Here's the backstory and what I've done so far:
I was sent a program (or rather a plug-in) which came with the x-force keygen. I didn't know what this was until I opened it, after which I closed it and deleted it along with the plug-in that required a key; I didn't use it to generate a key. However I know these can come with viruses so I became pretty paranoid, here's what I did next:
1. Went to bleepingcomputer.com and this https://answers.yahoo.com/question/inde ... 616AAB5qCA yahoo answer for advice
2. Installed and ran sophos virus removal tool
3. Installed malwarebytes, SUPER antispyware (not in safe mode), and ran them in safe mode, however superanitspyware fails to update its content in both safe with network and regular mode
4. installed and ran CCleaner and avast (i'm was using 360 which is a Chinese anti-virus)
Malwarebytes, SUPER antispyware did find some generic malware and spyware (gen-morix, gen-bot and gen-startpage) which I removed. Avast found some trojans in win32, and ccleaner cleaned a load of random crap off.
Avast told me to do a boot up scan, which I did, and it turned up a few things:
Three autoIt-Banker-BGs
Two win32:PUP-gen
a win 32:patch-HO
and a few corrupted files (not sure if thats true though, a few were in steam games which sometimes set off my antivirus anyway)
Avast seems to be targetting CCleaner so some of these may be from that
In addition, I just installed IObit Uninstaller, but it's showing a few programs were installed today, which they weren't, and the majority of these are my banking programs, the one's sent by my bank. Not sure if that's something to worry about or just a false report, especially since my 360 program manager (Chinese) shows they were installed last year.
The visable problems I have experienced are after registering for an account at bleepingcomputer, I get a "you don't have permission to view this page" on every page of their website. I can't even log out or contact admin and no verification was sent to my email. In addition, Avast seems to be unable to connect to update and I get a similar error message when I try to access their forums. Guessing there's something blocking me.
Edit: It's gets weirder. I typed avast.com into my Chinese internet browser, and I got redirected to the bmw group website....
DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17689 BrowserJavaVersion: 10.71.2
Run by Administrator at 12:34:51 on 2015-04-01
Microsoft Windows 7 旗舰版 6.1.7601.1.936.86.2052.18.8157.5728 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: 360杀毒 *Disabled/Updated* {6F7A6B22-2309-7CD0-AF79-D11A4916C60C}
SP: 360安全卫士 *Disabled/Updated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe
C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files\CMBCHINA\WebProtect\WPService.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\nalserv.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\pcas.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\secbizsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\SysWOW64\svchost -k XLServicePlatform
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\ProgramData\alipay\Alipaybsm.exe
C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\aliwssv.exe
C:\Users\Administrator\AppData\Roaming\TaobaoProtect\TaobaoProtect.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
C:\Program Files (x86)\Astrill\astrill.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Astrill\ASProxy.exe
C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
C:\Users\Administrator\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
C:\Windows\system32\taskhost.exe
D:\Program Files (x86)\sogoupinyin\7.5.0.5276\SogouCloud.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
D:\Program Files (x86)\360\360safe\deepscan\zhudongfangyu.exe
D:\Program Files (x86)\sogoupinyin\7.5.0.5276\SogouSmartInfo.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\AVAST Software\Avast\setup\instup.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://hao.360.cn/?1004
uWindow Title = Windows Internet Explorer
mStart Page = hxxp://hao.360.cn/?1004
BHO: 360sdbho Class: {0F4BF955-A127-41B7-A998-369904AA2578} - D:\Program Files (x86)\360\360sd\360sdbho.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: WebProtect: {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} - C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: SafeMon Class: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - D:\Program Files (x86)\360\360safe\safemon\safemon.dll
BHO: QQMiniDL Helper Class: {C9C7334B-5657-41e1-8F79-F6AACECA05F4} - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: AccountProtectBHO Class: {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} - C:\Users\Administrator\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll
BHO: 迅雷下载支持组件: {DE05CF4A-7B0A-4775-B5E5-396244938679} - D:\Program Files (x86)\Thunder\Thunder BHO Platform\np_tdieplat.dll
uRun: [360sd] "D:\Program Files (x86)\360\360sd\360sdrun.exe"
uRun: [ctfmon] C:\Windows\System32\ctfmon.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [360Safetray] "D:\Program Files (x86)\360\360safe\safemon\360Tray.exe" /start
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [CMB webProtect] C:\Program Files\CMBCHINA\WebProtect\WPService.exe /alone
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoSimpleNetIDList = dword:1
uPolicies-Explorer: QuickLaunchEnabled = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &使用&迅雷下载 - D:\Program Files (x86)\Thunder\BHO\\GetUrl.htm
IE: &使用&迅雷下载全部链接 - D:\Program Files (x86)\Thunder\BHO\\GetAllUrl.htm
IE: &使用&迅雷离线下载 - D:\Program Files (x86)\Thunder\BHO\OfflineDownload.htm
IE: 使用QQ下载助手下载 - C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\xfgeturl.htm
IE: 发送至 OneNote(&N) - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: 导出到 Microsoft Excel(&X) - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\System32\ASProxy.dll
DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} - hxxps://site.cmbchina.com/download/CMBEdit.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: NameServer = 211.136.150.66 211.136.112.50
TCP: Interfaces\{FFD668D8-EDF3-4CE4-923A-254D4559CAB5} : DHCPNameServer = 211.136.150.66 211.136.112.50
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://hao.360.cn/?1004
x64-mLocal Page = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.cn362.com/
x64-BHO: 迅雷下载支持: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - D:\Program Files (x86)\Thunder\BHO\XunleiBHO647.10.11.112.dll
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: {20E1725C-7237-41A9-954A-04DCCB1FD16C} - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: SafeMon Class: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - D:\Program Files (x86)\360\360safe\safemon\safemon64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 162.212.59.2 astrill.com
Hosts: 162.212.59.2 http://www.astrill.com
Hosts: 162.212.59.2 members.astrill.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fje78wp0.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?gws_rd=ssl
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npalicdo.dll
FF - plugin: C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npalicdo64.dll
FF - plugin: C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npalidcp.dll
FF - plugin: C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npaliedit.dll
FF - plugin: C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAlipaydhc.dll
FF - plugin: C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAlipaydhc64.dll
FF - plugin: C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAliSecCtrl.dll
FF - plugin: C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\npAliSecCtrl64.dll
FF - plugin: C:\Program Files (x86)\AliWangWang\8.00.48C\npAliSSOLogin.dll
FF - plugin: C:\Program Files (x86)\AliWangWang\8.00.48C\npwangwang.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.3.15\Bin\npSSOAxCtrlForPTLogin.dll
FF - plugin: C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(452).dll
FF - plugin: C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll
FF - plugin: C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll
FF - plugin: C:\Program Files (x86)\Windows Media Player\np-mswmp.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\Tencent\WebGamePlugin\1.0.3.2\npqqwebgame.dll
FF - plugin: C:\Windows\System32\itruscert\NPComBrg701.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: D:\Program Files (x86)\360\360safe\MobileMgr\np360MMPlugIn.dll
FF - plugin: D:\Program Files (x86)\360\360safe\Utils\npaxlogin.dll
FF - plugin: D:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: D:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
FF - plugin: d:\Program Files (x86)\SPDB Ebank Security\nppowerenter-spdb.dll
FF - plugin: D:\Program Files (x86)\Thunder\Data\npxunlei1.0.0.2.dll
FF - plugin: d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-4-1 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-4-1 208416]
R1 360AntiHacker;360Safe Anti Hacker Service;C:\Windows\System32\drivers\360AntiHacker64.sys [2014-4-22 129608]
R1 360Box64;360Box mini-filter driver;C:\Windows\System32\drivers\360Box64.sys [2014-4-22 319048]
R1 360FsFlt;360FsFlt mini-filter driver;C:\Windows\System32\drivers\360fsflt.sys [2014-4-22 357960]
R1 360netmon;360netmon;C:\Windows\System32\drivers\360netmon.sys [2014-4-22 72776]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2015-4-1 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-4-1 423240]
