've pasted the two reports from DDS below.

Here's the backstory and what I've done so far:
I was sent a program (or rather a plug-in) which came with the x-force keygen. I didn't know what this was until I opened it, after which I closed it and deleted it along with the plug-in that required a key; I didn't use it to generate a key. However I know these can come with viruses so I became pretty paranoid, here's what I did next:

1. Went to bleepingcomputer.com and this https://answers.yahoo.com/question/inde ... 616AAB5qCA yahoo answer for advice
2. Installed and ran sophos virus removal tool
3. Installed malwarebytes, SUPER antispyware (not in safe mode), and ran them in safe mode, however superanitspyware fails to update its content in both safe with network and regular mode
4. installed and ran CCleaner and avast (i'm was using 360 which is a Chinese anti-virus)

Malwarebytes, SUPER antispyware did find some generic malware and spyware (gen-morix, gen-bot and gen-startpage) which I removed. Avast found some trojans in win32, and ccleaner cleaned a load of random crap off.

Avast told me to do a boot up scan, which I did, and it turned up a few things:
Three autoIt-Banker-BGs
Two win32:PUP-gen
a win 32:patch-HO
and a few corrupted files (not sure if thats true though, a few were in steam games which sometimes set off my antivirus anyway)

Avast seems to be targetting CCleaner so some of these may be from that

In addition, I just installed IObit Uninstaller, but it's showing a few programs were installed today, which they weren't, and the majority of these are my banking programs, the one's sent by my bank. Not sure if that's something to worry about or just a false report, especially since my 360 program manager (Chinese) shows they were installed last year.

The visable problems I have experienced are after registering for an account at bleepingcomputer, I get a "you don't have permission to view this page" on every page of their website. I can't even log out or contact admin and no verification was sent to my email. In addition, Avast seems to be unable to connect to update and I get a similar error message when I try to access their forums. Guessing there's something blocking me.
Edit: It's gets weirder. I typed avast.com into my Chinese internet browser, and I got redirected to the bmw group website....




DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17689 BrowserJavaVersion: 10.71.2
Run by Administrator at 12:34:51 on 2015-04-01
Microsoft Windows 7 旗舰版 6.1.7601.1.936.86.2052.18.8157.5728 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: 360杀毒 *Disabled/Updated* {6F7A6B22-2309-7CD0-AF79-D11A4916C60C}
SP: 360安全卫士 *Disabled/Updated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe
C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files\CMBCHINA\WebProtect\WPService.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\nalserv.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\pcas.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\secbizsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\SysWOW64\svchost -k XLServicePlatform
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\ProgramData\alipay\Alipaybsm.exe
C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\aliwssv.exe
C:\Users\Administrator\AppData\Roaming\TaobaoProtect\TaobaoProtect.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
C:\Program Files (x86)\Astrill\astrill.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Astrill\ASProxy.exe
C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
C:\Users\Administrator\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
C:\Windows\system32\taskhost.exe
D:\Program Files (x86)\sogoupinyin\7.5.0.5276\SogouCloud.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
D:\Program Files (x86)\360\360safe\deepscan\zhudongfangyu.exe
D:\Program Files (x86)\sogoupinyin\7.5.0.5276\SogouSmartInfo.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\AVAST Software\Avast\setup\instup.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://hao.360.cn/?1004
uWindow Title = Windows Internet Explorer
mStart Page = hxxp://hao.360.cn/?1004
BHO: 360sdbho Class: {0F4BF955-A127-41B7-A998-369904AA2578} - D:\Program Files (x86)\360\360sd\360sdbho.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: WebProtect: {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} - C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SafeMon Class: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - D:\Program Files (x86)\360\360safe\safemon\safemon.dll
BHO: QQMiniDL Helper Class: {C9C7334B-5657-41e1-8F79-F6AACECA05F4} - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: AccountProtectBHO Class: {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} - C:\Users\Administrator\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll
BHO: 迅雷下载支持组件: {DE05CF4A-7B0A-4775-B5E5-396244938679} - D:\Program Files (x86)\Thunder\Thunder BHO Platform\np_tdieplat.dll
uRun: [360sd] "D:\Program Files (x86)\360\360sd\360sdrun.exe"
uRun: [ctfmon] C:\Windows\System32\ctfmon.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [360Safetray] "D:\Program Files (x86)\360\360safe\safemon\360Tray.exe" /start
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [CMB webProtect] C:\Program Files\CMBCHINA\WebProtect\WPService.exe /alone
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoSimpleNetIDList = dword:1
uPolicies-Explorer: QuickLaunchEnabled = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &使用&迅雷下载 - D:\Program Files (x86)\Thunder\BHO\\GetUrl.htm
IE: &使用&迅雷下载全部链接 - D:\Program Files (x86)\Thunder\BHO\\GetAllUrl.htm
IE: &使用&迅雷离线下载 - D:\Program Files (x86)\Thunder\BHO\OfflineDownload.htm
IE: 使用QQ下载助手下载 - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\xfgeturl.htm
IE: 发送至 OneNote(&N) - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: 导出到 Microsoft Excel(&X) - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\System32\ASProxy.dll
DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} - hxxps://site.cmbchina.com/download/CMBEdit.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: NameServer = 211.136.150.66 211.136.112.50
TCP: Interfaces\{FFD668D8-EDF3-4CE4-923A-254D4559CAB5} : DHCPNameServer = 211.136.150.66 211.136.112.50
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://hao.360.cn/?1004
x64-mLocal Page = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.cn362.com/
x64-BHO: 迅雷下载支持: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - D:\Program Files (x86)\Thunder\BHO\XunleiBHO647.10.11.112.dll
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: {20E1725C-7237-41A9-954A-04DCCB1FD16C} - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: SafeMon Class: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - D:\Program Files (x86)\360\360safe\safemon\safemon64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 162.212.59.2 astrill.com
Hosts: 162.212.59.2 http://www.astrill.com
Hosts: 162.212.59.2 members.astrill.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fje78wp0.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?gws_rd=ssl
