Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:9-08-2014 Ran by Hockyan (administrator) on HOCKYAN-PC on 08-08-2014 09:54:28 Running from C:\Users\Hockyan\Downloads\Programs Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe () C:\Program Files\Garena Plus\ggdllhost.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Policies\Explorer: [NoAutorun] 1 HKU\S-1-5-21-3753791552-3052234-1925086197-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3753791552-3052234-1925086197-1001\...\MountPoints2: {89dc0bd6-1f12-11e2-a878-6cf049b34a9d} - E:\setup.exe SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.) ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: FunOverlay -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => C:\Users\Public\Fundata\Mindj.dll (Funshion) ShellIconOverlayIdentifiers: GiraffeOverlay -> {E1D78D6A-8183-8F10-108D-8850224DC790} => C:\Users\Hockyan\AppData\Local\Giraffe\Giraffe.dll (Funshion) ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll (Tonec Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/?rd=1&ucc=MY&dcc=MY&opt=0&ocid=iehp&tc=35 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8F8AA11D87B3CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=128&systemid=488&v=a12834-393&apn_uid=1244069397394425&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=128&systemid=488&v=a12834-393&apn_uid=1244069397394425&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms} BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) BHO: ѸÀ×FLVÊÓƵÐá̽¼°ÏÂÔØÖ§³Ö -> {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} -> C:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll (ShenZhen Xunlei Networking Technologies,LTD) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: ѸÀ×ÏÂÔØÖ§³Ö -> {889D2FEB-5411-4565-8998-1DD2C5261283} -> C:\Program Files\Thunder Network\MiniThunder\BHO\XunleiBHO7.2.2.3190.dll (Xunlei Tech Network) BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: ѸÀ×ÏÂÔØÖúÊÖ -> {B0E2F470-0B07-48f0-B3B1-5749505FAE9B} -> C:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll (ShenZhen Xunlei Networking Technologies,LTD) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab Winsock: Catalog9 01 C:\Users\Public\FunAcce\FunAcce.dll [186192] (Funshion Online Technologies Ltd.) Winsock: Catalog9 02 C:\Users\Public\FunAcce\FunAcce.dll [186192] (Funshion Online Technologies Ltd.) Winsock: Catalog9 03 C:\Users\Public\FunAcce\FunAcce.dll [186192] (Funshion Online Technologies Ltd.) Winsock: Catalog9 30 C:\Users\Public\FunAcce\FunAcce.dll [186192] (Funshion Online Technologies Ltd.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Hockyan\AppData\Roaming\Mozilla\Firefox\Profiles\4a3aftgu.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: DownloadHelper - C:\Users\Hockyan\AppData\Roaming\Mozilla\Firefox\Profiles\4a3aftgu.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-26] FF Extension: Flash and Video Download - C:\Users\Hockyan\AppData\Roaming\Mozilla\Firefox\Profiles\4a3aftgu.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-04-26] FF Extension: Exif Viewer - C:\Users\Hockyan\AppData\Roaming\Mozilla\Firefox\Profiles\4a3aftgu.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2013-08-08] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-09] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-09] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-03-09] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-08-30] FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hockyan\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\Hockyan\AppData\Roaming\IDM\idmmzcc5 [2013-12-24] FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hockyan\AppData\Roaming\IDM\idmmzcc5 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Hockyan\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Garena Talk Plugin) - C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 7 U45) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (sharetingplugin) - C:\Users\Hockyan\AppData\Roaming\XMusicUpdate\npsharetingplugin.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll No File CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hockyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23] CHR Extension: (BookmarkTube) - C:\Users\Hockyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhciagadnjpldpjpaclfflngclblbiff [2013-12-24] CHR Extension: (IDM Integration Module) - C:\Users\Hockyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-06-29] CHR Extension: (Google Wallet) - C:\Users\Hockyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01] CHR Extension: (BookmarkTube) - C:\Users\Hockyan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhciagadnjpldpjpaclfflngclblbiff\0.9 [2013-12-24] CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2013-12-15] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed] S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed] S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed] S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [139680 