R1 BAPIDRV;BAPIDRV;C:\Windows\System32\drivers\BAPIDRV64.SYS [2014-4-22 186440]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-5-24 283064]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-23 172344]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-4-1 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2015-4-1 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2015-4-1 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-4-1 50344]
R2 CMB8100;CMB8100;C:\Windows\SysWOW64\drivers\CertClient.dat [2014-7-12 10784]
R2 CMBProtector;CMBProtector;C:\Windows\SysWOW64\drivers\CMBProtector.dat [2014-7-12 12320]
R2 DeviceHealth;Microsoft Device Health Machine Service;C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe [2015-1-30 196760]
R2 DeviceHealthPluginMgr;Microsoft Device Health Manager Service;C:\Program Files (x86)\Microsoft Device Health\PluginManager\DhPluginMgr.exe [2015-1-30 244376]
R2 NalServ;Nalpeiron Control Service;C:\Windows\SysWOW64\nalserv.exe [2013-9-6 146032]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2013-9-6 70768]
R2 pcas;Alipay payment client security service;C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\pcas.exe [2015-3-23 592856]
R2 PECKbdProtector;PECKbdProtector;C:\Windows\System32\drivers\PECKP_x64.SYS [2014-4-29 53088]
R2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2014-11-1 183488]
R2 rzpmgrk;rzpmgrk;C:\Windows\System32\drivers\rzpmgrk.sys [2014-12-12 37184]
R2 rzpnk;rzpnk;C:\Windows\System32\drivers\rzpnk.sys [2014-12-12 129600]
R2 secbizsrv;Alipay security business service;C:\Program Files (x86)\alipay\aliedit\5.3.0.3807\secbizsrv.exe [2015-3-23 594904]
R2 XLServicePlatform;XLServicePlatform;C:\Windows\System32\svchost -k XLServicePlatform --> C:\Windows\System32\svchost -k XLServicePlatform [?]
R2 ZAPrivacyService;ZoneAlarm Privacy Service;C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [2014-8-13 96272]
R2 ZhuDongFangYu;主动防御;D:\Program Files (x86)\360\360safe\deepscan\ZhuDongFangYu.exe [2014-4-22 237384]
R3 360AvFlt;360AvFlt mini-filter driver;C:\Windows\System32\drivers\360AvFlt.sys [2014-4-22 77896]
R3 ASProxy;ASProxy;C:\Program Files (x86)\Astrill\ASProxy.exe [2014-8-29 2064416]
R3 asvpndrv;Astrill SSL VPN Adapter;C:\Windows\System32\drivers\asvpndrv.sys [2014-4-23 31744]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-4-22 872152]
R3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2014-5-19 33448]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2014-9-5 160424]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2014-9-5 31912]
R3 ScpVBus;Scp Virtual Bus Driver;C:\Windows\System32\drivers\ScpVBus.sys [2014-11-23 39168]
R3 VUSB3HUB;VIA USB 3 Root Hub Service;C:\Windows\System32\drivers\ViaHub3.sys [2014-4-22 223744]
R3 xhcdrv;VIA USB eXtensible Host Controller Service;C:\Windows\System32\drivers\xhcdrv.sys [2014-4-22 295424]
S2 360rp;360 杀毒实时防护加载服务;D:\Program Files (x86)\360\360sd\360rps.exe [2014-4-22 321096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-3-31 1871160]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-3-31 1080120]
S3 360Camera;360Safe Camera Filter Service;C:\Windows\System32\drivers\360Camera64.sys [2014-4-22 40520]
S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2010-5-10 232464]
S3 ASOVPNHelper;Astrill OpenVPN Service;C:\Program Files (x86)\Astrill\ASOvpnSvc.exe [2014-8-29 434024]
S3 BaiduYunUtility;BaiduYunUtility;C:\Users\Administrator\AppData\Roaming\baidu\BaiduYunGuanjia\YunUtilityService.exe [2015-3-12 90392]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-4-22 814464]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-4-3 103064]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-3-11 114688]
S3 ImeDictUpdateService;Microsoft IME Dictionary Update;C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 83312]
S3 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2015-4-1 2635552]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-3-31 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-3-31 63704]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2014-11-23 115272]
S3 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2010-5-10 179752]
S3 PDFCloudSer;PDF阅读器云数据同步;C:\Program Files (x86)\JPDFCloudSer\JPDFCloudSer.exe [2014-6-29 310888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-3-11 20992]
S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 SogouUpdate;SogouUpdate;D:\Program Files (x86)\sogoupinyin\7.5.0.5276\SogouUpdate.exe [2015-2-11 369768]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-4-3 203672]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2015-3-28 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-24 59392]
S3 WatAdminSvc;Windows 激活技术服务;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-22 1255736]
S4 360Hvm;360Safe HVM;C:\Windows\System32\drivers\360Hvm64.sys [2014-4-22 181320]
.