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npalicdo.dll
FF - plugin: C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npalicdo64.dll
FF - plugin: C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npalidcp.dll
FF - plugin: C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npaliedit.dll
FF - plugin: C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAlipaydhc.dll
FF - plugin: C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAlipaydhc64.dll
FF - plugin: C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAliSecCtrl.dll
FF - plugin: C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAliSecCtrl64.dll
FF - plugin: C:\Program Files (x86)\AliWangWang\8.00.48C\npAliSSOLogin.dll
FF - plugin: C:\Program Files (x86)\AliWangWang\8.00.48C\npwangwang.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.3.15\Bin\npSSOAxCtrlForPTLogin.dll
FF - plugin: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(452).dll
FF - plugin: C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll
FF - plugin: C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll
FF - plugin: C:\Program Files (x86)\Windows Media Player\np-mswmp.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\Tencent\WebGamePlugin\1.0.3.2\npqqwebgame.dll
FF - plugin: C:\Windows\System32\itruscert\NPComBrg701.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: D:\Program Files (x86)\360\360safe\MobileMgr\np360MMPlugIn.dll
FF - plugin: D:\Program Files (x86)\360\360safe\Utils\npaxlogin.dll
FF - plugin: D:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: D:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
FF - plugin: d:\Program Files (x86)\SPDB Ebank Security\nppowerenter-spdb.dll
FF - plugin: D:\Program Files (x86)\Thunder\Data\npxunlei1.0.0.2.dll
FF - plugin: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-4-1 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-4-1 208416]
R1 360AntiHacker;360Safe Anti Hacker Service;C:\Windows\System32\drivers\360AntiHacker64.sys [2014-4-22 129608]
R1 360Box64;360Box mini-filter driver;C:\Windows\System32\drivers\360Box64.sys [2014-4-22 319048]
R1 360FsFlt;360FsFlt mini-filter driver;C:\Windows\System32\drivers\360fsflt.sys [2014-4-22 357960]
R1 360netmon;360netmon;C:\Windows\System32\drivers\360netmon.sys [2014-4-22 72776]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2015-4-1 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-4-1 423240]
R1 BAPIDRV;BAPIDRV;C:\Windows\System32\drivers\BAPIDRV64.SYS [2014-4-22 186440]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-5-24 283064]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-23 172344]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-4-1 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2015-4-1 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2015-4-1 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-4-1 50344]
R2 CMB8100;CMB8100;C:\Windows\SysWOW64\drivers\CertClient.dat [2014-7-12 10784]
R2 CMBProtector;CMBProtector;C:\Windows\SysWOW64\drivers\CMBProtector.dat [2014-7-12 12320]
R2 DeviceHealth;Microsoft Device Health Machine Service;C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe [2015-1-30 196760]
R2 DeviceHealthPluginMgr;Microsoft Device Health Manager Service;C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe [2015-1-30 244376]
R2 NalServ;Nalpeiron Control Service;C:\Windows\SysWOW64\nalserv.exe [2013-9-6 146032]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2013-9-6 70768]
R2 pcas;Alipay payment client security service;C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\pcas.exe [2015-3-23 592856]
R2 PECKbdProtector;PECKbdProtector;C:\Windows\System32\drivers\PECKP_x64.SYS [2014-4-29 53088]
R2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2014-11-1 183488]
R2 rzpmgrk;rzpmgrk;C:\Windows\System32\drivers\rzpmgrk.sys [2014-12-12 37184]
R2 rzpnk;rzpnk;C:\Windows\System32\drivers\rzpnk.sys [2014-12-12 129600]
R2 secbizsrv;Alipay security business service;C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\secbizsrv.exe [2015-3-23 594904]
R2 XLServicePlatform;XLServicePlatform;C:\Windows\System32\svchost -k XLServicePlatform --> C:\Windows\System32\svchost -k XLServicePlatform [?]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2014-8-13 96272]
R2 ZhuDongFangYu;主动防御;D:\Program Files (x86)\360\360safe\deepscan\ZhuDongFangYu.exe [2014-4-22 237384]
R3 360AvFlt;360AvFlt mini-filter driver;C:\Windows\System32\drivers\360AvFlt.sys [2014-4-22 77896]
R3 ASProxy;ASProxy;C:\Program Files (x86)\Astrill\ASProxy.exe [2014-8-29 2064416]
R3 asvpndrv;Astrill SSL VPN Adapter;C:\Windows\System32\drivers\asvpndrv.sys [2014-4-23 31744]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-4-22 872152]
