Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

dllhost.exe com surrogate [Closed]

Started by Gered , Aug 20 2015 12:38 PM

  • This topic is locked This topic is locked
2 replies to this topic

#1 Gered

Gered

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 20 August 2015 - 12:38 PM

My wife's computer has been infected with this virus. Her computer began slowing down dramatically starting a week ago. Looking at Task Manager, we found the culprit was using a lot of her memory. After "Ending Process" the memory use of Windows Explorer as recorded in Task Manager began to increase rapidly. I have done the scan with aswMBR and Farbar as instructed, and attach the logs here: 

 

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-08-21 09:17:59
-----------------------------
09:17:59.949    OS Version: Windows x64 6.1.7601 Service Pack 1
09:17:59.949    Number of processors: 2 586 0x3A09
09:17:59.951    ComputerName: SILJA-PC  UserName: Silja
09:22:00.518    Initialize success
09:22:11.406    VM: initialized successfully
09:22:11.406    VM: Intel CPU supported 
09:22:28.172    VM: disk I/O iaStorA.sys
09:22:40.833    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\000000c4
09:22:40.911    Disk 0 Vendor: ATA_____ 3M__ Size: 476940MB BusType: 11
09:22:42.533    Disk 0 MBR read successfully
09:22:42.533    Disk 0 MBR scan
09:22:42.533    Disk 0 Windows VISTA default MBR code
09:22:42.611    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
09:22:42.705    Disk 0 default boot code
09:22:42.798    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       464823 MB offset 3074048
09:22:42.892    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS        10616 MB offset 955031552
09:22:44.062    Disk 0 scanning C:\windows\system32\drivers
09:23:20.531    Service scanning
09:23:28.830    Service BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140110.001\BHDrvx64.sys **LOCKED** 5
09:23:31.155    Service ccSet_NIS C:\windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys **LOCKED** 5
09:23:39.483    Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
09:23:40.200    Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
09:23:46.235    Service IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20150512.001\IDSvia64.sys **LOCKED** 5
09:24:04.424    Service NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140115.032\ENG64.SYS **LOCKED** 5
09:24:05.298    Service NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140115.032\EX64.SYS **LOCKED** 5
09:24:46.297    Service SRTSPX C:\windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS **LOCKED** 5
09:24:48.652    Service SymDS C:\windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS **LOCKED** 5
09:24:49.385    Service SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS **LOCKED** 5
09:24:49.666    Service SymIRON C:\windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS **LOCKED** 5
09:24:49.822    Service SymNetS C:\windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS **LOCKED** 5
09:25:01.257    Modules scanning
09:25:01.304    Disk 0 trace - called modules:
09:25:01.319    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys 
09:25:01.335    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006557060]
09:25:01.335    3 CLASSPNP.SYS[fffff88001cf243f] -> nt!IofCallDriver -> [0xfffffa8006556aa0]
09:25:01.335    5 iaStorF.sys[fffff880019f0a2c] -> nt!IofCallDriver -> \Device\000000c4[0xfffffa80060189c0]
09:25:01.351    Disk 0 statistics 110202/0/0 @ 1.59 MB/s
09:25:01.351    Scan finished successfully
09:27:04.289    Disk 0 MBR has been saved successfully to "C:\Users\Silja\Desktop\MBR.dat"
09:27:04.289    The log file has been saved successfully to "C:\Users\Silja\Desktop\aswMBR.txt"
 
FARBAR

Addition.txt available at pastebin.com/EKm4Sg1d

FRST.txt:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by Silja (administrator) on SILJA-PC (17-08-2015 05:14:07)
Running from C:\Users\Silja\Desktop
Loaded Profiles: Silja (Available Profiles: Silja)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(360.cn) C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TBatmgrTrayicon.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
() C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(Lingoes Project) C:\Users\Silja\AppData\Local\Lingoes\Translator\lingoes-cn\Lingoes.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(LINE Corporation) C:\Program Files (x86)\Naver\LINE\Line.exe
(Conceptworld Corporation) C:\Program Files (x86)\Conceptworld\QNPlus\QNPlus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(360.cn) C:\Program Files (x86)\360\360sd\360sd.exe
(Dropbox, Inc.) C:\Users\Silja\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(360.cn) C:\Program Files (x86)\360\360Safe\safemon\360tray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(360.cn) C:\Program Files (x86)\360\360sd\360rp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13535304 2013-05-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3014384 2013-02-07] (Synaptics Incorporated)
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [293760 2013-02-21] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [997216 2013-05-08] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-03] ()
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-21] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [360Safetray] => C:\Program Files (x86)\360\360Safe\safemon\360tray.exe [387696 2015-08-05] (360.cn)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-959445010-2885263195-2765435330-1000\...\Run: [Lingoes] => C:\Users\Silja\AppData\Local\Lingoes\Translator\lingoes-cn\Lingoes.exe [2506752 2013-03-30] (Lingoes Project)
HKU\S-1-5-21-959445010-2885263195-2765435330-1000\...\Run: [360sd] => C:\Program Files (x86)\360\360sd\360sdrun.exe [833352 2014-11-17] (360.cn)
HKU\S-1-5-21-959445010-2885263195-2765435330-1000\...\Run: [Line] => C:\Program Files (x86)\Naver\LINE\Line.exe [15660568 2015-08-13] (LINE Corporation)
HKU\S-1-5-21-959445010-2885263195-2765435330-1000\...\Run: [QNPlus] => C:\Program Files (x86)\Conceptworld\QNPlus\QNPlus.exe [696896 2007-04-11] (Conceptworld Corporation)
HKU\S-1-5-21-959445010-2885263195-2765435330-1000\...\Run: [QQ2009] => C:\Program Files (x86)\Tencent\QQ\QQProtect\Bin\QQProtect.exe [149176 2015-05-26] (Tencent)
HKU\S-1-5-21-959445010-2885263195-2765435330-1000\...\Run: [WeiboHot] => C:\Program Files (x86)\Sina\WeiboHot\Bin\WeiboHot.exe -autorun
HKU\S-1-5-21-959445010-2885263195-2765435330-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-959445010-2885263195-2765435330-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-959445010-2885263195-2765435330-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-959445010-2885263195-2765435330-1000\...\Run: [Dropbox Update] => C:\Users\Silja\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-13] (Dropbox, Inc.)
HKU\S-1-5-21-959445010-2885263195-2765435330-1000\...\Run: [GoogleChromeAutoLaunch_3AB43EA140D85EAB31F12F3EA7DA58EB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-28] (Google Inc.)
HKU\S-1-5-18\...\Run: [360sd] => C:\Program Files (x86)\360\360sd\360sdrun.exe [833352 2014-11-17] (360.cn)
Startup: C:\Users\Silja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-03-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\Silja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ 360UDiskGuard Icon Overlay] -> {CC00F81D-5262-450A-B1FA-D6BEE3406263} => C:\Program Files (x86)\360\360Safe\safemon\360UDiskGuard64.dll [2014-12-09] (360.cn)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silja\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silja\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silja\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silja\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silja\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silja\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silja\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silja\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [360FileGuardAntiDel] -> {130DA40A-D640-44D7-9CC6-FAA1CD6B3DEA} => C:\Program Files (x86)\360\360sd\ShellIco.dll [2014-11-18] (360.cn)
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(581).dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silja\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silja\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silja\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com.tw
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com.tw
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-959445010-2885263195-2765435330-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com.tw
HKU\S-1-5-21-959445010-2885263195-2765435330-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-959445010-2885263195-2765435330-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-959445010-2885263195-2765435330-1000 -> DefaultScope {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=33059180_cb&ch=33
SearchScopes: HKU\S-1-5-21-959445010-2885263195-2765435330-1000 -> {60E84469-343A-4B14-944B-E10D379F52A5} URL = 
SearchScopes: HKU\S-1-5-21-959445010-2885263195-2765435330-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=33059180_cb&ch=33
BHO: QQDownload IE Left Helper -> {00000000-12C9-4305-82F9-43058F20E8D2} -> C:\Program Files (x86)\Tencent\QQDownload\QQIEHelper64.dll [2013-06-26] (Tencent Technology (Shenzhen) Company Limited)
BHO: ѸÀ×ÏÂÔØÖ§³Ö -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.35.4922.dll [2015-05-04] (深圳市迅雷网络技术有限公司)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360Safe\safemon\safemon64.dll [2015-07-18] (360.cn)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: QQDownload IE Left Helper -> {00000000-12C9-4305-82F9-43058F20E8D2} -> C:\Program Files (x86)\Tencent\QQDownload\QQIEHelper01.dll [2013-03-28] (Tencent Technology (Shenzhen) Company Limited)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll [2014-11-28] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL [2013-04-09] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-10] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-15] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360Safe\safemon\safemon.dll [2015-08-05] (360.cn)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-10] (Oracle Corporation)
BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\Silja\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll [2015-06-13] (Tencent)
BHO-x32: No Name -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll [2014-08-01] (深圳市迅雷网络技术有限公司)
Toolbar: HKU\S-1-5-21-959445010-2885263195-2765435330-1000 -> No Name - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - No File
DPF: HKLM-x32 {12755229-656A-4508-BC94-2DA4D314B4C8} hxxps://www.mybank.com.tw/MyATM/CAB/CathayMyATM.CAB
DPF: HKLM-x32 {E7891ABB-8ACA-4AD3-AE94-8AA7BC3D9BBB} hxxps://eservice.nhi.gov.tw/Personal1/System/SMC/NHIICC.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-27] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 196.45.144.2 196.45.144.3
Tcpip\..\Interfaces\{02FDD1CE-7EFB-4A21-AE9A-6F50F16329C3}: [DhcpNameServer] 203.217.96.37 8.8.8.8 121.254.96.37 8.8.4.4
Tcpip\..\Interfaces\{FE9D0BC3-1E5A-4DCD-AF8C-91BF8FDA8B02}: [DhcpNameServer] 196.45.144.2 196.45.144.3

FireFox:
========
FF Plugin: @baofeng.com/npBFVWebPlugin -> C:\Program Files (x86)\Baofeng\BFVKanDianYing\npBFVWebPlugin64.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll [No File]
FF Plugin-x32: @360.cn/npaxlogin -> C:\Program Files (x86)\360\360Safe\Utils\npaxlogin.dll [2014-04-23] (360.cn)
FF Plugin-x32: @apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @baidu.com/BaiduRJDownloaderPlugin -> C:\Users\Silja\AppData\Roaming\baidu\BaiduRJDownloader\1.3.0.14\npBDSoftHelperPlug.dll [2014-09-09] (百度在线网络技术(北京)有限公司)
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\Silja\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll [2014-11-10] (Baidu.com, Inc.)
FF Plugin-x32: @baofeng.com/npBFVWebPlugin -> C:\Program Files (x86)\Baofeng\BFVKanDianYing\npBFVWebPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @itstructures.com/ffactivex -> C:\Program Files (x86)\JJPlayer\npWebPlayer.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @qq.com/npOpenPlatform -> C:\Program Files (x86)\Common Files\Tencent\OpenPlatform\3.0.0.3201\npQPMWebGamePlugin.dll [2014-09-29] (腾讯公司)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll [2014-09-28] (Tencent)
FF Plugin-x32: @qq.com/QQDownloadPlugin -> C:\Program Files (x86)\Tencent\QQDownload\Browser\769\npXFPlugin.dll [2013-02-25] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [2013-08-13] ()
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [2014-08-30] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.94\Bin\npSSOAxCtrlForPTLogin.dll [2014-10-22] (Tencent)
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-30] (Google Inc.)
FF Plugin-x32: @xunlei.com/DapCtrl -> C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npKKDapCtrl.dll [No File]
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [2015-05-04] (Thunder Networking Technologies,LTD)
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2015-05-04] ( )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-959445010-2885263195-2765435330-1000: @360.cn/360MMPlugin -> C:\Program Files (x86)\360\360Safe\MobileMgr\np360MMPlugIn.dll [2015-06-03] (360.cn)
FF Plugin HKU\S-1-5-21-959445010-2885263195-2765435330-1000: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll No File
FF Plugin HKU\S-1-5-21-959445010-2885263195-2765435330-1000: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [2015-05-04] (Thunder Networking Technologies,LTD)
FF Plugin HKU\S-1-5-21-959445010-2885263195-2765435330-1000: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2015-05-04] ( )
FF Plugin HKU\S-1-5-21-959445010-2885263195-2765435330-1000: KuaiWanInsert -> C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn [2015-08-17]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2013-12-18]
FF HKU\S-1-5-21-959445010-2885263195-2765435330-1000\...\Firefox\Extensions: [dict@www.youdao.com] - C:\Users\Silja\AppData\Local\Youdao\Dict\Application\stable\extensions\firefox
FF Extension: Youdao Word Capturer - C:\Users\Silja\AppData\Local\Youdao\Dict\Application\stable\extensions\firefox [2014-01-09]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "chrome://newtab/", "https://www.google.com/","https://support.google.com/chrome/answer/2765944?hl=zh-Hant&ref_topic=3227046", "https://www.google.com/goodtoknow/online-safety/device/"
CHR DefaultSuggestURL: Default -> ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Silja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Search) - C:\Users\Silja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaahlfahldnilidgnlikdckbfehhca [2015-04-12]
CHR Extension: (Facebook Secret Emoticons) - C:\Users\Silja\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgpffljkgjmijjdmjbdppndoojdgboe [2015-07-16]
CHR Extension: (Ebates Cash Back) - C:\Users\Silja\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2014-10-27]
CHR Extension: (Google Search) - C:\Users\Silja\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Silja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-08-14]
CHR Extension: (Timer) - C:\Users\Silja\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2015-01-01]
CHR Extension: (Stopwatch) - C:\Users\Silja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh [2014-12-27]
CHR Extension: (SwagButton) - C:\Users\Silja\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2014-10-27]
CHR Extension: (Disconnect) - C:\Users\Silja\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-10-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Silja\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-30]
CHR Extension: (Timer Loop) - C:\Users\Silja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdkfiefeoimmobmhdimachkfcpkgahlc [2014-10-27]
CHR Extension: (Wheat Fields) - C:\Users\Silja\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjepipjofjcailogejndlhkniffgniha [2014-12-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Silja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-27]
CHR Extension: (Unblock Youku) - C:\Users\Silja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-10-27]
CHR Extension: (facemoji - Stickers and emoji for Facebook) - C:\Users\Silja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmmeolboeidmfiiingaoifjhjdkgmlgj [2015-07-16]
CHR HKLM\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-11]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-11]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 360rp; C:\Program Files (x86)\360\360sd\360rps.exe [321096 2014-11-17] (360.cn)
S3 80a55dca77d3b1b595dfcabe8955b2c8; C:\Users\Silja\AppData\LocalLow\9179581ded823e34c745f1776ffff458\1325f0b1d24a4fda6ae2a6878996d38d.exe [640448 2014-02-13] ()
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-12-17] (Adobe Systems) [File not signed]
S3 BaiduYunUtility; C:\Users\Silja\AppData\Roaming\baidu\BaiduYunGuanjia\YunUtilityService.exe [86984 2014-11-10] ()
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-06-01] ()
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165488 2012-12-19] (Intel Corporation)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-12] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 SFmmlq; C:\Program Files (x86)\BaiduSd2.1\BaiduSd\2.1.0.3086\hcsnui.dll [93008 2014-12-11] ()
S3 Weibo; C:\windows\SysWOW64\Weibo.exe [2169032 2014-11-06] (北京微梦创科网络技术有限公司)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174024 2015-05-04] (ShenZhen Xunlei Networking Technologies,LTD)
R2 ZhuDongFangYu; C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe [236144 2015-06-01] (360.cn)
S3 Smmlq; C:\Program Files (x86)\BaiduSd2.1\BaiduSd\2.1.0.3086\vepcvb.dll [X]
S3 Wmmlf; C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\jljauk.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137296 2015-07-11] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77896 2014-04-23] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-06-26] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2014-04-19] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [363600 2015-08-15] (360.cn)
S4 360Hvm; C:\Windows\System32\Drivers\360Hvm64.sys [185936 2015-08-15] (360安全中心)
R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [72776 2014-12-24] (360.cn)
R1 360reskit64; C:\windows\system32\drivers\360reskit64.sys [65104 2015-05-22] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [187976 2015-04-13] (360.cn)
R1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [52040 2014-12-11] (Baidu)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140110.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-30] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R0 DsArk; C:\Windows\System32\drivers\DsArk64.sys [136272 2015-08-03] (360.cn)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-05-13] (Symantec Corporation)
S3 EMVSCARD; C:\Windows\System32\Drivers\EMVSCARD.sys [28544 2006-12-14] (USB Smart Card Reader)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-05-13] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-12] (Intel Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20150512.001\IDSvia64.sys [671448 2015-05-12] (Symantec Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-04-04] (Qualcomm Atheros Co., Ltd.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140115.032\ENG64.SYS [126040 2014-01-15] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140115.032\EX64.SYS [2099288 2014-01-15] (Symantec Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1480776 2013-02-09] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32496 2013-02-07] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-12-18] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-09] (VMware, Inc.)
S1 bd0001; system32\DRIVERS\bd0001.sys [X]
S1 bd0002; system32\DRIVERS\bd0002.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 05:14 - 2015-08-17 05:15 - 00033340 _____ C:\Users\Silja\Desktop\FRST.txt
2015-08-17 05:13 - 2015-08-17 05:14 - 00000000 ____D C:\FRST
2015-08-17 05:10 - 2015-08-16 17:10 - 02173952 _____ (Farbar) C:\Users\Silja\Desktop\FRST64.exe
2015-08-16 22:19 - 2015-08-16 22:19 - 00000000 ____D C:\Users\Silja\Desktop\Wise Memory Optimizer
2015-08-16 22:19 - 2015-08-16 22:19 - 00000000 ____D C:\Users\Silja\AppData\Roaming\Wise Care 365
2015-08-16 22:19 - 2015-04-30 16:32 - 01442624 _____ (WiseCleaner.com) C:\Users\Silja\Desktop\WiseMemoryOptimzer.exe
2015-08-16 01:25 - 2015-08-16 02:12 - 370705415 _____ C:\Users\Silja\Desktop\天皇的御厨 08【新酱】 (1).mp4
2015-08-15 22:33 - 2015-08-15 22:33 - 00000000 ____D C:\Users\Silja\AppData\Roaming\InstallShield
2015-08-15 10:09 - 2015-08-15 11:37 - 525966117 _____ C:\Users\Silja\Desktop\天皇的御厨 07【新酱】.mp4
2015-08-15 08:35 - 2015-08-15 09:52 - 449069950 _____ C:\Users\Silja\Desktop\天皇的御厨 06【新酱】.mp4
2015-08-15 05:36 - 2015-08-15 06:17 - 305232345 _____ C:\Users\Silja\天皇的御厨 06【新酱】.mp4
2015-08-14 23:17 - 2015-08-15 00:08 - 498508532 _____ C:\Users\Silja\Desktop\天皇的御厨 04【新酱】.mp4
2015-08-14 23:02 - 2015-08-15 01:35 - 00421248 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-14 20:50 - 2015-08-14 20:50 - 00110496 _____ C:\Users\Silja\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-14 10:16 - 2015-08-14 10:16 - 00000000 ____D C:\Users\Silja\AppData\Roaming\AVG
2015-08-14 10:15 - 2015-08-14 10:15 - 00000000 ____D C:\Users\Silja\AppData\Local\Avg
2015-08-14 10:13 - 2015-08-14 10:18 - 00000000 ____D C:\ProgramData\AVG
2015-08-14 09:49 - 2015-08-14 09:49 - 00000000 ____D C:\Users\Silja\Documents\Freemake
2015-08-14 09:37 - 2015-08-14 09:49 - 00000000 ____D C:\Program Files (x86)\Freemake
2015-08-14 09:37 - 2015-08-14 09:38 - 00000000 ____D C:\Users\Silja\AppData\Roaming\RPEng
2015-08-13 20:07 - 2015-08-13 20:07 - 00000000 ____D C:\Users\Silja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-01 05:17 - 2015-08-17 04:40 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2015-07-21 16:24 - 2015-07-21 20:16 - 00000000 ____D C:\Program Files (x86)\NHIICC
2015-07-21 16:08 - 2015-07-21 16:08 - 00000000 _____ C:\windows\setuperr.log
2015-07-21 09:08 - 2015-07-21 09:08 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2015-07-20 14:56 - 2015-07-20 17:06 - 00000000 ____D C:\Users\Silja\Desktop\Introduction to Public Speaking
2015-07-20 12:54 - 2015-07-20 14:32 - 00000000 ____D C:\Users\Silja\Desktop\Humanity and Nature in Chinese Thought
2015-07-19 10:30 - 2015-07-19 10:30 - 00000866 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-959445010-2885263195-2765435330-1000Core1d0c1cad935b21f.job
2015-07-19 10:26 - 2015-07-19 10:26 - 00000000 ____D C:\Program Files\Common Files\AV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 05:11 - 2013-12-18 06:43 - 00000000 ____D C:\Users\Silja\AppData\Local\CrashDumps
2015-08-17 04:45 - 2009-07-14 12:45 - 00028592 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-17 04:45 - 2009-07-14 12:45 - 00028592 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-17 04:44 - 2014-09-29 01:45 - 00000000 __SHD C:\360Rec
2015-08-17 04:44 - 2014-05-15 08:19 - 00000000 ____D C:\windows\System32\Tasks\Norton Internet Security
2015-08-17 04:44 - 2013-12-17 11:41 - 01263704 _____ C:\windows\WindowsUpdate.log
2015-08-17 04:37 - 2013-12-18 02:05 - 00000000 ___RD C:\Users\Silja\Dropbox
2015-08-17 04:37 - 2013-12-17 16:53 - 00000000 ____D C:\Users\Silja\AppData\Roaming\Dropbox
2015-08-17 04:35 - 2014-12-12 08:35 - 00071383 _____ C:\windows\setupact.log
2015-08-17 04:35 - 2014-04-25 06:05 - 00000000 ____D C:\ProgramData\VMware
2015-08-17 04:35 - 2009-07-14 13:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-17 04:12 - 2014-12-12 09:52 - 01043020 _____ C:\windows\PFRO.log
2015-08-16 22:41 - 2013-12-17 16:33 - 00000000 ____D C:\Users\Silja\AppData\Roaming\360Safe
2015-08-16 22:15 - 2014-02-01 03:17 - 00000000 __SHD C:\$360Section
2015-08-16 22:15 - 2014-01-15 07:41 - 00000000 __SHD C:\Users\Silja\AppData\Roaming\360Quarant
2015-08-16 22:01 - 2015-02-13 14:24 - 00000000 ____D C:\Users\Silja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÂìÒÏ°²È«ä¯ÀÀÆ÷
2015-08-16 21:59 - 2014-12-12 08:15 - 00000000 ____D C:\Users\Silja\AppData\Roaming\baidu
2015-08-16 21:59 - 2014-12-11 21:53 - 00000000 ____D C:\ProgramData\Baidu
2015-08-16 09:50 - 2013-12-17 16:35 - 00000000 _RSHD C:\360SANDBOX
2015-08-16 07:30 - 2013-12-17 16:42 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2015-08-15 21:47 - 2015-07-01 14:55 - 00000000 ____D C:\Users\Silja\Desktop\Science & Cooking
2015-08-15 08:41 - 2013-12-17 14:03 - 00000000 ____D C:\Users\Silja
2015-08-15 08:37 - 2014-04-23 00:26 - 00185936 _____ (360安全中心) C:\windows\system32\Drivers\360Hvm64.sys
2015-08-15 08:37 - 2013-12-17 16:35 - 00363600 _____ (360.cn) C:\windows\system32\Drivers\360fsflt.sys
2015-08-14 23:42 - 2015-07-13 22:48 - 00000000 ____D C:\Users\Silja\Desktop\America's Test Kitchen.Season 14
2015-08-14 23:14 - 2013-12-17 15:09 - 00001034 _____ C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2015-08-14 23:14 - 2013-12-17 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2015-08-14 23:04 - 2009-07-14 13:08 - 00032552 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-08-14 10:49 - 2013-12-18 01:43 - 00000000 ____D C:\windows\Tasks\360Disabled
2015-08-14 10:43 - 2014-01-19 04:32 - 00000000 ____D C:\Users\Silja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wjplay
2015-08-14 10:42 - 2015-02-25 14:02 - 00000396 __RSH C:\ProgramData\ntuser.pol
2015-08-14 05:59 - 2009-07-14 13:13 - 00786086 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-14 00:38 - 2013-06-06 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2015-08-14 00:38 - 2013-06-06 14:01 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2015-08-13 21:39 - 2015-02-21 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 21:37 - 2015-02-21 20:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 21:37 - 2015-02-21 20:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 21:19 - 2013-06-06 14:01 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-13 21:19 - 2013-06-06 14:01 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 22:08 - 2014-01-09 05:39 - 00457728 ___SH C:\Users\Silja\Thumbs.db
2015-08-08 22:18 - 2013-12-27 14:52 - 00000000 ____D C:\Users\Silja\AppData\Roaming\Skype
2015-08-05 21:13 - 2014-12-12 13:48 - 00000000 ____D C:\SHDownload
2015-08-05 21:11 - 2014-10-01 15:10 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-04 21:19 - 2013-12-18 12:49 - 00000954 _____ C:\Users\Silja\AppData\Roaming\coreavc.ini
2015-08-03 23:45 - 2014-12-11 22:26 - 00136272 _____ (360.cn) C:\windows\system32\Drivers\DsArk64.sys
2015-08-03 23:17 - 2015-07-04 21:11 - 00000000 ____D C:\Users\Silja\Desktop\Psychology of Popularity
2015-08-02 07:26 - 2013-06-06 14:02 - 00000000 ____D C:\ProgramData\Norton
2015-08-02 07:24 - 2015-07-02 16:07 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-07-22 22:25 - 2013-12-18 14:03 - 00000000 ____D C:\Users\Silja\Desktop\recipe
2015-07-21 16:21 - 2014-04-13 06:11 - 00000000 ____D C:\Users\Public\Thunder Network
2015-07-21 10:25 - 2014-08-27 11:16 - 00000000 ____D C:\Users\Silja\AppData\Roaming\Expert
2015-07-21 10:25 - 2014-04-13 06:10 - 00000000 ____D C:\Program Files (x86)\Thunder Network
2015-07-21 10:25 - 2013-12-17 15:37 - 00000000 ____D C:\Users\Silja\AppData\Roaming\Tencent
2015-07-20 14:29 - 2013-12-18 12:34 - 00000000 ____D C:\Users\Silja\Desktop\2074922634

==================== Files in the root of some directories =======

2013-12-18 12:49 - 2015-08-04 21:19 - 0000954 _____ () C:\Users\Silja\AppData\Roaming\coreavc.ini
2014-10-22 17:33 - 2014-10-23 18:59 - 0004608 _____ () C:\Users\Silja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-11 20:06 - 2014-12-11 21:33 - 0000600 _____ () C:\Users\Silja\AppData\Local\PUTTY.RND
2014-12-11 19:59 - 2014-12-11 19:59 - 0017542 _____ () C:\ProgramData\245914.ico
2014-12-11 19:59 - 2014-12-11 19:59 - 0001957 _____ () C:\ProgramData\Imternot ExqIoror.lnk

Files to move or delete:
====================
C:\Users\Silja\D4s.exe
C:\Users\Silja\dtwpc.dat
C:\Users\Silja\Kawai2003.exe
C:\Users\Silja\TPO1-34模考软件V4_3.exe


Some files in TEMP:
====================
C:\Users\Silja\AppData\Local\Temp\dr.dll
C:\Users\Silja\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppv5nqs.dll
C:\Users\Silja\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Silja\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Silja\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\Silja\AppData\Local\Temp\i4jdel0.exe
C:\Users\Silja\AppData\Local\Temp\KMP_3.9.1.138.exe
C:\Users\Silja\AppData\Local\Temp\QQPCDetector.dll
C:\Users\Silja\AppData\Local\Temp\qqsafeud.exe
C:\Users\Silja\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Silja\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Silja\AppData\Local\Temp\setup_JiJiYingYin.exe
C:\Users\Silja\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Silja\AppData\Local\Temp\~GFDC49.tmp.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-06 12:13

==================== End of log ============================


    Advertisements

Register to Remove

#2 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 06 September 2015 - 07:45 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)


Hello there, Gered

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

Sorry for the late response. Do you still require assistance?

---------------------------------------------------------------------------------------------------
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#3 Conspire

Conspire

    SuperHelper

  • Retired Classroom Teacher
  • 5,806 posts

Posted 10 September 2015 - 06:30 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.htmland start a new topic


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·