=============== File Associations ===============
.
FileExt: .txt: ynotetxt - HKCR\*\Shell=WScript.exe C:\Windows\hidefile.vbs [default=HideFile - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2015-04-01 04:10:46 -------- d-----w- C:\ProgramData\IObit
2015-04-01 04:10:42 -------- d-----w- C:\ProgramData\ProductData
2015-04-01 04:10:34 -------- d-----w- C:\Program Files (x86)\IObit
2015-04-01 04:10:28 -------- d-----w- C:\Users\Administrator\AppData\Roaming\IObit
2015-04-01 03:57:12 -------- d-sh--w- C:\$RECYCLE.BIN
2015-04-01 01:41:31 -------- d-----w- C:\Program Files\CCleaner
2015-04-01 01:40:58 -------- d-----w- C:\Users\Administrator\AppData\Roaming\AVAST Software
2015-04-01 01:40:10 85328 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2015-04-01 01:40:09 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2015-04-01 01:40:07 1039096 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2015-04-01 01:40:05 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2015-04-01 01:40:04 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2015-04-01 01:40:03 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2015-04-01 01:39:58 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2015-04-01 01:39:47 43152 ----a-w- C:\Windows\avastSS.scr
2015-04-01 01:39:34 -------- d-----w- C:\Program Files\AVAST Software
2015-04-01 01:37:33 423240 ----a-w- C:\Windows\System32\drivers\ayxbjttf.sys
2015-04-01 00:37:39 -------- d-----w- C:\ProgramData\AVAST Software
2015-03-31 23:56:39 -------- d-----w- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2015-03-31 23:56:23 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2015-03-31 23:56:23 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2015-03-31 23:23:40 -------- d-----w- C:\Program Files (x86)\CheckPoint
2015-03-31 23:23:30 -------- d-----w- C:\ProgramData\CheckPoint
2015-03-31 22:25:17 12002392 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{453F842B-D990-4867-872F-8AD748346CD6}\mpengine.dll
2015-03-31 15:29:56 -------- d-----w- C:\ProgramData\Sophos
2015-03-31 15:29:27 -------- d-----w- C:\Program Files (x86)\Sophos
2015-03-31 15:13:23 -------- d-----w- C:\Windows\LastGood.Tmp
2015-03-31 13:53:03 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-03-31 13:52:41 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-03-31 13:52:41 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-03-31 13:52:41 107736 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-03-31 13:52:41 -------- d-----w- C:\ProgramData\Malwarebytes
2015-03-31 13:52:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-31 13:29:06 -------- d-----w- C:\Users\Administrator\AppData\Local\Nik Software
2015-03-30 11:14:00 -------- d-----w- C:\Users\Administrator\AppData\Roaming\BaiduYunKernel
2015-03-30 11:13:54 -------- d-----w- C:\Users\Administrator\AppData\Roaming\BaiduYunGuanjia
2015-03-30 11:13:51 -------- d-----w- C:\Users\Administrator\AppData\Roaming\baidu
2015-03-28 16:01:23 -------- d-----w- C:\Users\Administrator\AppData\Local\RawTherapee4.2
2015-03-28 16:01:14 -------- d-----w- C:\Program Files\RawTherapee-4.2.74
2015-03-19 08:52:32 -------- d-----w- C:\ProgramData\BlueStacksSetup
2015-03-15 10:26:10 -------- d-----w- C:\ProgramData\.mono
2015-03-15 10:26:08 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Colossal Order
2015-03-15 10:26:08 -------- d-----w- C:\Users\Administrator\AppData\Local\Colossal Order
2015-03-11 01:23:30 20992 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2015-03-11 01:23:30 162816 ----a-w- C:\Windows\System32\rdpudd.dll
2015-03-11 01:23:30 1113088 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-03-11 01:10:30 3204096 ----a-w- C:\Windows\System32\win32k.sys
2015-03-11 00:56:42 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
2015-03-11 00:56:42 1067520 ----a-w- C:\Windows\System32\msctf.dll
2015-03-11 00:46:21 1424896 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-03-11 00:46:21 1230848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-03-11 00:44:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-03-11 00:44:43 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2015-03-11 00:39:36 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-03-11 00:39:36 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-03-11 00:39:36 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-03-11 00:39:36 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-03-11 00:39:36 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-03-11 00:39:36 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-03-11 00:39:36 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-03-11 00:39:36 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-03-11 00:39:36 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-03-11 00:39:36 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-03-11 00:35:36 171520 ----a-w- C:\Windows\SysWow64\ubpm.dll
2015-03-11 00:35:35 215552 ----a-w- C:\Windows\System32\ubpm.dll
2015-03-03 08:43:00 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Petroglyph
.
==================== Find3M ====================
.
2015-03-16 11:06:00 357960 ----a-w- C:\Windows\System32\drivers\360fsflt.sys
2015-03-13 14:46:06 778928 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-03-13 14:46:06 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-06 05:56:10 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10 155576 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-03-06 05:42:36 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-03-06 05:42:35 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-03-06 05:42:35 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-03-06 05:42:33 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-03-06 05:42:33 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-03-06 05:42:29 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-03-06 05:42:29 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-03-06 05:42:27 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-03-06 05:42:27 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-03-06 05:42:20 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-03-06 05:41:46 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-03-06 05:41:31 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-03-06 05:39:16 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-03-06 05:38:57 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-03-06 05:36:56 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-03-06 05:10:34 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:10:30 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-03-06 05:10:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-03-06 05:10:22 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:10:11 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-03-06 05:09:31 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:09:19 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:07:50 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:07:43 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-03-06 05:06:20 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-02-23 20:17:24 295552 ------w- C:\Windows\System32\MpSigStub.exe
2015-02-20 03:06:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-02-20 03:05:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-02-20 02:50:14 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-02-20 02:49:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-02-20 02:49:19 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-02-20 02:47:56 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-02-20 02:35:17 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-02-20 02:35:05 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-02-20 02:34:24 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-02-20 02:32:34 6035456 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-20 02:26:12 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-02-20 02:22:35 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-02-20 02:13:57 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-02-20 02:09:08 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-02-20 02:08:59 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-02-20 02:08:13 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06:44 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-02-20 01:56:54 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-02-20 01:56:07 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-02-20 01:47:06 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-02-20 01:46:45 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-02-20 01:41:52 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30:39 4300288 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-20 01:28:25 2358784 ----a-w- C:\Windows\System32\wininet.dll
2015-02-20 01:24:21 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-02-20 01:23:19 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:01:25 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-02-17 07:26:28 1217184 ----a-w- C:\Windows\SysWow64\FM20.DLL
2015-02-13 07:30:36 186440 ----a-w- C:\Windows\System32\drivers\BAPIDRV64.SYS
2015-02-11 11:22:52 8280168 ----a-w- C:\Windows\System32\SogouPY.ime
2015-02-11 11:22:52 4865128 ----a-w- C:\Windows\SysWow64\SogouPY.ime
2015-02-09 15:00:12 0 ----a-w- C:\Windows\SysWow64\nsa9CCF.tmp
2015-02-09 15:00:12 0 ----a-w- C:\Windows\System32\nsq9D7C.tmp
2015-02-03 03:34:39 693176 ----a-w- C:\Windows\System32\winload.efi
2015-02-03 03:34:38 5554104 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-03 03:34:36 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-02-03 03:33:29 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-02-03 03:30:58 631808 ----a-w- C:\Windows\System32\evr.dll
2015-02-03 03:29:19 8704 ----a-w- C:\Windows\System32\pcaevts.dll
2015-02-03 03:28:49 2048 ----a-w- C:\Windows\System32\mferror.dll
2015-02-03 03:28:14 6656 ----a-w- C:\Windows\System32\apisetschema.dll
2015-02-03 03:19:12 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
2015-02-03 03:16:31 3973048 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16:31 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-03 03:11:55 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2015-02-03 03:11:18 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2015-02-03 03:09:03 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2015-02-03 03:08:07 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2015-02-03 02:32:25 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2015-01-30 23:56:51 459336 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-27 09:32:14 319048 ----a-w- C:\Windows\System32\drivers\360Box64.sys
2015-01-24 11:36:46 129608 ----a-w- C:\Windows\System32\drivers\360AntiHacker64.sys
2015-01-24 09:21:09 0 ----a-w- C:\Windows\SysWow64\nseEC77.tmp
2015-01-24 09:21:09 0 ----a-w- C:\Windows\System32\nskECE6.tmp
2015-01-09 03:14:27 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-01-09 03:14:19 950272 ----a-w- C:\Windows\System32\perftrack.dll
2015-01-09 03:14:19 29696 ----a-w- C:\Windows\System32\powertracker.dll
2015-01-09 02:48:18 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
2015-01-07 03:15:20 104896 ----a-w- C:\Windows\System32\drivers\mup.sys
2015-01-07 03:10:04 782848 ----a-w- C:\Windows\System32\gpsvc.dll
2015-01-07 02:44:14 79872 ----a-w- C:\Windows\SysWow64\gpapi.dll
2015-01-07 01:49:44 310272 ----a-w- C:\Windows\System32\drivers\rdbss.sys
2015-01-07 01:49:32 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-01-07 01:48:48 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 12:35:55.51 ===============
Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 旗舰版
Boot Device: \Device\HarddiskVolume1
Install Date: 2014/4/22 17:01:54
System Uptime: 2015/4/1 10:24:31 (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | 970A-DS3P
Processor: AMD FX(tm)-6300 Six-Core Processor | CPU 1 | 3500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 45.246 GiB free.
D: is FIXED (NTFS) - 278 GiB total, 103.203 GiB free.
E: is FIXED (NTFS) - 277 GiB total, 275.435 GiB free.
F: is FIXED (NTFS) - 276 GiB total, 274.898 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\NET\0000
Manufacturer:
Name:
PNP Device ID: ROOT\NET\0000
Service:
.
==== System Restore Points ===================
.
RP3: 2015/4/1 9:39:03 - avast! antivirus system restore point
.
==== Installed Programs ======================
.
360安全浏览器7
360安全卫士
360驱动大师
360杀毒
360云盘
Adobe AIR
Adobe Flash Player 16 NPAPI
Adobe Flash Player 17 ActiveX
Adobe Help Manager
Adobe Reader XI (11.0.10) - Chinese Simplified
Astrill
avast! Free Antivirus
Battle.net
CCleaner
Cities: Skylines
DayZ
Definition Update for Microsoft Office 2010 (KB2956207) 32-Bit Edition
Far Cry 4
Grey Goo
Insurgency
IObit Uninstaller
Java 7 Update 71
Java Auto Updater
Malwarebytes Anti-Malware version 2.1.4.1018
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (CHS)
Microsoft .NET Framework 4.5.1 (简体中文)
Microsoft Mouse and Keyboard Center
Microsoft Office Access MUI (Chinese (Simplified)) 2010
Microsoft Office Excel MUI (Chinese (Simplified)) 2010
Microsoft Office Home and Student 2010
Microsoft Office IME (Chinese (Simplified)) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (Chinese (Simplified)) 2010
Microsoft Office Outlook MUI (Chinese (Simplified)) 2010
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2010
Microsoft Office Proof (Chinese (Simplified)) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proofing (Chinese (Simplified)) 2010
Microsoft Office Publisher MUI (Chinese (Simplified)) 2010
Microsoft Office Shared 64-bit MUI (Chinese (Simplified)) 2010
Microsoft Office Shared MUI (Chinese (Simplified)) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (Chinese (Simplified)) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - CHS
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)语言包 - 简体中文
Microsoft WSE 2.0 SP3 Runtime
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MotioninJoy Gamepad tool 0.7.0000
Mozilla Firefox 36.0.4 (x86 zh-CN)
Mozilla Maintenance Service
NVIDIA Install Application
NVIDIA PhysX
NVIDIA 控制面板 327.23
Open XML SDK 2.0 for Microsoft Office
OpenAL
PAYDAY 2
RawTherapee version 4.2
Razer Synapse 2.0
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
SDL MultiTerm 2014 - Remove suite of products
SDL MultiTerm 2014 Convert
SDL MultiTerm 2014 Core
SDL MultiTerm 2014 Desktop
SDL MultiTerm 2014 Word Integration
SDL Passolo Essential 2011 SP6
SDL Trados 2011 SP2 - Remove suite of products
SDL Trados 2014 - Remove suite of products
SDL Trados Legacy Compatibility Module for Studio 2014
SDL Trados Studio 2011 SP2
SDL Trados Studio 2014
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2956142) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2883100) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2889839) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2956073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2956076) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2920812) 32-Bit Edition
Security Update for Microsoft Visual Basic for Applications 6.5 (KB2688865)
Security Update for Microsoft Word 2010 (KB2956139) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype? 7.1
Sophos Virus Removal Tool
Star Wars: Empire at War Gold
Steam
SUPERAntiSpyware
The Forest
The Long Dark
TQ 1.13.8.282
Unity Web Player
Update for Microsoft Access 2010 (KB2837601) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office (KB2879953)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837582) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2920813) 32-Bit Edition
Update for Microsoft Office 2010 (KB2956141) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2956128) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2956203) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2878283) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Uplay
VLC media player
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (dg_ssudbus) USB (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (ssuddmgr) Ports (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (ssudeadb) USB (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (ssudmdm) Modem (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (ssudnd5) Net (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (ssudobex) Ports (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (ssudserd) Ports (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (WinUSB) AndroidUsbDeviceClass (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (WinUSB) USB (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. Net (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. WPD (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (ssudrmnet) USB (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (ssudrmnetmp) Net (03/25/2013 2.9.508.0)
Windows 驱动程序包 - SAMSUNG Electronics Co., Ltd. (WinUSB) USB (03/25/2013 2.9.508.0)
WinRAR 5.01 (64-位)
WinRAR 压缩文件管理器
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm Security
阿里旺旺2014Beta1
百度云管家
极速PDF阅读器 1.8
鲁大师
上海浦东发展银行网上银行安全控件 v4.0
上海浦东发展银行网上银行安全控件 v5.0
搜狗拼音输入法 7.5正式版
腾讯QQ
微软设备健康助手
迅雷极速版
有道词典
招行专业版
招商银行一网通网盾
支付宝安全控件 5.3.0.3807
.
==== End Of File ===========================
The programs at the bottom are Chinese, a couple from my bank. Nothing I didn't install from the looks of things. The 360 ones at the top are the Chinese anti-virus and web browser I use, but i have avaste installed as well now and those disabled.
Again, any help would be greatly appreciated