R3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2014-5-19 33448]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-9-5 160424]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2014-9-5 31912]
R3 ScpVBus;Scp Virtual Bus Driver;C:\Windows\System32\drivers\ScpVBus.sys [2014-11-23 39168]
R3 VUSB3HUB;VIA USB 3 Root Hub Service;C:\Windows\System32\drivers\ViaHub3.sys [2014-4-22 223744]
R3 xhcdrv;VIA USB eXtensible Host Controller Service;C:\Windows\System32\drivers\xhcdrv.sys [2014-4-22 295424]
S2 360rp;360 杀毒实时防护加载服务;D:\Program Files (x86)\360\360sd\360rps.exe [2014-4-22 321096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-3-31 1871160]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-3-31 1080120]
S3 360Camera;360Safe Camera Filter Service;C:\Windows\System32\drivers\360Camera64.sys [2014-4-22 40520]
S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2010-5-10 232464]
S3 ASOVPNHelper;Astrill OpenVPN Service;C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [2014-8-29 434024]
S3 BaiduYunUtility;BaiduYunUtility;C:\Users\Administrator\AppData\Roaming\baidu\BaiduYunGuanjia\YunUtilityService.exe [2015-3-12 90392]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-4-22 814464]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-4-3 103064]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-3-11 114688]
S3 ImeDictUpdateService;Microsoft IME Dictionary Update;C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 83312]
S3 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-4-1 2635552]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-3-31 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-3-31 63704]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2014-11-23 115272]
S3 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2010-5-10 179752]
S3 PDFCloudSer;PDF阅读器云数据同步;C:\Program Files (x86)\JPDFCloudSer\JPDFCloudSer.exe [2014-6-29 310888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-3-11 20992]
S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 SogouUpdate;SogouUpdate;D:\Program Files (x86)\sogoupinyin\7.5.0.5276\SogouUpdate.exe [2015-2-11 369768]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-4-3 203672]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2015-3-28 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-24 59392]
S3 WatAdminSvc;Windows 激活技术服务;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-22 1255736]
S4 360Hvm;360Safe HVM;C:\Windows\System32\drivers\360Hvm64.sys [2014-4-22 181320]
.
=============== File Associations ===============
.
FileExt: .txt: ynotetxt - HKCR\*\Shell=WScript.exe C:\Windows\hidefile.vbs [default=HideFile - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2015-04-01 04:10:46 -------- d-----w- C:\ProgramData\IObit
2015-04-01 04:10:42 -------- d-----w- C:\ProgramData\ProductData
2015-04-01 04:10:34 -------- d-----w- C:\Program Files (x86)\IObit
2015-04-01 04:10:28 -------- d-----w- C:\Users\Administrator\AppData\Roaming\IObit
2015-04-01 03:57:12 -------- d-sh--w- C:\$RECYCLE.BIN
2015-04-01 01:41:31 -------- d-----w- C:\Program Files\CCleaner
2015-04-01 01:40:58 -------- d-----w- C:\Users\Administrator\AppData\Roaming\AVAST Software
2015-04-01 01:40:10 85328 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-04-01 01:40:09 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-04-01 01:40:07 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2015-04-01 01:40:05 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-04-01 01:40:04 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-04-01 01:40:03 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-04-01 01:39:58 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-04-01 01:39:47 43152 ----a-w- C:\Windows\avastSS.scr
2015-04-01 01:39:34 -------- d-----w- C:\Program Files\AVAST Software
2015-04-01 01:37:33 423240 ----a-w- C:\Windows\System32\drivers\ayxbjttf.sys
2015-04-01 00:37:39 -------- d-----w- C:\ProgramData\AVAST Software
2015-03-31 23:56:39 -------- d-----w- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2015-03-31 23:56:23 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2015-03-31 23:56:23 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2015-03-31 23:23:40 -------- d-----w- C:\Program Files (x86)\CheckPoint
2015-03-31 23:23:30 -------- d-----w- C:\ProgramData\CheckPoint
2015-03-31 22:25:17 12002392 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{453F842B-D990-4867-872F-8AD748346CD6}\mpengine.dll
2015-03-31 15:29:56 -------- d-----w- C:\ProgramData\Sophos
2015-03-31 15:29:27 -------- d-----w- C:\Program Files (x86)\Sophos
2015-03-31 15:13:23 -------- d-----w- C:\Windows\LastGood.Tmp
