UpdateFlashPlaye_random numbers and letters virus

Solved
By rachel_UFO
Jul 7, 2014
  1. I am having a situation very similar to this post:
    http://www.techspot.com/community/topics/update-flash-player-virus.202629/

    windows7, chrome

    ----------------------------------------------------------------------------------
    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Update, 7/7/2014 15:27:22, SYSTEM, RACHEL-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.7.3.1,
    Update, 7/7/2014 15:27:25, SYSTEM, RACHEL-PC, Manual, Malware Database, 2014.3.4.9, 2014.7.7.1,
    Error, 7/7/2014 18:16:48, SYSTEM, RACHEL-PC, Protection, StartServiceCtrlDispatcher, 1063,
    Error, 7/7/2014 18:16:49, SYSTEM, RACHEL-PC, scheduler, StartServiceCtrlDispatcher, 1063,

    (end)

    -----------------------------------------------------------------------------------
    DDS.txt

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.60.2
    Run by Rachel at 18:22:48 on 2014-07-07
    Microsoft Windows 7 家用進階版 6.1.7601.1.950.852.3076.18.4061.2459 [GMT 8:00]
    .
    AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe
    C:\Windows\SysWOW64\svchost.exe -k SDDUpdate
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\SysWOW64\svchost -k XLServicePlatform
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AliWangWang\AliIM.exe
    C:\Program Files (x86)\alipay\SafeTransaction\TaobaoProtect.exe
    C:\Program Files (x86)\alipay\SafeTransaction\Alipaybsm.exe
    C:\Program Files (x86)\QvodPlayer\QvodWebBase\1.0.0.47\QvodWebService.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Users\Rachel\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Samsung\Kies\Kies.exe
    C:\Users\Rachel\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\program files (x86)\avira\antivir desktop\ipmGui.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uProxyOverride = local;<local>
    mWinlogon: Userinit = userinit.exe
    BHO: {074C1DC5-9320-4A9A-947D-C042949C6216} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: WebDetectorBHO Class: {43BEAFD9-E005-483D-A367-146BA6C8A32E} -
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - <orphaned>
    BHO: QvodExtend: {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: 捃濘狟婥盓厥郪璃: {DE05CF4A-7B0A-4775-B5E5-396244938679} - C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
    uRun: [Akamai NetSession Interface] "C:\Users\Rachel\AppData\Local\Akamai\netsession_win.exe"
    uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
    uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
    uRun: [BAIDUMEDIA] C:\Program Files (x86)\Baidu\BaiduPlayer\1.19.0.57\BaiduPlayer.exe minimize
    uRun: [hsscp.EXE] C:\Users\Rachel\AppData\Roaming\Hotspot Shield\bin\hsscp.EXE -nonadmin
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    mRun: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [kxesc] "c:\program files (x86)\kingsoft\kingsoft antiviruskxetray.exe" -autorun
    mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: &使用&迅雷下? - <no file>
    IE: &使用&迅雷下?全部?接 - <no file>
    IE: &使用115优蛋 3下? - <no file>
    IE: &使用115优蛋 3下?全部?接 - <no file>
    IE: &妏蚚&捃濘燭盄狟婥 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm
    IE: &妏蚚&捃濘狟婥 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm
    IE: &妏蚚&捃濘狟婥窒蟈諉 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm
    IE: 使用迅雷看看播放器播放 - C:\Users\Public\Thunder Network\XMP4\Core\Program\XmpIEMenu.htm
    IE: 添加?前?到迅雷看看播放器?? - <no file>
    LSP: C:\Program Files (x86)\YouKu\common\ikutm.dll
    Trusted Zone: alipay.com
    Trusted Zone: alipay.com
    Trusted Zone: alisoft.com
    Trusted Zone: alisoft.com
    Trusted Zone: taobao.com
    Trusted Zone: taobao.com
    Trusted Zone: alipay.com
    Trusted Zone: alipay.com
    Trusted Zone: alisoft.com
    Trusted Zone: alisoft.com
    Trusted Zone: gogobox.com.tw
    Trusted Zone: gogobox.com.tw
    Trusted Zone: taobao.com
    Trusted Zone: taobao.com
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    TCP: NameServer = 218.102.32.134 219.76.98.66
    TCP: Interfaces\{AE90874A-C851-4864-9C4D-3EBC134868C5} : DHCPNameServer = 218.102.32.134 219.76.98.66
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: 捃濘狟婥盓厥: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.18.4724.dll
    x64-BHO: QvodExtend: {A8502600-B272-4F68-A67B-A0305D46D298} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend_x64.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-23 55280]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-5-4 28600]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-1-31 283200]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-6-24 92160]
    R2 AlipaySecSvc;Alipay security service;C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe [2014-6-4 540032]
    R2 AntiVirSchedulerService;Avira 排程管理員;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-5-4 430160]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-5-4 430160]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-5-4 112080]
    R2 DeviceHealth;Microsoft Device Health Machine Service;C:\Program Files (x86)\Microsoft Device Health\DhMachineSvc.exe [2014-6-6 85664]
    R2 SDDUpdate;SDDUpdate;C:\Windows\System32\svchost.exe -k SDDUpdate [2009-7-14 27136]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-23 660800]
    R2 XLServicePlatform;XLServicePlatform;C:\Windows\System32\svchost -k XLServicePlatform --> C:\Windows\System32\svchost -k XLServicePlatform [?]
    R2 YLMFVDISK;YLMF Virtual Diskette V1;C:\Windows\System32\drivers\VirtDisk64.sys [2012-2-3 23896]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-6-24 138752]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-7 122584]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-24 236544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-5-8 108800]
    S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-14 37344]
    S3 HaozipVirtualCDBus;HaoZip Virtual Bus Driver;C:\Windows\System32\drivers\HaoZipVirtualCDBus.sys [2012-7-24 204888]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-5-8 206080]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 VMUVC;Vimicro Camera Service VMUVC;C:\Windows\System32\drivers\vmuvc.sys [2011-4-23 198400]
    S3 vvftUVC;Vimicro Camera Filter Service VMUVC;C:\Windows\System32\drivers\vvftUVC.sys [2011-4-23 303616]
    S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-8-2 18216]
    S3 WatAdminSvc;Windows 啟用技術服務;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-2 1255736]
    S3 WsAudio_Device;WsAudio_Device;C:\Windows\System32\drivers\VirtualAudio.sys [2013-11-1 31080]
    S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2013-5-29 1039952]
    .
    =============== File Associations ===============
    .
    FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
    FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
    .js: <filetype is not registered>
    .
    =============== Created Last 30 ================
    .
    2014-07-07 07:27:18 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-07-07 07:26:38 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-07-07 07:26:38 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-07-07 07:26:38 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-07-07 07:26:37 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-07-07 06:51:34 -------- d-----w- C:\ProgramData\Oracle
    2014-07-07 06:50:42 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-07-07 06:24:55 -------- d-----w- C:\Users\Rachel\AppData\Roaming\TaobaoProtect
    2014-07-07 06:24:26 -------- d-----w- C:\Program Files (x86)\Microsoft Device Health
    2014-07-07 05:45:41 -------- d-----w- C:\Users\Rachel\AppData\Roaming\alipay
    2014-06-20 05:48:48 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E19A4B97-11A4-41D6-AC0A-F1DD1B49B05A}\mpengine.dll
    2014-06-16 14:38:01 2278912 ----a-w- C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll
    2014-06-12 09:21:00 -------- d-----w- C:\Program Files (x86)\Funmily
    2014-06-12 09:06:39 -------- d---a-w- C:\Program Files (x86)\HYZGOnline
    2014-06-12 07:51:46 -------- d-----w- C:\Users\Rachel\AppData\Roaming\BitCometLite
    2014-06-12 07:14:30 5203984 ----a-w- C:\Windows\SysWow64\GameMon.des
    2014-06-12 07:14:16 -------- d-----w- C:\Program Files\Common Files\INCA Shared
    2014-06-11 15:52:41 506368 ----a-w- C:\Windows\System32\aepdu.dll
    2014-06-11 15:52:41 424448 ----a-w- C:\Windows\System32\aeinv.dll
    .
    ==================== Find3M ====================
    .
    2014-06-04 03:39:19 112080 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
    2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
    2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
    2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
    2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
    2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-04-10 05:40:09 159032 ----a-w- C:\Windows\System32\atl90.dll
    2014-04-10 05:40:07 655872 ----a-w- C:\Windows\System32\msvcr90.dll
    2014-04-10 05:40:07 568832 ----a-w- C:\Windows\System32\msvcp90.dll
    2014-04-08 15:30:10 286352 ----a-w- C:\Windows\System32\libbluray.dll
    2014-04-08 15:29:48 238736 ----a-w- C:\Windows\SysWow64\libbluray.dll
    .
    ============= FINISH: 18:24:46.74 ===============
    -----------------------------------------------------------------------------------------------------------------
    ATTACH.txt

    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 家用進階版
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/7/2010 14:41:52
    System Uptime: 7/7/2014 17:15:34 (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0K83V0
    Processor: Pentium(R) Dual-Core CPU E5500 @ 2.80GHz | CPU 1 | 2803/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 290 GiB total, 52.364 GiB free.
    D: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP724: 26/6/2014 14:00:52 - Removed MSXML 4.0 SP2 (KB954430)
    RP725: 26/6/2014 14:03:43 - Removed MSXML 4.0 SP2 (KB973688)
    RP726: 26/6/2014 17:01:47 - 已移除 MSXML 4.0 SP3 Parser (KB2721691)
    RP727: 7/7/2014 14:49:24 - Installed Java 7 Update 60
    .
    ==== Installed Programs ======================
    .
    ???????????
    ACDSee
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Asset Services CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Recommended Settings CS4
    Adobe Color NA Extra Settings CS4
    Adobe Contribute CS4
    Adobe Creative Suite 4 Web Standard
    Adobe CSI CS4
    Adobe CSI CS4 x64
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe Drive CS4 x64
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI others
    Adobe Flash CS4 STI-other
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Importer
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe PDistiller
    Adobe Reader XI - Chinese Traditional
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe Version Cue CS4 Server
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Akamai NetSession Interface
    AlipayDHC 1.1.0.0
    Audacity 1.3.12 (Unicode)
    Avira Free Antivirus
    BLACK WOLVES SAGA -Bloody Nightmare-
    Bonjour
    ComicStudio EX Demo 4.0TC
    Connect
    Corel VideoStudio Pro Title Pack
    DAEMON Tools Lite
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell Edoc Viewer
    Dell Support Center (Support Software)
    FileMenu Tools
    Finale NotePad 2008
    Free Studio version 2013
    Google Chrome
    Google Update Helper
    HetaOni ENGLISH Version 15.0
    iKu 2
    Intel(R) Graphics Media Accelerator Driver
    IntelR Matrix Storage Manager
    Java 7 Update 60
    Java 7 Update 7 (64-bit)
    Java Auto Updater
    kuler
    Malwarebytes Anti-Malware version 2.0.2.1012
    Mega Manager
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft AppLocale
    Microsoft Choice Guard
    Microsoft Office 2000 Professional
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Windows Application Compatibility Database
    Microsoft WSE 3.0 Runtime
    Microsoft_VC100_CRT_SP1_x64
    Microsoft_VC100_CRT_SP1_x86
    MPC-HC 1.7.4 (64-bit)
    MSVC80_x64_v2
    MSVC80_x86_v2
    MSVC90_x64
    MSVC90_x86
    MSVCRT
    MSXML 4.0 SP3 Parser (KB2758694)
    MyFreeCodec
    openCanvas4.5.09e Plus
    PDF Settings CS4
    Photoshop Camera Raw
    Pixel Bender Toolkit
    RaySource 2.2.0.1
    Realtek High Definition Audio Driver
    Roxio Burn
    SafeTransaction 5.13.0.0
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Suite Shared Configuration CS4
    swMSM
    Ulead PhotoImpact 11
    Visual Studio Tools for the Office system 3.0 Runtime
    Visual Studio Tools for the Office system 執行階段 3.0
    VOCALOID2 Expression DB (Standard)
    VOCALOID2 Voice DB (Miku)
    Watson
    Windows Live Communications Platform
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live 程式集
    Windows Live 影像中心
    Windows Media Encoder 9 Series
    WinRAR 5.10 beta 4 (64-bit)
    百度云管家
    快播 5.19.185
    迅雷看看播放器
    阿里旺旺2013Beta2
    捃濘7
    盓葆惘杅趼痐抎郪璃 2.4.0.0
    盓葆惘假諷璃 3.23.0.0
    盓葆惘假諷璃 3.8.0.0
    雅?~MIYAKO~月詠?夢
    微???健康助手
    新幻月之歌 Online
    歡樂派登入器 版本 1.0
    .
    ==== End Of File ===========================

    I have some application in chinese, please ask if there are any problems. Thank you so much.
  2. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Hello and welcome to TechSpot.com My name is Dave. I will be helping you out with your particular problem on your computer.
    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.
    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    That is not a proper log for MBAM. Please run it again.
    Please download AdwCleaner by Xplode onto your Desktop.
    Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.
    [​IMG]
    If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
    When the AdwCleaner program will open, click on the Scan button as shown below.
    [​IMG]
    AdwCleaner will now start to search for malicious files that may be installed on your computer.
    To remove the files that were detected in the previous step, please click on the Clean button.
    [​IMG]
    AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
    Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
    *********************************************
    Malwarebytes' Anti-Rootkit
    Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
    • Be sure to print out and follow the instructions provided on that same page for performing a scan.
    • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
    • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
    • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
    • Copy and paste the contents of these two log files in your next reply.
    *************************************************
    Please download Junkware Removal Tool to your desktop.
    Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    Shut down your protection software now to avoid potential conflicts.
    •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    •The tool will open and start scanning your system.
    •Please be patient as this can take a while to complete depending on your system's specifications.
    •On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    •Copy and Paste the JRT.txt log into your next message.
  3. rachel_UFO

    rachel_UFO Newcomer, in training Topic Starter Posts: 31

    # AdwCleaner v3.214 - Report created 08/07/2014 at 22:44:45
    # Updated 29/06/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Rachel - RACHEL-PC
    # Running from : C:\Users\Rachel\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Aimersoft Video Converter Ultimate
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\baidu
    Folder Deleted : C:\ProgramData\optimizerpro1
    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\ProgramData\Bcool
    Folder Deleted : C:\Program Files (x86)\baidu
    Folder Deleted : C:\Program Files\Tencent
    Folder Deleted : C:\Users\Rachel\AppData\Local\baidu
    Folder Deleted : C:\Users\Rachel\AppData\LocalLow\baidu
    Folder Deleted : C:\Users\Rachel\AppData\LocalLow\Tencent
    Folder Deleted : C:\Users\Rachel\AppData\Roaming\baidu
    Folder Deleted : C:\Users\Rachel2\AppData\Local\baidu
    Folder Deleted : C:\Users\Rachel2\AppData\LocalLow\baidu
    Folder Deleted : C:\Users\Rachel2\AppData\Roaming\baidu
    Folder Deleted : C:\Users\Rachel2\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj
    Folder Deleted : C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeidflpoojnabafcfcenjpncmiggencj
    Folder Deleted : C:\Users\Rachel2\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeidflpoojnabafcfcenjpncmiggencj
    File Deleted : C:\END

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oeidflpoojnabafcfcenjpncmiggencj
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
    Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
    Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
    Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_opencanvas[1]_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_opencanvas[1]_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKCU\Software\anchorfree
    Key Deleted : HKCU\Software\Babylon
    Key Deleted : HKCU\Software\Complitly
    Key Deleted : HKCU\Software\Myfree Codec
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\YourFileDownloader
    Key Deleted : HKCU\Software\AppDataLow\TENCENT
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\Myfree Codec
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\TENCENT
    Key Deleted : HKLM\Software\YourFileDownloader

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17126


    -\\ Mozilla Firefox v29.0.1 (zh-TW)

    [ File : C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\0bvwoj7p.default\prefs.js ]


    -\\ Google Chrome v34.0.1847.131

    [ File : C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=100512_1_&babsrc=SP_ss&mntrId=14e76ce9000000000000002564890eb1
    Deleted [Extension] : oeidflpoojnabafcfcenjpncmiggencj

    [ File : C:\Users\Rachel2\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10268&locale=en_HK&apn_uid=8288F96F-D581-4FF8-B9A4-114A6B2D716B&apn_ptnrs=%5EAGZ&apn_sauid=2B12222E-B0C5-4C0D-A219-C319A66D7B0B&apn_dtid=%5EYYYYYY%5EYY%5EHK&q={searchTerms}
    Deleted [Extension] : oeidflpoojnabafcfcenjpncmiggencj
    Deleted [Extension] : olakgnkoldmagdblaalodobkmeokmgjj

    *************************

    AdwCleaner[R0].txt - [7111 octets] - [08/07/2014 21:01:44]
    AdwCleaner[S0].txt - [7032 octets] - [08/07/2014 22:44:45]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7092 octets] ##########
  4. rachel_UFO

    rachel_UFO Newcomer, in training Topic Starter Posts: 31

    I scan again after the reboot and get this log:

    # AdwCleaner v3.214 - Report created 08/07/2014 at 23:06:42
    # Updated 29/06/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Rachel - RACHEL-PC
    # Running from : C:\Users\Rachel\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\Rachel2\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17126


    -\\ Mozilla Firefox v29.0.1 (zh-TW)

    [ File : C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\0bvwoj7p.default\prefs.js ]


    -\\ Google Chrome v34.0.1847.131

    [ File : C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    [ File : C:\Users\Rachel2\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [7111 octets] - [08/07/2014 21:01:44]
    AdwCleaner[R1].txt - [1241 octets] - [08/07/2014 23:05:40]
    AdwCleaner[S0].txt - [7180 octets] - [08/07/2014 22:44:45]
    AdwCleaner[S1].txt - [1164 octets] - [08/07/2014 23:06:42]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1224 octets] ##########



    When I scan again after that, I get this:

    # AdwCleaner v3.214 - Report created 08/07/2014 at 23:10:41
    # Updated 29/06/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Rachel - RACHEL-PC
    # Running from : C:\Users\Rachel\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17126


    -\\ Mozilla Firefox v29.0.1 (zh-TW)

    [ File : C:\Users\Rachel\AppData\Roaming\Mozilla\Firefox\Profiles\0bvwoj7p.default\prefs.js ]


    -\\ Google Chrome v34.0.1847.131

    [ File : C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    [ File : C:\Users\Rachel2\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [7111 octets] - [08/07/2014 21:01:44]
    AdwCleaner[R1].txt - [1241 octets] - [08/07/2014 23:05:40]
    AdwCleaner[R2].txt - [1237 octets] - [08/07/2014 23:09:20]
    AdwCleaner[S0].txt - [7180 octets] - [08/07/2014 22:44:45]
    AdwCleaner[S1].txt - [1304 octets] - [08/07/2014 23:06:42]
    AdwCleaner[S2].txt - [1159 octets] - [08/07/2014 23:10:41]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1219 octets] ##########
  5. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Please continue with the other scans and post the logs.
  6. rachel_UFO

    rachel_UFO Newcomer, in training Topic Starter Posts: 31

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.07.08.12

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17126
    Rachel :: RACHEL-PC [administrator]

    9/7/2014 9:22:15
    mbar-log-2014-07-09 (09-22-15).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 362636
    Time elapsed: 37 minute(s), 49 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
    -----------------------------------------------------------------------------------
    Doing the JRT scan now
  7. rachel_UFO

    rachel_UFO Newcomer, in training Topic Starter Posts: 31

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Rachel on 09/07/2014 週三 at 22:45:51.03
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-643212585-2591526618-1564776100-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9D475D48-54C8-4F63-BCB1-8CADF48FBE9A}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
    Successfully deleted: [Folder] "C:\Users\Rachel\AppData\Roaming\getrighttogo"
    Failed to delete: [Folder] "C:\Program Files (x86)\myfree codec"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 09/07/2014 週三 at 23:01:32.61
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  8. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    I'd like to scan your machine with ESET OnlineScan
    •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
    •Click the [​IMG] button.
    •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    •Check [​IMG]
    •Click the [​IMG] button.
    •Accept any security warnings from your browser.
    • Leave the check mark next to Remove found threats.
    •Check [​IMG]
    •Push the Start button.
    •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    •When the scan completes, push [​IMG]
    •Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    •Push the [​IMG] button.
    •Push [​IMG]
    A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
  9. rachel_UFO

    rachel_UFO Newcomer, in training Topic Starter Posts: 31

    I try to scan the system, when it finish, an error occur and it stop running on its own. Trying to scan the system again now
  10. rachel_UFO

    rachel_UFO Newcomer, in training Topic Starter Posts: 31

    Log for the 2nd scan:
    C:\Users\Rachel\AppData\Local\Temp\NODD16.tmp a variant of Win64/Sathurbot.A trojan cleaned by deleting (after the next restart) - quarantined

    Under the "list of found threats" button, there is a list of quarnatined files. I think those are the threats it found in the 1st scan.
    what should I do now?
  11. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    That's ok. How's your computer running now? Any other issues?
     
  12. rachel_UFO

    rachel_UFO Newcomer, in training Topic Starter Posts: 31

    Nothing special I think. But a moment ago, when I use the browser to reply to this post, the mouse keeps blinking and I can't type some of the letters. It's seems fine now.
  13. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Ok, we can do some clean up.
    This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create Registry backup
    • Purge System Restore Points
    • Re-set system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.
    ***********************************
    Click Start> Computer> right click the C Drive and choose Properties> enter
    Click Disk Cleanup from there.
    [​IMG]
    Click OK on the Disk Cleanup Screen.
    Click Yes on the Confirmation screen.
    [​IMG]
    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    ********************************************
    Go to Microsoft Windows Update and get all critical updates.
    ----------
    I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
    Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.
    Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
    Safe Surfing!
  14. rachel_UFO

    rachel_UFO Newcomer, in training Topic Starter Posts: 31

    Thank you so much for your help!
  15. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    You're welcome. Have a great day.
  16. rachel_UFO

    rachel_UFO Newcomer, in training Topic Starter Posts: 31

    What should I do? Avira tells me it comes back!!
  17. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Please tell me what comes back?
  18. rachel_UFO

    rachel_UFO Newcomer, in training Topic Starter Posts: 31

    It happens last night.
    the flashplayer update thing.
    avira will pops up and ask me to remove the file it found, after I click it, another file with a different sequence of no and letters will be found.
    Later, avira reports another infected files. I remember it is a file called sth like tmd0860 in some microsoft crypto rsa file I think. I delete in manually.
    This morning, when I turn my computer on, it gives a black sceen after log in.
    When I press ctrl alt delete, all the available functions like log out and task manager works. When I use task manager, things like, explorer.exe is not running.
    The same happens when I boot up in safe mode. the safe mode wordings will appeared in the corners but there is nothing on the desktop excluding those wordings.
  19. rachel_UFO

    rachel_UFO Newcomer, in training Topic Starter Posts: 31

    The file I delete is
    C:\PROGRAMDATA\MICROSOFT\Crypto\RSA64\temp\tmp6086.exe
  20. rachel_UFO

    rachel_UFO Newcomer, in training Topic Starter Posts: 31

    I run the Malwarebytes Anti-Malware which says there is no threats around.
    Then I run an avast scan. I reboot the computer as instructed and do a boot scan. Afterwards, my desktop come backkk!!!!!!

    Here's the MBAM log:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 16/7/2014
    Scan Time: 16:19:25
    Logfile: scan.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.16.02
    Rootkit Database: v2014.07.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Rachel

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 362871
    Time Elapsed: 35 min, 9 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
  21. rachel_UFO

    rachel_UFO Newcomer, in training Topic Starter Posts: 31

    The dds log:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.60.2
    Run by Rachel at 22:43:53 on 2014-07-16
    Microsoft Windows 7 家用進階版 6.1.7601.1.950.852.3076.18.4061.2310 [GMT 8:00]
    .
    AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
    FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\PROGRAM FILES (X86)\COMMON FILES\COMODO\LAUNCHER_SERVICE.EXE
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CMDAGENT.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE
    C:\Windows\system32\Dwm.exe
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
    C:\Windows\system32\taskeng.exe
    C:\WINDOWS\SYSTEM32\TASKHOST.EXE
    C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\SCHED.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRAM FILES (X86)\COMODO\DRAGON\DRAGON_UPDATER.EXE
    C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
    C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
    C:\Windows\SysWOW64\svchost.exe -k SDDUpdate
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE
    C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    C:\Windows\System32\vds.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
    C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE
    C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE
    C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CISTRAY.EXE
    C:\USERS\RACHEL\APPDATA\LOCAL\AKAMAI\NETSESSION_WIN.EXE
    C:\USERS\RACHEL\APPDATA\LOCAL\AKAMAI\NETSESSION_WIN.EXE
    C:\PROGRAM FILES (X86)\SAMSUNG\KIES\KIES.EXE
    C:\PROGRAM FILES (X86)\DELL SUPPORT CENTER\BIN\SPRTCMD.EXE
    C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 8.0\ACROBAT\ACROTRAY.EXE
    C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\AUTODETECTOR\MONITOR.EXE
    C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGNT.EXE
    C:\PROGRAM FILES\COMODO\GEEKBUDDY\UNIT_MANAGER.EXE
    C:\PROGRAM FILES (X86)\COMMON FILES\COMODO\GEEKBUDDYRSP.EXE
    C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTUI.EXE
    C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE
    C:\PROGRAM FILES\COMODO\GEEKBUDDY\UNIT.EXE
    C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CIS.EXE
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE
    C:\WINDOWS\SYSTEM32\SPPSVC.EXE
    C:\PROGRAM FILES (X86)\DELL SUPPORT CENTER\BIN\SPRTSVC.EXE
    C:\WINDOWS\SYSTEM32\SEARCHFILTERHOST.EXE
    C:\WINDOWS\SYSTEM32\CSCRIPT.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uSearch Bar = Preserve
    uProxyOverride = local;<local>
    mWinlogon: Userinit = userinit.exe
    BHO: {074C1DC5-9320-4A9A-947D-C042949C6216} - <orphaned>
    BHO: WebDetectorBHO Class: {43BEAFD9-E005-483D-A367-146BA6C8A32E} -
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [Akamai NetSession Interface] "C:\Users\Rachel\AppData\Local\Akamai\netsession_win.exe"
    uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
    uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    mRun: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files\COMODO\GeekBuddy\launcher.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: EnableSecureUIAPath = dword:1
    IE: &使用115优蛋 3下? - <no file>
    IE: &使用115优蛋 3下?全部?接 - <no file>
    IE: &妏蚚&捃濘燭盄狟婥 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\OfflineDownload.htm
    IE: &妏蚚&捃濘狟婥 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\geturl.htm
    IE: &妏蚚&捃濘狟婥窒蟈諉 - C:\Program Files (x86)\Thunder Network\Thunder\BHO\GetAllUrl.htm
    Trusted Zone: alipay.com
    Trusted Zone: alipay.com
    Trusted Zone: alisoft.com
    Trusted Zone: alisoft.com
    Trusted Zone: taobao.com
    Trusted Zone: taobao.com
    Trusted Zone: alipay.com
    Trusted Zone: alipay.com
    Trusted Zone: alisoft.com
    Trusted Zone: alisoft.com
    Trusted Zone: gogobox.com.tw
    Trusted Zone: gogobox.com.tw
    Trusted Zone: taobao.com
    Trusted Zone: taobao.com
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    TCP: NameServer = 218.102.32.134 219.76.98.66
    TCP: Interfaces\{AE90874A-C851-4864-9C4D-3EBC134868C5} : NameServer = 156.154.70.25,156.154.71.25
    TCP: Interfaces\{AE90874A-C851-4864-9C4D-3EBC134868C5} : DHCPNameServer = 218.102.32.134 219.76.98.66
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - <orphaned>
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    x64-Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
    x64-Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
    x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-7-16 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-7-16 224896]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-23 55280]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-7-16 1041168]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-7-16 427360]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-5-4 28600]
    R1 CFRMD;CFRMD;C:\Windows\System32\drivers\CFRMD.sys [2013-5-7 37976]
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2014-4-16 23168]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2014-4-16 738472]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2014-4-16 48360]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-1-31 283200]
    R1 HMD;COMODO livePCsupport Hardware Monitor Driver;C:\Windows\System32\drivers\hmd.sys [2013-10-7 14888]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-6-24 92160]
    R2 AntiVirSchedulerService;Avira 排程管理員;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-5-4 430160]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-5-4 430160]
    R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-16 29208]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-7-16 79184]
    R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-7-16 92008]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-16 50344]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-5-4 117712]
    R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2014-6-27 70864]
    R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-5-21 2135232]
    R2 GeekBuddyRSP;GeekBuddyRSP Server;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2014-6-27 2327248]
    R2 ReimageRealTimeProtector;Reimage Real Time Protector;C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2014-7-9 7097192]
    R2 SDDUpdate;SDDUpdate;C:\Windows\System32\svchost.exe -k SDDUpdate [2009-7-14 27136]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-23 660800]
    R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\System32\drivers\stflt.sys [2014-7-11 51496]
    R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2014-7-11 1146304]
    R2 YLMFVDISK;YLMF Virtual Diskette V1;C:\Windows\System32\drivers\VirtDisk64.sys [2012-2-3 23896]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-6-24 138752]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-24 236544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
    S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-3-25 2264280]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-7-12 108800]
    S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-14 37344]
    S3 HaozipVirtualCDBus;HaoZip Virtual Bus Driver;C:\Windows\System32\drivers\HaoZipVirtualCDBus.sys [2012-7-24 204888]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-7-12 206080]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-2 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 VMUVC;Vimicro Camera Service VMUVC;C:\Windows\System32\drivers\vmuvc.sys [2011-4-23 198400]
    S3 vvftUVC;Vimicro Camera Filter Service VMUVC;C:\Windows\System32\drivers\vvftUVC.sys [2011-4-23 303616]
    S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-8-2 18216]
    S3 WatAdminSvc;Windows 啟用技術服務;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-2 1255736]
    S3 WsAudio_Device;WsAudio_Device;C:\Windows\System32\drivers\VirtualAudio.sys [2013-11-1 31080]
    S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2013-5-29 1030224]
    .
    =============== File Associations ===============
    .
    FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
    FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
    .js: <filetype is not registered>
    .
    =============== Created Last 30 ================
    .
    2014-07-16 09:19:04 0 ----a-w- C:\Windows\System32\ExtraInfo.txt.tmp
    2014-07-16 09:09:03 -------- d-----w- C:\Users\Rachel\AppData\Roaming\AVAST Software
    2014-07-16 09:07:51 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
    2014-07-16 09:07:51 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2014-07-16 09:07:51 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2014-07-16 09:07:50 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-07-16 09:07:50 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2014-07-16 09:07:50 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
    2014-07-16 09:07:49 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2014-07-16 09:07:38 43152 ----a-w- C:\Windows\avastSS.scr
    2014-07-16 09:06:50 -------- d-----w- C:\Program Files\AVAST Software
    2014-07-16 09:04:24 -------- d-----w- C:\ProgramData\AVAST Software
    2014-07-16 08:17:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-07-16 06:58:08 -------- d-----w- C:\Users\Rachel\AppData\Roaming\Wise Registry Cleaner
    2014-07-16 06:58:01 -------- d-----w- C:\Program Files (x86)\Wise
    2014-07-16 06:17:36 -------- d-----w- C:\ProgramData\Reimage Protector
    2014-07-16 06:17:31 -------- d-----w- C:\Program Files\Reimage
    2014-07-16 06:17:26 -------- d-----w- C:\rei
    2014-07-12 02:03:29 206080 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
    2014-07-12 02:03:29 108800 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
    2014-07-12 01:57:26 57096 ----a-w- C:\Windows\System32\certsentry.dll
    2014-07-12 01:56:21 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
    2014-07-11 09:07:59 -------- d-----w- C:\Users\Rachel\AppData\Local\AdTrustMedia
    2014-07-11 03:23:12 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO
    2014-07-11 03:04:20 -------- d-s---w- C:\ProgramData\Shared Space
    2014-07-11 03:03:39 -------- d-----w- C:\ProgramData\Adtrustmedia
    2014-07-11 03:03:22 -------- d-----w- C:\Program Files\COMODO
    2014-07-11 03:03:11 -------- d-----w- C:\Users\Rachel\AppData\Local\Comodo
    2014-07-11 03:03:06 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
    2014-07-11 03:02:58 -------- d-----w- C:\Program Files (x86)\Comodo
    2014-07-11 03:02:49 -------- d-----w- C:\ProgramData\Comodo Downloader
    2014-07-11 03:02:21 -------- d-----w- C:\ProgramData\Comodo
    2014-07-11 02:56:29 260696 ----a-w- C:\Windows\System32\unrar64.dll
    2014-07-11 02:39:15 51496 ----a-w- C:\Windows\System32\drivers\stflt.sys
    2014-07-11 02:39:14 -------- d-----w- C:\Users\Rachel\AppData\Roaming\Spyware Terminator
    2014-07-11 02:39:14 -------- d-----w- C:\ProgramData\Spyware Terminator
    2014-07-11 02:39:13 -------- d-----w- C:\Program Files (x86)\Spyware Terminator
    2014-07-09 14:45:48 -------- d-----w- C:\Windows\ERUNT
    2014-07-09 01:21:29 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-07-09 01:20:08 -------- dc----w- C:\Users\Rachel\AppData\Local\MigWiz
    2014-07-08 14:48:03 -------- d-----w- C:\Users\Rachel\AppData\Roaming\taobao
    2014-07-08 14:48:00 60240 ----a-w- C:\ProgramData\Microsoft\Windows\Templates\sci.exe
    2014-07-08 13:02:32 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
    2014-07-07 07:27:18 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-07-07 07:26:38 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-07-07 07:26:38 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-07-07 07:26:38 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-07-07 07:26:37 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-07-07 06:51:34 -------- d-----w- C:\ProgramData\Oracle
    2014-07-07 06:50:42 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-07-07 06:24:55 -------- d-----w- C:\Users\Rachel\AppData\Roaming\TaobaoProtect
    2014-06-20 05:48:48 10779000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E19A4B97-11A4-41D6-AC0A-F1DD1B49B05A}\mpengine.dll
    .
    ==================== Find3M ====================
    .
    2014-07-14 14:46:37 42040 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
    2014-07-14 14:46:34 117712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2014-06-30 02:09:33 519168 ----a-w- C:\Windows\System32\aepdu.dll
    2014-06-30 02:04:49 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
    2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
    2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
    2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
    2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
    2014-06-14 14:03:42 218200 ----a-w- C:\Windows\SysWow64\unrar.dll
    2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
    2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
    2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
    2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
    2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
    2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
    2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    .
    ============= FINISH: 22:48:55.64 ===============

    The attach file:
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 家用進階版
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/7/2010 14:41:52
    System Uptime: 16/7/2014 22:38:32 (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0K83V0
    Processor: Pentium(R) Dual-Core CPU E5500 @ 2.80GHz | CPU 1 | 1177/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 290 GiB total, 55.776 GiB free.
    D: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP729: 11/7/2014 10:12:14 - End of disinfection
    RP730: 11/7/2014 11:04:36 - 裝置驅動程式套件安裝: COMODO Network Service
    RP731: 15/7/2014 17:04:44 - Removed Dell Support Center (Support Software).
    RP733: 15/7/2014 17:12:38 - Removed VOCALOID2 Voice DB (Miku)
    RP734: 16/7/2014 15:09:45 - Created by Wise Registry Cleaner
    RP734: 16/7/2014 16:04:47 - 還原操作
    RP735: 16/7/2014 17:05:54 - avast! antivirus system restore point
    .
    ==== Installed Programs ======================
    .
    ???????????
    ACDSee
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Asset Services CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Recommended Settings CS4
    Adobe Color NA Extra Settings CS4
    Adobe Contribute CS4
    Adobe Creative Suite 4 Web Standard
    Adobe CSI CS4
    Adobe CSI CS4 x64
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe Drive CS4 x64
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI others
    Adobe Flash CS4 STI-other
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Importer
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe PDistiller
    Adobe Reader XI (11.0.07) - Chinese Traditional
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe Version Cue CS4 Server
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Akamai NetSession Interface
    Audacity 1.3.12 (Unicode)
    avast! Free Antivirus
    Avira Free Antivirus
    BLACK WOLVES SAGA -Bloody Nightmare-
    Bonjour
    ComicStudio EX Demo 4.0TC
    Comodo Dragon
    COMODO Firewall
    Connect
    Corel VideoStudio Pro Title Pack
    DAEMON Tools Lite
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell Edoc Viewer
    Dell Support Center (Support Software)
    Finale NotePad 2008
    Free Studio version 2013
    GeekBuddy
    Google Chrome
    Google Update Helper
    HetaOni ENGLISH Version 15.0
    Intel(R) Graphics Media Accelerator Driver
    IntelR Matrix Storage Manager
    Java 7 Update 60
    Java Auto Updater
    K-Lite Codec Pack 10.6.2 Standard
    kuler
    Malwarebytes Anti-Malware version 2.0.2.1012
    Mega Manager
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft AppLocale
    Microsoft Choice Guard
    Microsoft Office 2000 Professional
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Windows Application Compatibility Database
    Microsoft WSE 3.0 Runtime
    Microsoft_VC100_CRT_SP1_x64
    Microsoft_VC100_CRT_SP1_x86
    MSVC80_x64_v2
    MSVC80_x86_v2
    MSVC90_x64
    MSVC90_x86
    MSVCRT
    MSXML 4.0 SP3 Parser (KB2758694)
    openCanvas4.5.09e Plus
    PDF Settings CS4
    Photoshop Camera Raw
    Pixel Bender Toolkit
    RaySource 2.2.0.1
    Realtek High Definition Audio Driver
    Reimage Repair
    Roxio Burn
    Samsung Kies
    SAMSUNG USB Driver for Mobile Phones
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Spyware Terminator 2012
    Suite Shared Configuration CS4
    swMSM
    Ulead PhotoImpact 11
    Visual Studio Tools for the Office system 3.0 Runtime
    Visual Studio Tools for the Office system 執行階段 3.0
    VOCALOID2 Expression DB (Standard)
    VOCALOID2 Voice DB (Miku)
    Watson
    Windows Live Communications Platform
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live 程式集
    Windows Live 影像中心
    Windows Media Encoder 9 Series
    WinRAR 5.10 beta 4 (64-bit)
    Wise Registry Cleaner 8.22
    阿里旺旺2013Beta2
    雅?~MIYAKO~月詠?夢
    新幻月之歌 Online
    歡樂派登入器 版本 1.0
    .
    ==== End Of File ===========================
  22. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Please run this even if you don't have the OS disk(s).
    To Run the SFC /SCANNOW Command in Windows 7
    1. Open an elevated command prompt.
    2. To Scan and Repair System Files
    NOTE: Scans the integrity of all protected system files and repairs the system files if needed.
    A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
    NOTE: This may take some time to finish.
    [​IMG]
    B) Go to step 4.
    3. To Only Verify if the System Files are Corrupted
    NOTE: Scans and only verifies the integrity of all proteced system files only.
    A) In the elevated command prompt, type sfc /verifyonly and press Enter.
    4. When the scan is complete, hopefully you will see all is ok like the screenshot below.

    NOTE: If not, then you can attempt to run a System Restore using a restore point dated before the bad file occured to fix it. You may need to repeat doing a System Restore until you find a older restore point that may work.
    [​IMG]
    5. When done, close the elevated command prompt.
  23. rachel_UFO

    rachel_UFO Newcomer, in training Topic Starter Posts: 31

    When I scan the system last night by avast, it tells me the file
    C:\PROGRAMDATA\MICROSOFT\Crypto\RSA64\cryptoprovider.dll is infected.
    and when I surf the internet, some ppl say the rsa64 folder is not suppose to exist at all. What is it all about?

    The SFC scan tells me all is okay
  24. rachel_UFO

    rachel_UFO Newcomer, in training Topic Starter Posts: 31

    And my computer easily freeze now
  25. Superdave1941

    Superdave1941 Malware Helper Posts: 152

    Let's try this:
    Please go to Jotti's malware scan
    (If more than one file needs scanned they must be done separately and links posted for each one)
    * Copy the file path in the below Code box:
    Code:
    C:\PROGRAMDATA\MICROSOFT\Crypto\RSA64\cryptoprovider.dll  
    * At the upload site, click once inside the window next to Browse.
    * Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
    * Next click Submit file
    * Your file will possibly be entered into a queue which normally takes less than a minute to clear.
    * This will perform a scan across multiple different virus scanning engines.
    * Important: Wait for all of the scanning engines to complete.
    * Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.