2012-07-09] (Microsoft Corporation) [File not signed] R2 XLDoctor Service; C:\Program Files\Thunder Network\Thunder\Program\DctSer.dll [83120 2011-05-27] (ShenZhen Xunlei Networking Technologies,LTD) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2013-05-09] () R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2013-08-31] (AVAST Software) R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2013-08-31] (AVAST Software) R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2013-08-31] () R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-07-29] () [File not signed] S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-07-29] () [File not signed] S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-10-11] (ManyCam LLC) S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [25088 2012-10-11] (ManyCam LLC) S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10246400 2007-11-19] (Sonix Co. Ltd.) S3 tcphoc; C:\Program Files\Thunder Network\Thunder\XLDoctor\7.1.7.2244_1\Program\tcphoc.sys [8488 2011-03-23] () R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [5120 2012-12-19] () S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed] S1 bd0001; system32\DRIVERS\bd0001.sys [X] S1 bd0002; system32\DRIVERS\bd0002.sys [X] S1 bd0004; system32\DRIVERS\bd0004.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-08 09:09 - 2014-08-08 09:54 - 00000000 ____D () C:\FRST 2014-08-08 08:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-08-08 08:45 - 2014-08-08 08:54 - 00000000 ____D () C:\AdwCleaner 2014-08-08 08:45 - 2014-08-08 08:45 - 00000098 _____ () C:\Users\Hockyan\Desktop\Browser hijack by hao123.com [Solved] - Virus, Spyware, Malware Removal.url 2014-08-08 08:19 - 2014-08-08 08:19 - 00001116 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-08-08 08:19 - 2014-08-08 08:19 - 00001104 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-08-08 08:19 - 2014-08-08 08:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-08-08 07:46 - 2014-08-08 09:54 - 00000047 _____ () C:\Users\Hockyan\FunShion.ini 2014-08-07 20:23 - 2014-08-07 20:23 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-07 20:23 - 2014-08-07 20:23 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-07 20:23 - 2014-08-07 20:23 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-04 20:06 - 2014-08-05 21:52 - 00000000 ____D () C:\Users\Hockyan\Desktop\FPY KJ_Syful 2014-08-01 21:04 - 2014-08-02 20:20 - 00000000 ____D () C:\Users\Hockyan\Desktop\jydosbox 2014-08-01 19:07 - 2014-08-01 19:14 - 00000000 ____D () C:\Users\Hockyan\Desktop\weiwei hp file 2014-07-27 22:54 - 2014-08-07 20:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-07-27 22:54 - 2014-08-07 20:23 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-07-27 10:45 - 2014-07-27 10:45 - 00131072 _____ () C:\Windows\Minidump\072714-8268-01.dmp 2014-07-19 14:48 - 2014-07-19 15:01 - 00000000 ____D () C:\Users\Hockyan\AppData\Roaming\Wise Registry Cleaner 2014-07-19 14:48 - 2014-07-19 14:48 - 00001184 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk 2014-07-19 14:48 - 2014-07-19 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2014-07-19 14:48 - 2014-07-19 14:48 - 00000000 ____D () C:\Program Files\Wise 2014-07-14 21:49 - 2014-08-08 04:34 - 00000000 ____D () C:\Users\Hockyan\AppData\Local\Giraffe 2014-07-12 08:54 - 2014-07-12 09:50 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-08 09:54 - 2014-08-08 09:09 - 00000000 ____D () C:\FRST 2014-08-08 09:54 - 2014-08-08 07:46 - 00000047 _____ () C:\Users\Hockyan\FunShion.ini 2014-08-08 09:50 - 2014-07-04 10:53 - 00000000 ____D () C:\Users\Public\FunAcce 2014-08-08 09:48 - 2012-10-16 20:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-08 09:43 - 2010-11-21 05:01 - 00793614 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-08 09:30 - 2012-09-02 21:08 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-08 09:11 - 2014-06-25 19:17 - 00000000 ____D () C:\Users\Public\Fundata 2014-08-08 09:04 - 2012-09-02 21:08 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-08 09:02 - 2009-07-14 12:34 - 00021584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-08 09:02 - 2009-07-14 12:34 - 00021584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-08 08:58 - 2012-09-02 20:55 - 01806042 _____ () C:\Windows\WindowsUpdate.log 2014-08-08 08:55 - 2012-11-11 22:16 - 00000220 _____ () C:\Windows\Tasks\AutoKMS.job 2014-08-08 08:55 - 2010-11-21 05:48 - 00204642 _____ () C:\Windows\PFRO.log 2014-08-08 08:55 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-08 08:55 - 2009-07-14 12:39 - 00054455 _____ () C:\Windows\setupact.log 2014-08-08 08:54 - 2014-08-08 08:45 - 00000000 ____D () C:\AdwCleaner 2014-08-08 08:45 - 2014-08-08 08:45 - 00000098 _____ () C:\Users\Hockyan\Desktop\Browser hijack by hao123.com [Solved] - Virus, Spyware, Malware Removal.url 2014-08-08 08:33 - 2013-12-24 09:08 - 00000000 ____D () C:\Users\Hockyan\AppData\Roaming\DMCache 2014-08-08 08:24 - 2013-08-08 19:35 - 00000000 ____D () C:\Users\Hockyan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\虾米网 2014-08-08 08:19 - 2014-08-08 08:19 - 00001116 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-08-08 08:19 - 2014-08-08 08:19 - 00001104 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-08-08 08:19 - 2014-08-08 08:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-08-08 08:19 - 2014-03-09 15:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-08-08 08:14 - 2009-07-14 10:03 - 56098816 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-08-08 08:14 - 2009-07-14 10:03 - 02359296 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-08-08 08:14 - 2009-07-14 10:03 - 00028672 _____ () C:\Windows\system32\config\SECURITY.bak 2014-08-08 08:14 - 2009-07-14 10:03 - 00028672 _____ () C:\Windows\system32\config\SAM.bak 2014-08-08 08:13 - 2013-12-24 09:08 - 00000000 ___HD () C:\Users\Hockyan\Downloads\Video 2014-08-08 07:52 - 2013-09-14 14:19 - 00000000 ____D () C:\Program Files\Winamp 2014-08-08 07:46 - 2012-09-02 20:54 - 00000000 ____D () C:\Users\Hockyan 2014-08-08 07:45 - 2012-11-11 22:16 - 00000000 ____D () C:\Windows\AutoKMS 2014-08-08 07:43 - 2013-01-29 22:23 - 00000000 ____D () C:\Users\Hockyan\AppData\Local\TTPlayer 2014-08-08 07:25 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public 2014-08-08 06:57 - 2012-09-22 13:23 - 00000000 ____D () C:\Users\Hockyan\AppData\Roaming\GarenaPlus 2014-08-08 06:57 - 2012-09-22 13:22 - 00000000 ____D () C:\ProgramData\GarenaMessenger 2014-08-08 04:34 - 2014-07-14 21:49 - 00000000 ____D () C:\Users\Hockyan\AppData\Local\Giraffe 2014-08-07 20:23 - 2014-08-07 20:23 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-08-07 20:23 - 2014-08-07 20:23 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-08-07 20:23 - 2014-08-07 20:23 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-08-07 20:23 - 2014-07-27 22:54 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-08-07 20:23 - 2014-07-27 22:54 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-08-07 20:23 - 2013-11-10 16:03 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-07 20:23 - 2012-09-03 22:39 - 00000000 ____D () C:\Program Files\Java 2014-08-07 20:22 - 2013-03-02 01:48 - 00000000 ____D () C:\Users\Hockyan\Documents\Outlook Files 2014-08-07 19:59 - 2012-11-11 22:16 - 00000218 _____ () C:\Windows\Tasks\AutoKMSDaily.job 2014-08-05 21:52 - 2014-08-04 20:06 - 00000000 ____D () C:\Users\Hockyan\Desktop\FPY KJ_Syful 2014-08-04 23:23 - 2013-12-24 23:06 - 00000000 ____D () C:\Users\Hockyan\AppData\Roaming\IDM 2014-08-03 10:49 - 2012-09-03 22:39 - 00000000 ____D () C:\Users\Hockyan\AppData\Local\Paint.NET 2014-08-02 21:49 - 2012-09-22 13:22 - 00000000 ____D () C:\Program Files\Garena Plus 2014-08-02 20:20 - 2014-08-01 21:04 - 00000000 ____D () C:\Users\Hockyan\Desktop\jydosbox 2014-08-01 21:08 - 2012-12-16 09:09 - 00000000 ____D () C:\Users\Hockyan\Documents\Visual Studio 2012 2014-08-01 19:14 - 2014-08-01 19:07 - 00000000 ____D () C:\Users\Hockyan\Desktop\weiwei hp file 2014-07-27 10:52 - 2014-02-22 17:47 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-07-27 10:50 - 2013-04-13 11:15 - 00000000 ____D () C:\ProgramData\Apple 2014-07-27 10:49 - 2013-12-23 11:24 - 00000000 ____D () C:\Program Files\Nokia 2014-07-27 10:48 - 2013-12-23 11:24 - 00023052 _____ () C:\Windows\DPINST.LOG 2014-07-27 10:46 - 2012-11-02 07:18 - 00000000 ____D () C:\Windows\Minidump 2014-07-27 10:45 - 2014-07-27 10:45 - 00131072 _____ () C:\Windows\Minidump\072714-8268-01.dmp 2014-07-27 10:45 - 2012-11-02 07:18 - 297286501 _____ () C:\Windows\MEMORY.DMP 2014-07-20 09:17 - 2013-11-02 16:20 - 00000000 ____D () C:\Windows\pss 2014-07-19 15:01 - 2014-07-19 14:48 - 00000000 ____D () C:\Users\Hockyan\AppData\Roaming\Wise Registry Cleaner 2014-07-19 14:48 - 2014-07-19 14:48 - 00001184 _____ () C:\Users\Public\Desktop\Wise Registry Cleaner.lnk 2014-07-19 14:48 - 2014-07-19 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner 2014-07-19 14:48 - 2014-07-19 14:48 - 00000000 ____D () C:\Program Files\Wise 2014-07-12 22:44 - 2014-06-29 14:20 - 00000000 ____D () C:\Users\Hockyan\AppData\Roaming\uTorrent 2014-07-12 18:30 - 2014-06-29 16:46 - 00000000 ____D () C:\Users\Hockyan\Downloads\StarCraft_2_HOTS 2014-07-12 17:51 - 2014-06-29 20:31 - 00000000 ____D () C:\Users\Hockyan\Exercise guide 2014-07-12 09:50 - 2014-07-12 08:54 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe 2014-07-12 09:50 - 2012-09-03 19:48 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-07-12 09:50 - 2012-09-03 19:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\Hockyan\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-29 19:41 ==================== End Of Log ============================