2015-03-31 13:53:03 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-03-31 13:52:41 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-03-31 13:52:41 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-03-31 13:52:41 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-03-31 13:52:41 -------- d-----w- C:\ProgramData\Malwarebytes
2015-03-31 13:52:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-31 13:29:06 -------- d-----w- C:\Users\Administrator\AppData\Local\Nik Software
2015-03-30 11:14:00 -------- d-----w- C:\Users\Administrator\AppData\Roaming\BaiduYunKernel
2015-03-30 11:13:54 -------- d-----w- C:\Users\Administrator\AppData\Roaming\BaiduYunGuanjia
2015-03-30 11:13:51 -------- d-----w- C:\Users\Administrator\AppData\Roaming\baidu
2015-03-28 16:01:23 -------- d-----w- C:\Users\Administrator\AppData\Local\RawTherapee4.2
2015-03-28 16:01:14 -------- d-----w- C:\Program Files\RawTherapee-4.2.74
2015-03-19 08:52:32 -------- d-----w- C:\ProgramData\BlueStacksSetup
2015-03-15 10:26:10 -------- d-----w- C:\ProgramData\.mono
2015-03-15 10:26:08 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Colossal Order
2015-03-15 10:26:08 -------- d-----w- C:\Users\Administrator\AppData\Local\Colossal Order
2015-03-11 01:23:30 20992 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2015-03-11 01:23:30 162816 ----a-w- C:\Windows\System32\rdpudd.dll
2015-03-11 01:23:30 1113088 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-03-11 01:10:30 3204096 ----a-w- C:\Windows\System32\win32k.sys
2015-03-11 00:56:42 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
2015-03-11 00:56:42 1067520 ----a-w- C:\Windows\System32\msctf.dll
2015-03-11 00:46:21 1424896 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-03-11 00:46:21 1230848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-03-11 00:44:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-03-11 00:44:43 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2015-03-11 00:39:36 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-03-11 00:39:36 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-03-11 00:39:36 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-03-11 00:39:36 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-03-11 00:39:36 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-03-11 00:39:36 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-03-11 00:39:36 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-03-11 00:39:36 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-03-11 00:39:36 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-03-11 00:39:36 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-03-11 00:35:36 171520 ----a-w- C:\Windows\SysWow64\ubpm.dll
2015-03-11 00:35:35 215552 ----a-w- C:\Windows\System32\ubpm.dll
2015-03-03 08:43:00 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Petroglyph
.
==================== Find3M ====================
.
2015-03-16 11:06:00 357960 ----a-w- C:\Windows\System32\drivers\360fsflt.sys
2015-03-13 14:46:06 778928 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-03-13 14:46:06 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-06 05:56:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-03-06 05:42:36 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-03-06 05:42:35 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-03-06 05:42:35 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-03-06 05:42:33 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-03-06 05:42:33 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-03-06 05:42:29 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-03-06 05:42:29 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-03-06 05:42:27 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-03-06 05:42:27 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-03-06 05:42:20 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-03-06 05:41:46 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-03-06 05:41:31 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-03-06 05:39:16 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-03-06 05:38:57 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-03-06 05:36:56 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-03-06 05:10:34 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:10:30 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-03-06 05:10:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-03-06 05:10:22 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:10:11 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-03-06 05:09:31 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:09:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:07:50 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:07:43 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-03-06 05:06:20 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-02-23 20:17:24 295552 ------w- C:\Windows\System32\MpSigStub.exe
2015-02-20 03:06:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-02-20 03:05:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-02-20 02:50:14 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-02-20 02:49:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-02-20 02:49:19 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-02-20 02:47:56 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-02-20 02:35:17 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-02-20 02:35:05 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-02-20 02:34:24 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-02-20 02:32:34 6035456 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-20 02:26:12 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-02-20 02:22:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-02-20 02:13:57 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-02-20 02:09:08 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-02-20 02:08:59 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-02-20 02:08:13 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06:44 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-02-20 01:56:54 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-02-20 01:56:07 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-02-20 01:47:06 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-02-20 01:46:45 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-02-20 01:41:52 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30:39 4300288 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-20 01:28:25 2358784 ----a-w- C:\Windows\System32\wininet.dll
2015-02-20 01:24:21 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-02-20 01:23:19 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:01:25 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-02-17 07:26:28 1217184 ----a-w- C:\Windows\SysWow64\FM20.DLL
2015-02-13 07:30:36 186440 ----a-w- C:\Windows\System32\drivers\BAPIDRV64.SYS
2015-02-11 11:22:52 8280168 ----a-w- C:\Windows\System32\SogouPY.ime
2015-02-11 11:22:52 4865128 ----a-w- C:\Windows\SysWow64\SogouPY.ime
2015-02-09 15:00:12 0 ----a-w- C:\Windows\SysWow64\nsa9CCF.tmp
2015-02-09 15:00:12 0 ----a-w- C:\Windows\System32\nsq9D7C.tmp
2015-02-03 03:34:39 693176 ----a-w- C:\Windows\System32\winload.efi
2015-02-03 03:34:38 5554104 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-03 03:34:36 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-02-03 03:33:29 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-02-03 03:30:58 631808 ----a-w- C:\Windows\System32\evr.dll
2015-02-03 03:29:19 8704 ----a-w- C:\Windows\System32\pcaevts.dll
2015-02-03 03:28:49 2048 ----a-w- C:\Windows\System32\mferror.dll
2015-02-03 03:28:14 6656 ----a-w- C:\Windows\System32\apisetschema.dll
2015-02-03 03:19:12 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
2015-02-03 03:16:31 3973048 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16:31 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-03 03:11:55 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2015-02-03 03:11:18 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2015-02-03 03:09:03 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2015-02-03 03:08:07 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2015-02-03 02:32:25 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2015-01-30 23:56:51 459336 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-27 09:32:14 319048 ----a-w- C:\Windows\System32\drivers\360Box64.sys
2015-01-24 11:36:46 129608 ----a-w- C:\Windows\System32\drivers\360AntiHacker64.sys
2015-01-24 09:21:09 0 ----a-w- C:\Windows\SysWow64\nseEC77.tmp
2015-01-24 09:21:09 0 ----a-w- C:\Windows\System32\nskECE6.tmp
2015-01-09 03:14:27 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-01-09 03:14:19 950272 ----a-w- C:\Windows\System32\perftrack.dll
2015-01-09 03:14:19 29696 ----a-w- C:\Windows\System32\powertracker.dll
2015-01-09 02:48:18 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
2015-01-07 03:15:20 104896 ----a-w- C:\Windows\System32\drivers\mup.sys
2015-01-07 03:10:04 782848 ----a-w- C:\Windows\System32\gpsvc.dll
2015-01-07 02:44:14 79872 ----a-w- C:\Windows\SysWow64\gpapi.dll
2015-01-07 01:49:44 310272 ----a-w- C:\Windows\System32\drivers\rdbss.sys
2015-01-07 01:49:32 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-01-07 01:48:48 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 12:35:55.51 ===============


Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 旗舰版
Boot Device: \Device\HarddiskVolume1
Install Date: 2014/4/22 17:01:54
System Uptime: 2015/4/1 10:24:31 (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | 970A-DS3P
Processor: AMD FX(tm)-6300 Six-Core Processor | CPU 1 | 3500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 45.246 GiB free.
D: is FIXED (NTFS) - 278 GiB total, 103.203 GiB free.
E: is FIXED (NTFS) - 277 GiB total, 275.435 GiB free.
F: is FIXED (NTFS) - 276 GiB total, 274.898 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\NET\0000
Manufacturer:
Name:
PNP Device ID: ROOT\NET\0000
Service:
.
==== System Restore Points ===================
.
RP3: 2015/4/1 9:39:03 - avast! antivirus system restore point
.
==== Installed Programs ======================
.
360安全浏览器7
360安全卫士
360驱动大师
360杀毒
360云盘
Adobe AIR
Adobe Flash Player 16 NPAPI
Adobe Flash Player 17 ActiveX
Adobe Help Manager
Adobe Reader XI (11.0.10) - Chinese Simplified
Astrill
avast! Free Antivirus
Battle.net
CCleaner
Cities: Skylines
DayZ
Definition Update for Microsoft Office 2010 (KB2956207) 32-Bit Edition
Far Cry 4
Grey Goo
Insurgency
IObit Uninstaller
Java 7 Update 71
Java Auto Updater
Malwarebytes Anti-Malware version 2.1.4.1018
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (CHS)
Microsoft .NET Framework 4.5.1 (简体中文)
Microsoft Mouse and Keyboard Center
Microsoft Office Access MUI (Chinese (Simplified)) 2010
Microsoft Office Excel MUI (Chinese (Simplified)) 2010
Microsoft Office Home and Student 2010
Microsoft Office IME (Chinese (Simplified)) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Chinese (Simplified)) 2010
Microsoft Office Outlook MUI (Chinese (Simplified)) 2010
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2010
Microsoft Office Proof (Chinese (Simplified)) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proofing (Chinese (Simplified)) 2010
Microsoft Office Publisher MUI (Chinese (Simplified)) 2010
Microsoft Office Shared 64-bit MUI (Chinese (Simplified)) 2010
Microsoft Office Shared MUI (Chinese (Simplified)) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (Chinese (Simplified)) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - CHS
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)语言包 - 简体中文
Microsoft WSE 2.0 SP3 Runtime
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MotioninJoy Gamepad tool 0.7.0000
Mozilla Firefox 36.0.4 (x86 zh-CN)
Mozilla Maintenance Service
NVIDIA Install Application
NVIDIA PhysX
NVIDIA 控制面板 327.23
Open XML SDK 2.0 for Microsoft Office
OpenAL
PAYDAY 2
RawTherapee version 4.2
Razer Synapse 2.0
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
SDL MultiTerm 2014 - Remove suite of products
SDL MultiTerm 2014 Convert
SDL MultiTerm 2014 Core
SDL MultiTerm 2014 Desktop
SDL MultiTerm 2014 Word Integration
SDL Passolo Essential 2011 SP6
SDL Trados 2011 SP2 - Remove suite of products
SDL Trados 2014 - Remove suite of products
SDL Trados Legacy Compatibility Module for Studio 2014
SDL Trados Studio 2011 SP2
SDL Trados Studio 2014
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2956142) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2883100) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2889839) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2956073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2956076) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2920812) 32-Bit Edition
Security Update for Microsoft Visual Basic for Applications 6.5 (KB2688865)
Security Update for Microsoft Word 2010 (KB2956139) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype? 7.1
Sophos Virus Removal Tool
Star Wars: Empire at War Gold
Steam
SUPERAntiSpyware
The Forest
The Long Dark
TQ 1.13.8.282
Unity Web Player
Update for Microsoft Access 2010 (KB2837601) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office (KB2879953)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837582) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2920813) 32-Bit Edition
Update for Microsoft Office 2010 (KB2956141) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2956128) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2956203) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2878283) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Uplay
VLC media player
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (dg_ssudbus) USB (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (ssuddmgr) Ports (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (ssudeadb) USB (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (ssudmdm) Modem (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (ssudnd5) Net (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (ssudobex) Ports (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (ssudserd) Ports (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (WinUSB) AndroidUsbDeviceClass (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (WinUSB) USB (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. Net (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. WPD (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (ssudrmnet) USB (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (ssudrmnetmp) Net (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (WinUSB) USB (03/25/2013 2.9.508.0)
WinRAR 5.01 (64-位)
WinRAR 压缩文件管理器
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm Security
阿里旺旺2014Beta1
百度云管家
极速PDF阅读器 1.8
鲁大师
上海浦东发展银行网上银行安全控件 v4.0
上海浦东发展银行网上银行安全控件 v5.0
搜狗拼音输入法 7.5正式版
腾讯QQ
微软设备健康助手
迅雷极速版
有道词典
招行专业版
招商银行一网通网盾
支付宝安全控件 5.3.0.3807
.
==== End Of File ===========================


The programs at the bottom are Chinese, a couple from my bank. Nothing I didn't install from the looks of things. The 360 ones at the top are the Chinese anti-virus and web browser I use, but i have avaste installed as well now and those disabled.

Again, any help would be greatly appreciated :(
piehls
Active Member
 
Posts: 4
Joined: March 31st, 2015, 10:02 pm
Advertisement
Register to Remove

Re: Do I have anything from a keygen?

Unread postby pgmigg » April 2nd, 2015, 12:21 pm

Hello piehls,

Welcome to the forum! :)

I am pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3184
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Do I have anything from a keygen?

Unread postby pgmigg » April 2nd, 2015, 1:31 pm

Hello piehls,

Step 1.
Run CKScanner
  1. Please download CKScanner from here
  2. Important: - Save it to your Desktop.
  3. Double-click CKScanner.exe and click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Step 3.
MGA Diagnostics
I need you to run a tool which will aid in determining what additional steps we'll need to perform.
  1. Please download this tool from Microsoft and save it to your Desktop.
  2. Right click on MGADiag.exe and select Run As Administrator to run it.
  3. Click "Run" again and then click "Continue".
  4. The program will run. It takes a while to finish the diagnosis, please be patient.
  5. Once done, click on Copy.
  6. Open Notepad and paste the contents in. Save this file and post it in your next reply.

Then:
Please tell me is this computer used for business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of CKFiles.txt log file
  3. Contents of a log created by codecheck.txt
  4. Contents of a log created by MGADiag.exe
  5. Answers to my question related to type of using of your computer

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3184
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Do I have anything from a keygen?

Unread postby piehls » April 3rd, 2015, 2:40 am

Well this is embarrassing....
I assumed I wouldn't get a reply and went on my merry way. I installed another program and after it failed to update, posted on their support page. I got a reply and followed the steps they gave a few hours ago. Not sure what to do now. Wish I'd waited a bit longer...

Should I just format and reinstall windows?
piehls
Active Member
 
Posts: 4
Joined: March 31st, 2015, 10:02 pm

Re: Do I have anything from a keygen?

Unread postby pgmigg » April 3rd, 2015, 10:07 am

Hello piehls,

Well this is embarrassing....
I assumed I wouldn't get a reply and went on my merry way. I installed another program and after it failed to update, posted on their support page. I got a reply and followed the steps they gave a few hours ago. Not sure what to do now. Wish I'd waited a bit longer...
Firstly, let me draw your attention to the paragraphs 3,4, and 5 from my Welcome post - especially to the number 5!.

Then, I would like to say a couple of words about malware removal in general.

This process is most similar to the treatment of the person - before the doctor starts to prescribe medication or procedure, he diagnoses - conducts tests, scans sick parts of the body, and so on. Then, he analyzes the results and based on his own and colleagues experience and the data from research he determines the disease and its treatment.
The same thing is happening here on the forum...

It is your right to accept or not to accept the help that is offered to you here. If you accept it - please fulfill all what I asked in a previous post. If not - this topic will be closed.

Should I just format and reinstall windows?
To answer this question it is necessary to diagnose...
Returning to the comparison with the treatment of a person, your question is similar to the situation in which the patient is asked by phone the doctor who had never seen him, whether to replace the knee joint, if a little knee aches... :D

Please let me know your decision about getting or not the help here.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3184
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Do I have anything from a keygen?

Unread postby piehls » April 3rd, 2015, 11:31 am

Thanks again for the reply. I think I'm just going to format. After installing all these things, my pc seems to be running terribly now. It's gone from no visible problems to terrible lag. Thank you though.
piehls
Active Member
 
Posts: 4
Joined: March 31st, 2015, 10:02 pm

Re: Do I have anything from a keygen?

Unread postby Cypher » April 3rd, 2015, 12:58 pm

As your problems appear to require a reformat, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 35 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware