Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Gmail a/c spoofed after first use new VPN, Instability [Solved]

Started by daba , Feb 23 2014 09:01 AM

  • This topic is locked This topic is locked

#1
daba
Posted 23 February 2014 - 09:01 AM

daba

    Member

  • Member
  • PipPipPip
  • 367 posts
Hello Everyone, haven't needed your help in a couple of years but do now. Here's the deal: I recently installed Astrill VPN (I live in China and wanted youtube access). I used the VPN to access my VPN a/c and then went out for a couple of hours. On my return I had an inbox full of confused/irate depending on whether my contact had understood that, no I hadn't sent them some spurious document that asked for their personal a/c details. Anyway, I flagged the offending items to Gmail/Google and spoke to my VPN provider who said they'd pass it up the line. Then someone else said it's probably a virus. All my regular scans: Malwarebytes, Spybot, Superantispyware, showed clean results. At about the same time, my Firefox started to - and still is - behaving erratically: freezing up etc. So to be on the safe side I fully uninstalled Avira and installed Avast. But the jitteriness still remains. Any help would be much appreciated. Thank you. (Friends use this VPN provider with no issues).

OTL logfile created on: 2/23/2014 10:44:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 40.96% Memory free
3.75 Gb Paging File | 1.73 Gb Available in Paging File | 46.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 65.71 Gb Free Space | 67.29% Space Free | Partition Type: NTFS
Drive D: | 68.36 Gb Total Space | 46.81 Gb Free Space | 68.48% Space Free | Partition Type: NTFS
Drive E: | 66.86 Gb Total Space | 23.17 Gb Free Space | 34.66% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 572.63 Gb Free Space | 61.47% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/23 22:34:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Downloads\OTL.exe
PRC - [2014/02/21 18:48:07 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
PRC - [2014/02/21 15:28:38 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/21 15:28:38 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/02/15 11:50:29 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/02/07 22:17:20 | 005,122,080 | ---- | M] (Astrill) -- C:\Program Files\Astrill\astrill.exe
PRC - [2014/01/27 13:20:36 | 000,540,032 | ---- | M] (Alipay Inc. ) -- C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe
PRC - [2014/01/16 15:55:18 | 000,258,936 | ---- | M] () -- C:\Users\David\AppData\Roaming\Wandoujia2\Applications\2.70.0.5498\wandoujia_helper.exe
PRC - [2014/01/15 14:38:36 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2014/01/09 14:14:48 | 003,529,504 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe
PRC - [2014/01/02 23:09:48 | 001,616,336 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
PRC - [2014/01/02 23:09:48 | 000,921,040 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
PRC - [2013/12/27 06:20:14 | 001,983,520 | ---- | M] (Astrill) -- C:\Program Files\Astrill\ASProxy.exe
PRC - [2013/12/24 11:04:46 | 001,051,520 | ---- | M] (Alipay Inc. ) -- C:\Program Files\alipay\SafeTransaction\Alipaybsm.exe
PRC - [2013/12/18 02:03:44 | 000,894,280 | ---- | M] (阿里巴巴(中国)有限公司) -- C:\Program Files\alipay\SafeTransaction\TaobaoProtect.exe
PRC - [2013/12/13 17:31:56 | 000,422,536 | ---- | M] () -- C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
PRC - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
PRC - [2013/12/03 16:10:24 | 000,775,968 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
PRC - [2013/11/11 17:19:48 | 000,341,824 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/08/02 08:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/03/12 15:38:54 | 001,425,952 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\Tray\FightersTray.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/07/24 19:26:54 | 000,040,960 | ---- | M] () -- C:\Users\David\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
PRC - [2012/04/21 15:11:09 | 000,077,064 | ---- | M] () -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2011/08/12 07:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/21 18:48:06 | 016,265,096 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_12_0_0_70.dll
MOD - [2014/02/21 15:28:40 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/02/15 11:50:27 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/16 15:55:18 | 000,258,936 | ---- | M] () -- C:\Users\David\AppData\Roaming\Wandoujia2\Applications\2.70.0.5498\wandoujia_helper.exe
MOD - [2014/01/16 15:55:16 | 001,058,680 | ---- | M] () -- C:\Users\David\AppData\Roaming\Wandoujia2\Applications\2.70.0.5498\adb_dev.dll
MOD - [2014/01/16 15:55:14 | 000,161,656 | ---- | M] () -- C:\Users\David\AppData\Roaming\Wandoujia2\Applications\2.70.0.5498\wandoujia_shlext_dll.dll
MOD - [2014/01/16 15:54:44 | 034,665,336 | ---- | M] () -- C:\Users\David\AppData\Roaming\Wandoujia2\Applications\2.70.0.5498\core.dll
MOD - [2014/01/02 23:09:48 | 000,921,040 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 7\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 7\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 7\madbasic_.bpl
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 7\webres.dll
MOD - [2012/09/05 18:55:36 | 000,892,288 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 3\webres.dll
MOD - [2012/07/24 19:26:54 | 000,040,960 | ---- | M] () -- C:\Users\David\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
MOD - [2012/07/24 19:26:54 | 000,034,304 | ---- | M] () -- C:\Users\David\AppData\Local\Programs\TouchFreeze\TouchFreeze.dll
MOD - [2012/07/15 12:27:53 | 002,216,480 | ---- | M] () -- C:\Windows\wweb32.dll
MOD - [2012/07/15 12:25:03 | 000,581,480 | ---- | M] () -- C:\Program Files\WordWeb\wwextdb.dll
MOD - [2012/07/15 12:25:02 | 000,022,800 | ---- | M] () -- C:\Program Files\WordWeb\WUCNT.dll
MOD - [2012/04/21 15:11:09 | 000,077,064 | ---- | M] () -- C:\Program Files\WordWeb\wweb32.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2014/02/21 18:48:07 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/21 15:28:38 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/02/15 11:50:28 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/14 21:48:15 | 002,151,744 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/01/27 13:20:36 | 000,540,032 | ---- | M] (Alipay Inc. ) [Auto | Running] -- C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe -- (AlipaySecSvc)
SRV - [2014/01/19 20:15:44 | 000,434,024 | ---- | M] (Astrill) [On_Demand | Stopped] -- C:\Program Files\Astrill\ASOvpnSvc.exe -- (ASOVPNHelper)
SRV - [2013/12/27 06:20:14 | 001,983,520 | ---- | M] (Astrill) [On_Demand | Running] -- C:\Program Files\Astrill\ASProxy.exe -- (ASProxy)
SRV - [2013/12/13 17:31:56 | 000,422,536 | ---- | M] () [Auto | Running] -- C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe -- (ICBC Daemon Service)
SRV - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013/11/11 17:19:48 | 000,341,824 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 12:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/12 07:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2014/02/21 15:28:44 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/02/21 15:28:44 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/02/21 15:28:44 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/02/21 15:28:44 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014/02/21 15:28:44 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/02/21 15:28:44 | 000,064,168 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2014/02/21 15:28:44 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/12/24 10:40:32 | 000,018,624 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2013/11/19 16:10:38 | 000,032,288 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys -- (RegFilter)
DRV - [2013/11/19 16:10:38 | 000,020,944 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2013/03/23 15:49:20 | 000,021,480 | ---- | M] (IObit) [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2012/02/29 21:46:08 | 000,025,856 | ---- | M] (Astrill) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asvpndrv.sys -- (asvpndrv)
DRV - [2011/07/23 00:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 05:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/01 10:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/11/20 20:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 20:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 20:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/20 17:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/03 16:25:28 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas)
DRV - [2009/07/14 06:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/12/01 22:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...?client=aff-ime
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 35 25 F3 C5 07 CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{095EEDD2-9A61-4BA6-9891-94E310EA237C}: "URL" = http://startpage.com...uage=english_uk
IE - HKCU\..\SearchScopes\{0CA308D4-5FE7-4E88-837B-02527DC767D2}: "URL" = http://www.baidu.com...d={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Startpage HTTPS"
FF - prefs.js..browser.search.selectedEngine: "Startpage HTTPS"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.startpage.com"
FF - prefs.js..extensions.enabledAddons: wcapturex%40deskperience.com:5.0.4406
FF - prefs.js..extensions.enabledAddons: %7Bbbfec13e-8cb4-53f4-c852-999eb2a852cb%7D:0.2.3
FF - prefs.js..extensions.enabledAddons: addon%40astrill.com:1.6.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2013.75
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@alipay.com/npalidcp: C:\Windows\system32\aliedit\3.7.0.0\npalidcp.dll (Alipay.com co.,ltd)
FF - HKLM\Software\MozillaPlugins\@alipay.com/npaliedit: C:\Windows\system32\aliedit\3.7.0.0\npaliedit.dll (Alipay.com co.,ltd)
FF - HKLM\Software\MozillaPlugins\@alipay.com/npAliSecCtrl: C:\Windows\system32\aliedit\3.7.0.0\npAliSecCtrl.dll (Alipay.com Inc. )
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@icbc.com/npChromeClientBinding,ver=1.0.0.0: C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeClientBinding.dll (ICBC)
FF - HKLM\Software\MozillaPlugins\@icbc.com/npChromeFullScreen,ver=1.0.0.1: C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeFullScreen.dll (ICBC)
FF - HKLM\Software\MozillaPlugins\@icbc.com/npChromeSubmit,ver=1.0.0.1: C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeSubmit.dll (ICBC)
FF - HKLM\Software\MozillaPlugins\@icbc.com/npChromeXXin,ver=1.0.0.1: C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeXXin.dll ( )
FF - HKLM\Software\MozillaPlugins\@icbc/icbc_ms_npClCache,Version=1.0.0.2: C:\Program Files\ICBCEbankTools\FirefoxPlugins\npClCache.dll ()
FF - HKLM\Software\MozillaPlugins\@icbc/icbc_ms_npClientBinding,Version=1.0.0.2: C:\Program Files\ICBCEbankTools\FirefoxPlugins\npClientBinding.dll ( )
FF - HKLM\Software\MozillaPlugins\@icbc/icbc_ms_npFullScreen,Version=1.0.0.2: C:\Program Files\ICBCEbankTools\FirefoxPlugins\npFullScreen.dll ()
FF - HKLM\Software\MozillaPlugins\@icbc/icbc_ms_npsubmit,Version=1.0.0.7: C:\Program Files\ICBCEbankTools\FirefoxPlugins\npsubmit.dll ( )
FF - HKLM\Software\MozillaPlugins\@icbc/icbc_ms_npxxin,Version=1.0.0.8: C:\Program Files\ICBCEbankTools\FirefoxPlugins\npxxin.dll ( )
FF - HKLM\Software\MozillaPlugins\@icbc/npAssistComm,Version=1.0.0.1: C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\npAssistComm.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wandoujia.com: C:\Program Files\WandouLabs\npWandoujiaHelper.dll (wandoujia.com)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/21 15:28:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\WordWeb\WCaptureMoz [2014/01/03 18:21:00 | 000,000,000 | ---D | M]

[2014/01/31 15:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2014/01/03 16:42:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions\net.openvpn.client
[2014/01/31 15:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/02/22 17:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\extensions
[2014/02/14 13:39:40 | 000,000,000 | ---D | M] ("Astrill Proxy Switcher") -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\extensions\[email protected]
[2014/01/23 16:29:07 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\extensions\[email protected]
[2014/01/11 12:27:08 | 000,000,000 | ---D | M] (Popup Chinese Dictionary) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\extensions\[email protected]
[2014/02/10 11:01:53 | 000,000,000 | ---D | M] (ICBCClrCache) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\extensions\[email protected]
[2014/02/22 17:56:09 | 000,120,925 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi
[2014/01/03 20:55:08 | 002,317,406 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\extensions\{bbfec13e-8cb4-53f4-c852-999eb2a852cb}.xpi
[2014/01/03 16:26:49 | 000,003,936 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\searchplugins\baidu.xml
[2014/02/23 14:15:58 | 000,005,705 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\searchplugins\startpage-https.xml
[2014/02/15 11:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 11:50:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/21 15:28:50 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2014/01/03 18:21:00 | 000,000,000 | ---D | M] (WordWeb one-click lookup) -- C:\PROGRAM FILES\WORDWEB\WCAPTUREMOZ

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja\0.1.13_0\
CHR - Extension: No name found = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\
CHR - Extension: No name found = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde\3.7_0\
CHR - Extension: No name found = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde\3.8_0\
CHR - Extension: No name found = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lehjanbmddecbhgnnncapflmglinppcj\1.4_0\
CHR - Extension: No name found = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: No name found = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: No name found = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Í㶹¼Ô apk °²×°Æ÷) - {000DA090-57AA-424B-A8F0-621B7C08B8F4} - C:\Program Files\WandouLabs\wandoujia_bho.dll (Wandoulabs)
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ICBC Anti-Phishing class) - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll (中国工商银行)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [ICBCEBankAssist] C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\RunEBank.exe ()
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - HKCU..\Run: [TouchFreeze] C:\Users\David\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wandoujia_helper.lnk = C:\Users\David\AppData\Roaming\Wandoujia2\Applications\2.70.0.5498\wandoujia_helper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\ASProxy.dll (Astrill)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\ASProxy.dll (Astrill)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: taobao.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: cfca.com.cn ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: cfca.com.cn ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: icbc.com.cn ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E0B22CA-3CDF-4399-8F09-35325D02A04F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B69EE329-2CA7-4807-B85B-14C2398B23F2}: NameServer = 221.7.128.68 221.7.136.68
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/07/17 06:33:00 | 000,000,032 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/23 16:54:49 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\GXMU
[2014/02/23 10:07:31 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\TaobaoProtect
[2014/02/23 10:07:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\alipay
[2014/02/21 17:50:25 | 000,000,000 | ---D | C] -- C:\OETemp
[2014/02/21 15:32:28 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\AVAST Software
[2014/02/21 15:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/02/21 15:29:02 | 000,064,168 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2014/02/21 15:29:01 | 000,775,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/02/21 15:29:00 | 000,410,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/02/21 15:28:59 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/02/21 15:28:58 | 000,079,720 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2014/02/21 15:28:52 | 000,270,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/02/21 15:28:42 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/02/21 15:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/02/21 15:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/02/21 13:15:44 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Fighters
[2014/02/21 13:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
[2014/02/21 13:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2014/02/21 13:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
[2014/02/21 13:13:41 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\DesktopIconGoodgame
[2014/02/20 09:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/02/20 09:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/02/20 09:51:47 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2014/02/15 11:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/15 06:00:22 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/14 21:48:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\ProductData
[2014/02/14 21:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2014/02/14 13:32:25 | 000,353,824 | ---- | C] (Astrill) -- C:\Windows\System32\ASProxy.dll
[2014/02/14 13:32:20 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Astrill
[2014/02/14 13:30:17 | 000,025,856 | ---- | C] (Astrill) -- C:\Windows\System32\drivers\asvpndrv.sys
[2014/02/14 13:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astrill
[2014/02/14 13:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\Astrill
[2014/02/14 05:42:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/02/14 05:41:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/02/14 05:41:58 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/02/14 05:41:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/02/14 05:41:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/02/14 05:41:56 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/02/14 05:41:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/02/14 05:41:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/02/13 20:46:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/02/13 20:32:39 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2014/02/13 20:32:39 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014/02/13 20:32:24 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/02/13 20:32:24 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/02/13 20:32:24 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/02/13 20:32:24 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/02/13 20:32:24 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/02/13 20:32:24 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/02/13 20:32:24 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/02/13 20:32:24 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/02/13 20:32:23 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/02/11 12:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/02/11 12:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2014/02/11 10:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBoost
[2014/02/11 10:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueSprig
[2014/02/10 11:01:48 | 000,188,040 | ---- | C] (Industrial and Commercial Bank of China) -- C:\Windows\System32\IE_FULL_SCREEN.dll
[2014/02/10 11:01:46 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2014/02/10 11:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Industrial and Commercial Bank of China Internet Banking Client Software
[2014/02/10 11:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\ICBCEbankTools
[2014/02/10 11:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\icbc_data
[2014/02/09 21:25:19 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\vita_dark-2
[2014/02/08 19:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/02/08 19:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/02/04 19:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/02/04 19:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/02/04 19:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/02/04 19:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/02/03 20:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/01/31 15:05:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Flickr
[2014/01/31 15:05:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Flickr
[2014/01/30 16:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Flickr Uploadr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\David\*.tmp files -> C:\Users\David\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/23 20:42:58 | 000,666,176 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/23 20:42:58 | 000,387,790 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2014/02/23 20:42:58 | 000,125,820 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/23 20:42:58 | 000,123,268 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2014/02/23 14:54:31 | 000,004,092 | ---- | M] () -- C:\Windows\System32\ASProxy.ini
[2014/02/23 14:54:31 | 000,002,456 | ---- | M] () -- C:\Windows\System32\ASProxyOff.ini
[2014/02/23 10:13:53 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/23 10:13:53 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/23 10:07:20 | 000,001,078 | ---- | M] () -- C:\Users\David\AppData\Roaming\base64.cer
[2014/02/23 10:05:01 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job
[2014/02/23 10:04:50 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-David-Notification.job
[2014/02/23 10:04:50 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-David-Startup.job
[2014/02/23 10:03:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/23 10:03:18 | 1508,376,576 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/22 17:43:01 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\Astrill.lnk
[2014/02/22 08:29:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/21 18:48:07 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/02/21 18:48:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/02/21 16:34:11 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/21 15:30:44 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/02/21 15:28:44 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/02/21 15:28:44 | 000,410,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2014/02/21 15:28:44 | 000,180,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/02/21 15:28:44 | 000,079,720 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2014/02/21 15:28:44 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/02/21 15:28:44 | 000,064,168 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2014/02/21 15:28:44 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/02/21 15:28:42 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/02/21 15:28:42 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/02/21 13:13:42 | 000,001,466 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
[2014/02/20 14:29:06 | 000,000,979 | ---- | M] () -- C:\Users\David\Desktop\CCleaner.lnk
[2014/02/20 10:51:21 | 000,002,147 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
[2014/02/20 09:51:48 | 000,002,685 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/02/16 10:10:24 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/16 10:10:24 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/14 21:48:22 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\IObit Uninstaller.lnk
[2014/02/14 17:46:08 | 000,020,774 | ---- | M] () -- C:\Users\David\Documents\cc_20140214_174556.reg
[2014/02/11 15:37:55 | 000,453,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/02/11 12:30:44 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/02/11 10:36:27 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Quick Boost.lnk
[2014/02/11 10:36:27 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\JetBoost.lnk
[2014/02/10 11:00:13 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\ICBCEBankAssist.lnk
[2014/02/10 10:10:27 | 000,001,403 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/09 15:59:13 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/02/06 09:42:21 | 000,655,261 | ---- | M] () -- C:\Users\David\Documents\Silentwaragainsthumanity.pdf
[2014/02/05 16:56:17 | 001,806,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/02/05 16:49:56 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/02/05 16:49:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/02/05 16:48:56 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/02/05 16:48:40 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/02/05 16:47:57 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/02/05 16:47:16 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/02/05 16:46:50 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/02/04 19:23:51 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/31 15:04:57 | 000,001,923 | ---- | M] () -- C:\Users\David\Desktop\Flickr Uploadr.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\David\*.tmp files -> C:\Users\David\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/21 15:30:44 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/02/21 15:29:02 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/02/21 15:29:00 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/02/21 13:15:56 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter-David-Startup.job
[2014/02/21 13:15:44 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter-David-Notification.job
[2014/02/21 13:13:42 | 000,001,466 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
[2014/02/14 17:46:06 | 000,020,774 | ---- | C] () -- C:\Users\David\Documents\cc_20140214_174556.reg
[2014/02/14 13:43:04 | 000,004,092 | ---- | C] () -- C:\Windows\System32\ASProxy.ini
[2014/02/14 13:43:04 | 000,002,456 | ---- | C] () -- C:\Windows\System32\ASProxyOff.ini
[2014/02/14 13:30:17 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\Astrill.lnk
[2014/02/11 16:51:07 | 000,003,952 | ---- | C] () -- C:\Users\David\Desktop\Razor Face.mp3
[2014/02/11 12:30:44 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/02/11 10:36:27 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Quick Boost.lnk
[2014/02/11 10:36:27 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\JetBoost.lnk
[2014/02/10 11:01:51 | 000,114,312 | ---- | C] () -- C:\Windows\System32\EditControl.dll
[2014/02/10 11:01:51 | 000,073,352 | ---- | C] () -- C:\Windows\System32\UploadControl.dll
[2014/02/10 11:01:49 | 000,308,360 | ---- | C] () -- C:\Windows\System32\InputControl.dll
[2014/02/10 11:01:49 | 000,277,128 | ---- | C] () -- C:\Windows\System32\SubmitControl.dll
[2014/02/10 11:01:48 | 000,174,728 | ---- | C] () -- C:\Windows\System32\icbcclean.dll
[2014/02/10 11:00:13 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\ICBCEBankAssist.lnk
[2014/02/10 10:10:27 | 000,001,409 | ---- | C] () -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/02/10 10:10:27 | 000,001,403 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/06 09:42:21 | 000,655,261 | ---- | C] () -- C:\Users\David\Documents\Silentwaragainsthumanity.pdf
[2014/02/04 19:23:51 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/01/30 16:36:55 | 000,001,923 | ---- | C] () -- C:\Users\David\Desktop\Flickr Uploadr.lnk
[2014/01/30 16:36:54 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flickr Uploadr.lnk
[2014/01/10 10:43:23 | 000,387,790 | ---- | C] () -- C:\Windows\System32\prfh0804.dat
[2014/01/10 10:43:23 | 000,123,268 | ---- | C] () -- C:\Windows\System32\prfc0804.dat
[2014/01/10 10:43:23 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat
[2014/01/10 10:43:23 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat
[2014/01/05 12:37:51 | 000,054,704 | ---- | C] () -- C:\Windows\System32\USBCoInstaller.dll
[2014/01/04 18:45:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2014/01/04 18:43:15 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2014/01/04 09:32:52 | 000,001,078 | ---- | C] () -- C:\Users\David\AppData\Roaming\base64.cer
[2014/01/03 21:09:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/01/03 18:21:01 | 002,216,480 | ---- | C] () -- C:\Windows\wweb32.dll
[2013/11/05 17:04:18 | 000,189,232 | ---- | C] () -- C:\Windows\System32\HB_BOCToken.x86.dll
[2013/11/05 17:04:12 | 000,074,544 | ---- | C] () -- C:\Windows\System32\WD_BOCToken.x86.dll
[2013/11/05 17:03:52 | 000,052,528 | ---- | C] () -- C:\Windows\System32\ES_BOCToken.x86.dll

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2014/02/23 22:16:39 | 000,002,328 | ---- | M] ()(C:\Users\David\Desktop\?? T8830Pro - ???.lnk) -- C:\Users\David\Desktop\华为 T8830Pro - 豌豆荚.lnk
[2014/01/05 12:42:46 | 000,002,328 | ---- | C] ()(C:\Users\David\Desktop\?? T8830Pro - ???.lnk) -- C:\Users\David\Desktop\华为 T8830Pro - 豌豆荚.lnk
[2014/01/05 12:42:46 | 000,000,877 | ---- | M] ()(C:\Users\David\Desktop\?? T8830Pro???.lnk) -- C:\Users\David\Desktop\华为 T8830Pro的备份.lnk
[2014/01/05 12:42:46 | 000,000,877 | ---- | C] ()(C:\Users\David\Desktop\?? T8830Pro???.lnk) -- C:\Users\David\Desktop\华为 T8830Pro的备份.lnk
(C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???) -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\豌豆荚

< End of report >
  • 0

Advertisements

#2
emeraldnzl
Posted 11 March 2014 - 01:53 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello daba,

Before we start I would say that I have seen users have problems with IObit in the past. Maybe it would be worth trying an uninstall of that and see if there is an improvement. You can always reinstall it later if you want it.

Moving on

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
daba
Posted 15 March 2014 - 01:14 AM

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts
Hi. Thank you for your help. I'm about to remove IOBit after I've completed the Farbar stuff.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by David (administrator) on DAVID-PC on 15-03-2014 15:12:00
Running from C:\Users\David\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Alipay Inc. ) C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
() C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(IObit) C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\David\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
(阿里巴巴(中国)有限公司) C:\Program Files\alipay\SafeTransaction\TaobaoProtect.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Alipay Inc. ) C:\Program Files\alipay\SafeTransaction\Alipaybsm.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Microsoft Pinyin IME Migration] - C:\Program Files\Common Files\microsoft shared\IME12\IMESC\IMSCMIG.EXE [32112 2011-05-31] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-05] (Microsoft Corporation)
HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\Run: [TouchFreeze] - C:\Users\David\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [40960 2012-07-24] ()
HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-15] (SUPERAntiSpyware)
HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\Run: [uTorrent] - C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe [1340496 2014-01-11] (BitTorrent Inc.)
HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_Plugin.exe [841096 2014-02-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\MountPoints2: {f1a8d70c-7426-11e3-b52f-806e6f6e6963} - F:\SETUP.EXE

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...?client=aff-ime
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB83525F3C507CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
SearchScopes: HKCU - {095EEDD2-9A61-4BA6-9891-94E310EA237C} URL = http://startpage.com...uage=english_uk
SearchScopes: HKCU - {0CA308D4-5FE7-4E88-837B-02527DC767D2} URL = http://www.baidu.com...d={searchTerms}
BHO: Í㶹¼Ô apk °²×°Æ÷ - {000DA090-57AA-424B-A8F0-621B7C08B8F4} - C:\Program Files\WandouLabs\wandoujia_bho.dll (Wandoulabs)
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Ads Removal - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: ICBC Anti-Phishing class - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll (中国工商银行)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\ASProxy.dll [353824] (Astrill)
Winsock: Catalog9 02 C:\Windows\system32\ASProxy.dll [353824] (Astrill)
Winsock: Catalog9 03 C:\Windows\system32\ASProxy.dll [353824] (Astrill)
Winsock: Catalog9 04 C:\Windows\system32\ASProxy.dll [353824] (Astrill)
Winsock: Catalog9 41 C:\Windows\system32\ASProxy.dll [353824] (Astrill)
Tcpip\..\Interfaces\{B69EE329-2CA7-4807-B85B-14C2398B23F2}: [NameServer]221.7.128.68 221.7.136.68

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default
FF user.js: detected! => C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\user.js
FF DefaultSearchEngine: Startpage HTTPS
FF SelectedSearchEngine: Startpage HTTPS
FF Homepage: www.startpage.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @alipay.com/npalidcp - C:\Windows\system32\aliedit\3.7.0.0\npalidcp.dll (Alipay.com co.,ltd)
FF Plugin: @alipay.com/npaliedit - C:\Windows\system32\aliedit\3.7.0.0\npaliedit.dll (Alipay.com co.,ltd)
FF Plugin: @alipay.com/npAliSecCtrl - C:\Windows\system32\aliedit\3.7.0.0\npAliSecCtrl.dll (Alipay.com Inc. )
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @icbc.com/npChromeClientBinding,ver=1.0.0.0 - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeClientBinding.dll (ICBC)
FF Plugin: @icbc.com/npChromeFullScreen,ver=1.0.0.1 - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeFullScreen.dll (ICBC)
FF Plugin: @icbc.com/npChromeSubmit,ver=1.0.0.1 - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeSubmit.dll (ICBC)
FF Plugin: @icbc.com/npChromeXXin,ver=1.0.0.1 - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeXXin.dll ( )
FF Plugin: @icbc/icbc_ms_npClCache,Version=1.0.0.2 - C:\Program Files\ICBCEbankTools\FirefoxPlugins\npClCache.dll ()
FF Plugin: @icbc/icbc_ms_npClientBinding,Version=1.0.0.2 - C:\Program Files\ICBCEbankTools\FirefoxPlugins\npClientBinding.dll ( )
FF Plugin: @icbc/icbc_ms_npFullScreen,Version=1.0.0.2 - C:\Program Files\ICBCEbankTools\FirefoxPlugins\npFullScreen.dll ()
FF Plugin: @icbc/icbc_ms_npsubmit,Version=1.0.0.7 - C:\Program Files\ICBCEbankTools\FirefoxPlugins\npsubmit.dll ( )
FF Plugin: @icbc/icbc_ms_npxxin,Version=1.0.0.8 - C:\Program Files\ICBCEbankTools\FirefoxPlugins\npxxin.dll ( )
FF Plugin: @icbc/npAssistComm,Version=1.0.0.1 - C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\npAssistComm.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wandoujia.com - C:\Program Files\WandouLabs\npWandoujiaHelper.dll (wandoujia.com)
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\searchplugins\baidu.xml
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\searchplugins\startpage-https.xml
FF Extension: Astrill Proxy Switcher - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\Extensions\[email protected] [2014-02-14]
FF Extension: Ant Video Downloader - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\Extensions\[email protected] [2014-02-28]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\Extensions\[email protected] [2014-03-02]
FF Extension: Popup Chinese Dictionary - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\Extensions\[email protected] [2014-01-11]
FF Extension: ICBCClrCache - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\Extensions\[email protected] [2014-02-10]
FF Extension: No Name - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\Extensions\trash [2014-03-02]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-02-22]
FF Extension: Zhong Wen - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\Extensions\{bbfec13e-8cb4-53f4-c852-999eb2a852cb}.xpi [2014-01-03]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-21]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz [2014-01-03]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: google.com.au
CHR DefaultSearchProvider: Google OZ
CHR DefaultSearchURL: http://www.google.co...q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Advanced SystemCare 7) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\Plugin/ASCPlugin_Protect.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll No File
CHR Extension: (Media Hint) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2014-01-22]
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-02]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-02]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-03-02]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-02]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-02]
CHR Extension: (Ads Removal) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-02-27]
CHR Extension: (Ads Removal) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2014-01-23]
CHR Extension: (Zhongwen: A Chinese-English Popup Dictionary) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde [2014-01-02]
CHR Extension: (ICBCChromeExtension) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lehjanbmddecbhgnnncapflmglinppcj [2014-02-10]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-02]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-02-21]
CHR HKLM\...\Chrome\Extension: [lehjanbmddecbhgnnncapflmglinppcj] - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\ICBCChromeExtension.crx [2013-07-02]
CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\WordWeb\wcxChrome.crx [2014-01-03]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-12] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 AlipaySecSvc; C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe [540032 2014-03-07] (Alipay Inc. )
S3 ASOVPNHelper; C:\Program Files\Astrill\ASOvpnSvc.exe [434024 2014-01-19] (Astrill)
S3 ASProxy; C:\Program Files\Astrill\ASProxy.exe [1983520 2013-12-27] (Astrill)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-21] (AVAST Software)
R2 ICBC Daemon Service; C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe [422536 2013-12-13] ()
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-02-14] (IObit)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [25856 2012-02-29] (Astrill)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2014-02-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-02-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-21] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-02-21] ()
S4 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32288 2013-11-19] (IObit.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2013-12-24] (IObit)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-07-01] (The OpenVPN Project)
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [20944 2013-11-19] (IObit.com)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-15 15:12 - 2014-03-15 15:12 - 00018143 _____ () C:\Users\David\Downloads\FRST.txt
2014-03-15 15:11 - 2014-03-15 15:12 - 00000000 ____D () C:\FRST
2014-03-15 15:09 - 2014-03-15 15:09 - 01145856 _____ (Farbar) C:\Users\David\Downloads\FRST.exe
2014-03-15 08:56 - 2014-03-15 08:56 - 00001584 _____ () C:\Windows\PFRO.log
2014-03-15 08:56 - 2014-03-15 08:56 - 00000056 _____ () C:\Windows\setupact.log
2014-03-15 08:56 - 2014-03-15 08:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-13 07:58 - 2014-03-15 11:40 - 00050585 _____ () C:\Windows\WindowsUpdate.log
2014-03-12 21:32 - 2014-03-12 21:32 - 00005646 _____ () C:\Users\David\Documents\cc_20140312_213230.reg
2014-03-12 16:08 - 2014-03-12 16:08 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2014-03-12 16:08 - 2014-03-12 16:08 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-03-11 20:16 - 2014-03-11 20:16 - 07011754 _____ () C:\Users\David\Downloads\The Making Of 'Gutter Oil'.flv
2014-03-11 17:02 - 2014-03-11 17:02 - 00002244 _____ () C:\Users\Public\Desktop\Free Video to MP3 Converter.lnk
2014-03-11 17:02 - 2014-03-11 17:02 - 00000000 ____D () C:\Users\David\AppData\Roaming\DVDVideoSoft
2014-03-11 17:02 - 2014-03-11 17:02 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-03-11 17:02 - 2014-03-11 17:02 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-03-11 16:59 - 2014-03-11 16:59 - 00930952 _____ (CNET Download.com) C:\Users\David\Downloads\cbsidlm-cbsi183-Free_Video_to_MP3_Converter-SEO-10638108.exe
2014-03-10 20:19 - 2006-10-26 19:56 - 00032592 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2014-03-10 13:14 - 2014-03-10 13:14 - 06134698 _____ () C:\Users\David\Downloads\Deadly Human Parasite __ Parasites inside humans ep2.flv
2014-03-10 13:14 - 2014-03-10 13:14 - 02181510 _____ () C:\Users\David\Downloads\Parasites Round Worm Found in Human Colon.flv
2014-03-09 21:35 - 2014-03-09 21:38 - 04502180 _____ () C:\Users\David\Downloads\Fast Food - The Infographics Show.flv
2014-03-09 16:36 - 2014-03-09 16:36 - 00000000 ____D () C:\Program Files\EclipseCrossword
2014-03-09 16:35 - 2014-03-09 16:35 - 00592896 _____ () C:\Users\David\Downloads\Install EclipseCrossword.msi
2014-03-08 20:32 - 2014-03-08 20:32 - 00000000 ____D () C:\Users\David\AppData\Roaming\dvdcss
2014-03-07 12:17 - 2014-03-15 08:57 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-03-06 07:34 - 2014-03-06 07:35 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-05 21:08 - 2014-03-05 21:08 - 01178636 _____ () C:\Users\David\Downloads\Fear and Courage.flv
2014-03-05 20:46 - 2014-03-05 20:49 - 12186285 _____ () C:\Users\David\Downloads\[FULL] Oscars 2014 Cate Blanchett Wins Best Actress at Oscar 2014 _ FULL VIDEO.flv
2014-03-05 20:24 - 2014-03-05 20:27 - 10219546 _____ () C:\Users\David\Downloads\[FULL] Matthew McConaughey Wins Best Actor at Oscars 2014 _ Oscar 2014 _ FULL VIDEO.flv
2014-03-05 19:28 - 2014-03-05 19:29 - 04765152 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup411.exe
2014-03-05 18:40 - 2014-03-05 18:40 - 00000000 ____D () C:\Windows\pss
2014-03-03 11:45 - 2014-03-03 11:46 - 08323096 _____ () C:\Users\David\Downloads\Jared Leto wins oscars 2014 - Acceptance Speech HQ.flv
2014-03-03 11:44 - 2014-03-03 11:45 - 08031226 _____ () C:\Users\David\Downloads\Lupita Nyong'o wins oscars 2014 - Acceptance Speech HQ.flv
2014-03-03 11:43 - 2014-03-03 11:43 - 03055383 _____ () C:\Users\David\Downloads\Survivors of China train station stabbing attack speak out.flv
2014-03-02 23:02 - 2014-03-02 23:02 - 00001208 _____ () C:\Users\David\Documents\cc_20140302_230228.reg
2014-03-02 16:26 - 2014-03-02 16:26 - 05651022 _____ () C:\Users\David\Downloads\Second Amendment Refresher.flv
2014-03-02 16:21 - 2014-03-02 16:22 - 13418283 _____ () C:\Users\David\Downloads\The REAL Purpose of the 2nd Amendment - The Ultimate Critique of Gun Control.flv
2014-03-02 16:18 - 2014-03-02 16:18 - 17037854 _____ () C:\Users\David\Downloads\The Second Amendment Explained The Constitution for Dummies Series.flv
2014-03-02 16:07 - 2014-03-02 16:07 - 08181165 _____ () C:\Users\David\Downloads\Why Switzerland Has The Lowest Crime Rate In The World.flv
2014-03-02 16:00 - 2014-03-02 16:00 - 11809041 _____ () C:\Users\David\Downloads\Don't Sell Me This! Communism Escapee Blasts Gun Control.flv
2014-03-02 15:44 - 2014-03-02 15:45 - 26504430 _____ () C:\Users\David\Downloads\Enemy of the Second Amendment Dianne Feinstein and Ron Johnson Debate on Gun Control.flv
2014-03-02 15:33 - 2014-03-02 15:33 - 03345301 _____ () C:\Users\David\Downloads\Senior Citizen Opens Fire on Robbers of Internet Cafe.flv
2014-03-02 15:29 - 2014-03-02 15:30 - 26744198 _____ () C:\Users\David\Downloads\The Armed Citizen II Public Defense.flv
2014-03-02 15:27 - 2014-03-02 15:28 - 16235774 _____ () C:\Users\David\Downloads\Gun Control - Watch What Happens When Guns Are Banned.flv
2014-03-02 15:18 - 2014-03-02 15:19 - 11555345 _____ () C:\Users\David\Downloads\Finally a sensible conversation on gun control.flv
2014-03-02 08:48 - 2014-03-02 08:48 - 00001182 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-03-02 08:44 - 2014-03-02 08:45 - 41807400 _____ (IObit ) C:\Users\David\Downloads\advanced-systemcare-setup (1).exe
2014-03-01 22:29 - 2014-03-01 22:30 - 11610760 _____ () C:\Users\David\Downloads\Video that will change your life. I have no words left.flv
2014-03-01 22:19 - 2014-03-01 22:20 - 23600500 _____ () C:\Users\David\Downloads\World's Most Powerful Speech.flv
2014-03-01 22:14 - 2014-03-01 22:14 - 08483872 _____ () C:\Users\David\Downloads\Powerful Inspirational true story...Don't give up!.flv
2014-03-01 20:49 - 2014-03-01 20:49 - 04795275 _____ () C:\Users\David\Downloads\Very Fit 60 Year Old.flv
2014-03-01 20:46 - 2014-03-01 20:47 - 07045069 _____ () C:\Users\David\Downloads\EXTREMELY RIPPED 46 YEAR OLD!.flv
2014-03-01 20:39 - 2014-03-01 20:39 - 07344199 _____ () C:\Users\David\Downloads\THE BEST Lower Ab Workout.flv
2014-03-01 20:30 - 2014-03-01 20:31 - 21647545 _____ () C:\Users\David\Downloads\Ultimate 8 Pack Abs Workout.flv
2014-03-01 20:28 - 2014-03-01 20:29 - 09717240 _____ () C:\Users\David\Downloads\8 Pack Abs Hitch TRU FITNESS EDITION.flv
2014-02-28 11:04 - 2014-03-06 07:35 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-28 11:03 - 2014-02-28 11:04 - 00000000 ____D () C:\Program Files\iTunes
2014-02-28 11:03 - 2014-02-28 11:03 - 00000000 ____D () C:\Program Files\iPod
2014-02-28 10:53 - 2014-02-28 10:58 - 137699152 _____ (Apple Inc.) C:\Users\David\Downloads\iTunesSetup.exe
2014-02-28 10:36 - 2014-02-28 10:36 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-27 08:08 - 2014-02-27 08:10 - 41807400 _____ (IObit ) C:\Users\David\Downloads\advanced-systemcare-setup.exe
2014-02-24 18:47 - 2014-02-24 18:47 - 00633752 _____ ( ) C:\Users\David\Downloads\FreeYouTubeDownloaderInstallerIC.exe
2014-02-24 18:32 - 2014-02-24 18:32 - 00001458 _____ () C:\Users\David\Documents\cc_20140224_183242.reg
2014-02-24 12:53 - 2014-02-24 12:53 - 00012184 _____ () C:\Users\David\Downloads\[kickass.to]21.day.fast.mass.building.vince.del.monte.lee.hayward.torrent
2014-02-24 12:53 - 2014-02-24 12:53 - 00012184 _____ () C:\Users\David\Downloads\[kickass.to]21.day.fast.mass.building.vince.del.monte.lee.hayward (1).torrent
2014-02-23 23:28 - 2014-02-23 23:28 - 00000000 ____D () C:\alipay
2014-02-23 22:56 - 2014-02-23 22:56 - 00034676 _____ () C:\Users\David\Downloads\Extras.Txt
2014-02-23 22:54 - 2014-02-23 22:54 - 00101428 _____ () C:\Users\David\Downloads\OTL.Txt
2014-02-23 22:34 - 2014-02-23 22:34 - 00602112 _____ (OldTimer Tools) C:\Users\David\Downloads\OTL.exe
2014-02-23 16:54 - 2014-03-10 11:37 - 00000000 ____D () C:\Users\David\Desktop\GXMU
2014-02-23 10:07 - 2014-03-15 15:03 - 00000000 ____D () C:\Users\David\AppData\Roaming\TaobaoProtect
2014-02-23 10:07 - 2014-02-23 10:07 - 00000000 ____D () C:\Users\David\AppData\Local\alipay
2014-02-21 15:32 - 2014-02-21 15:32 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVAST Software
2014-02-21 15:30 - 2014-02-21 15:30 - 00002115 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-21 15:29 - 2014-02-21 15:28 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-21 15:29 - 2014-02-21 15:28 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-21 15:29 - 2014-02-21 15:28 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-21 15:29 - 2014-02-21 15:28 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-21 15:29 - 2014-02-21 15:28 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-21 15:28 - 2014-02-21 15:28 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-21 15:28 - 2014-02-21 15:28 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-21 15:28 - 2014-02-21 15:28 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-21 15:28 - 2014-02-21 15:28 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-21 15:27 - 2014-02-21 15:27 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-21 15:26 - 2014-02-21 15:26 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-21 15:21 - 2014-02-21 15:25 - 88725592 _____ (AVAST Software) C:\Users\David\Downloads\avast_free_antivirus_setup(1).exe
2014-02-21 15:16 - 2014-02-21 15:16 - 00243049 _____ () C:\Users\David\Downloads\avast_free_antivirus_setup.exe
2014-02-21 13:15 - 2014-03-15 13:15 - 00000384 _____ () C:\Windows\Tasks\SLOW-PCfighter-David-Notification.job
2014-02-21 13:15 - 2014-03-15 09:09 - 00000378 _____ () C:\Windows\Tasks\SLOW-PCfighter-David-Startup.job
2014-02-21 13:15 - 2014-02-21 13:15 - 00000000 ____D () C:\Users\David\AppData\Roaming\Fighters
2014-02-21 13:15 - 2014-02-21 13:15 - 00000000 ____D () C:\ProgramData\Fighters
2014-02-21 13:13 - 2014-02-21 13:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\DesktopIconGoodgame
2014-02-21 09:45 - 2014-02-21 09:45 - 04011240 _____ (Avira Operations GmbH & Co. KG) C:\Users\David\Downloads\avira_oe_client_antivirus_en.exe
2014-02-20 14:27 - 2014-02-20 14:28 - 04721920 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup410 (1).exe
2014-02-20 14:27 - 2014-02-20 14:27 - 04721920 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup410.exe
2014-02-20 09:51 - 2014-02-20 09:51 - 00000000 ___RD () C:\Program Files\Skype
2014-02-20 09:51 - 2014-02-20 09:51 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-15 11:50 - 2014-02-15 11:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 21:48 - 2014-02-14 21:48 - 00000000 ____D () C:\Users\David\AppData\Roaming\ProductData
2014-02-14 21:47 - 2014-02-14 21:47 - 11201344 _____ (IObit) C:\Users\David\Downloads\iobituninstaller3.1.exe
2014-02-14 21:47 - 2014-02-14 21:47 - 11201344 _____ (IObit) C:\Users\David\Downloads\iobituninstaller3.1 (1).exe
2014-02-14 17:46 - 2014-02-14 17:46 - 00020774 _____ () C:\Users\David\Documents\cc_20140214_174556.reg
2014-02-14 13:43 - 2014-03-14 18:29 - 00004284 _____ () C:\Windows\system32\ASProxy.ini
2014-02-14 13:43 - 2014-03-14 18:29 - 00002680 _____ () C:\Windows\system32\ASProxyOff.ini
2014-02-14 13:32 - 2014-02-22 17:48 - 00000000 ____D () C:\Users\David\AppData\Roaming\Astrill
2014-02-14 13:32 - 2013-12-27 06:20 - 00353824 _____ (Astrill) C:\Windows\system32\ASProxy.dll
2014-02-14 13:30 - 2014-02-22 17:43 - 00000945 _____ () C:\Users\Public\Desktop\Astrill.lnk
2014-02-14 13:30 - 2014-02-22 17:43 - 00000000 ____D () C:\Program Files\Astrill
2014-02-14 13:30 - 2012-02-29 21:46 - 00025856 _____ (Astrill) C:\Windows\system32\Drivers\asvpndrv.sys
2014-02-14 13:23 - 2014-02-14 13:23 - 03746600 _____ (Astrill ) C:\Users\David\Downloads\astrill-setup-win.exe
2014-02-14 05:42 - 2014-02-05 16:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-14 05:41 - 2014-02-05 16:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-14 05:41 - 2014-02-05 16:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-14 05:41 - 2014-02-05 16:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-14 05:41 - 2014-02-05 16:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-14 05:41 - 2014-02-05 16:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-14 05:41 - 2014-02-05 16:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 05:41 - 2014-02-05 16:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-14 05:41 - 2014-02-05 16:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-14 05:41 - 2014-02-05 16:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-14 05:41 - 2014-02-05 16:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 05:41 - 2014-02-05 16:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-14 05:41 - 2014-02-05 16:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-14 05:41 - 2014-02-05 16:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-14 05:41 - 2014-02-05 16:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-14 05:41 - 2014-02-05 16:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 20:46 - 2014-01-01 07:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 20:46 - 2013-12-06 10:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 20:46 - 2013-12-06 10:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 20:32 - 2013-12-25 07:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 20:32 - 2013-12-04 10:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 20:32 - 2013-12-04 10:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 20:32 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 20:32 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 20:32 - 2013-12-04 10:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 20:32 - 2013-12-04 09:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 20:32 - 2013-12-04 09:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 20:32 - 2013-12-04 09:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 20:32 - 2013-12-04 09:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 20:32 - 2013-11-26 16:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-13 11:40 - 2014-02-13 11:42 - 54414336 _____ () C:\Users\David\Downloads\calibre-1.23.0.msi

==================== One Month Modified Files and Folders =======

2014-03-15 15:12 - 2014-03-15 15:12 - 00018143 _____ () C:\Users\David\Downloads\FRST.txt
2014-03-15 15:12 - 2014-03-15 15:11 - 00000000 ____D () C:\FRST
2014-03-15 15:09 - 2014-03-15 15:09 - 01145856 _____ (Farbar) C:\Users\David\Downloads\FRST.exe
2014-03-15 15:03 - 2014-02-23 10:07 - 00000000 ____D () C:\Users\David\AppData\Roaming\TaobaoProtect
2014-03-15 14:11 - 2014-01-02 23:20 - 00000000 ____D () C:\Users\David\AppData\Roaming\uTorrent
2014-03-15 13:15 - 2014-02-21 13:15 - 00000384 _____ () C:\Windows\Tasks\SLOW-PCfighter-David-Notification.job
2014-03-15 11:43 - 2014-01-10 10:43 - 00387790 _____ () C:\Windows\system32\prfh0804.dat
2014-03-15 11:43 - 2014-01-10 10:43 - 00123268 _____ () C:\Windows\system32\prfc0804.dat
2014-03-15 11:43 - 2014-01-02 22:20 - 01275540 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-15 11:40 - 2014-03-13 07:58 - 00050585 _____ () C:\Windows\WindowsUpdate.log
2014-03-15 09:11 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\tracing
2014-03-15 09:10 - 2014-01-10 19:02 - 00000272 _____ () C:\Windows\Tasks\Driver Booster Update.job
2014-03-15 09:09 - 2014-02-21 13:15 - 00000378 _____ () C:\Windows\Tasks\SLOW-PCfighter-David-Startup.job
2014-03-15 09:04 - 2009-07-14 12:34 - 00014336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-15 09:04 - 2009-07-14 12:34 - 00014336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-15 08:58 - 2014-01-02 23:22 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-15 08:57 - 2014-03-07 12:17 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-03-15 08:56 - 2014-03-15 08:56 - 00001584 _____ () C:\Windows\PFRO.log
2014-03-15 08:56 - 2014-03-15 08:56 - 00000056 _____ () C:\Windows\setupact.log
2014-03-15 08:56 - 2014-03-15 08:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-15 08:56 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-14 18:29 - 2014-02-14 13:43 - 00004284 _____ () C:\Windows\system32\ASProxy.ini
2014-03-14 18:29 - 2014-02-14 13:43 - 00002680 _____ () C:\Windows\system32\ASProxyOff.ini
2014-03-14 10:36 - 2014-01-02 23:22 - 00002147 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-03-13 22:35 - 2014-01-03 16:54 - 00000000 ____D () C:\Users\David\AppData\Roaming\vlc
2014-03-13 08:05 - 2014-01-02 23:12 - 00116128 _____ () C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-12 21:32 - 2014-03-12 21:32 - 00005646 _____ () C:\Users\David\Documents\cc_20140312_213230.reg
2014-03-12 16:29 - 2009-07-14 12:33 - 00458184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-12 16:10 - 2014-01-17 10:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 16:08 - 2014-03-12 16:08 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2014-03-12 16:08 - 2014-03-12 16:08 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-03-12 16:08 - 2014-01-17 10:49 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-03-12 16:08 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-03-12 16:08 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-12 16:07 - 2009-07-14 15:49 - 00000000 ____D () C:\Windows\ShellNew
2014-03-12 16:02 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-12 16:02 - 2009-07-14 10:04 - 00000478 _____ () C:\Windows\win.ini
2014-03-12 15:25 - 2014-01-17 10:44 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-11 20:16 - 2014-03-11 20:16 - 07011754 _____ () C:\Users\David\Downloads\The Making Of 'Gutter Oil'.flv
2014-03-11 17:02 - 2014-03-11 17:02 - 00002244 _____ () C:\Users\Public\Desktop\Free Video to MP3 Converter.lnk
2014-03-11 17:02 - 2014-03-11 17:02 - 00000000 ____D () C:\Users\David\AppData\Roaming\DVDVideoSoft
2014-03-11 17:02 - 2014-03-11 17:02 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-03-11 17:02 - 2014-03-11 17:02 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-03-11 16:59 - 2014-03-11 16:59 - 00930952 _____ (CNET Download.com) C:\Users\David\Downloads\cbsidlm-cbsi183-Free_Video_to_MP3_Converter-SEO-10638108.exe
2014-03-10 22:28 - 2014-01-04 09:32 - 00001078 _____ () C:\Users\David\AppData\Roaming\base64.cer
2014-03-10 13:14 - 2014-03-10 13:14 - 06134698 _____ () C:\Users\David\Downloads\Deadly Human Parasite __ Parasites inside humans ep2.flv
2014-03-10 13:14 - 2014-03-10 13:14 - 02181510 _____ () C:\Users\David\Downloads\Parasites Round Worm Found in Human Colon.flv
2014-03-10 11:37 - 2014-02-23 16:54 - 00000000 ____D () C:\Users\David\Desktop\GXMU
2014-03-09 21:38 - 2014-03-09 21:35 - 04502180 _____ () C:\Users\David\Downloads\Fast Food - The Infographics Show.flv
2014-03-09 16:36 - 2014-03-09 16:36 - 00000000 ____D () C:\Program Files\EclipseCrossword
2014-03-09 16:35 - 2014-03-09 16:35 - 00592896 _____ () C:\Users\David\Downloads\Install EclipseCrossword.msi
2014-03-08 20:32 - 2014-03-08 20:32 - 00000000 ____D () C:\Users\David\AppData\Roaming\dvdcss
2014-03-06 12:27 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache
2014-03-06 07:35 - 2014-03-06 07:34 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-06 07:35 - 2014-02-28 11:04 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-05 21:53 - 2014-01-03 09:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-05 21:42 - 2014-01-02 22:31 - 00000000 ____D () C:\Program Files\Opera
2014-03-05 21:08 - 2014-03-05 21:08 - 01178636 _____ () C:\Users\David\Downloads\Fear and Courage.flv
2014-03-05 20:49 - 2014-03-05 20:46 - 12186285 _____ () C:\Users\David\Downloads\[FULL] Oscars 2014 Cate Blanchett Wins Best Actress at Oscar 2014 _ FULL VIDEO.flv
2014-03-05 20:27 - 2014-03-05 20:24 - 10219546 _____ () C:\Users\David\Downloads\[FULL] Matthew McConaughey Wins Best Actor at Oscars 2014 _ Oscar 2014 _ FULL VIDEO.flv
2014-03-05 19:37 - 2014-01-05 12:38 - 00000000 ____D () C:\Users\David\AppData\Roaming\Wandoujia2
2014-03-05 19:29 - 2014-03-05 19:28 - 04765152 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup411.exe
2014-03-05 19:05 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\DVD Maker
2014-03-05 18:43 - 2014-01-03 16:33 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-03-05 18:40 - 2014-03-05 18:40 - 00000000 ____D () C:\Windows\pss
2014-03-05 16:56 - 2014-01-05 12:42 - 00002328 _____ () C:\Users\David\Desktop\华为 T8830Pro - 豌豆荚.lnk
2014-03-05 16:56 - 2014-01-05 12:42 - 00000000 ____D () C:\Users\David\Documents\Wandoujia2
2014-03-05 07:53 - 2014-01-03 18:39 - 00000000 ____D () C:\Users\David\AppData\Roaming\Skype
2014-03-04 11:44 - 2014-01-02 23:20 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-03 11:46 - 2014-03-03 11:45 - 08323096 _____ () C:\Users\David\Downloads\Jared Leto wins oscars 2014 - Acceptance Speech HQ.flv
2014-03-03 11:45 - 2014-03-03 11:44 - 08031226 _____ () C:\Users\David\Downloads\Lupita Nyong'o wins oscars 2014 - Acceptance Speech HQ.flv
2014-03-03 11:43 - 2014-03-03 11:43 - 03055383 _____ () C:\Users\David\Downloads\Survivors of China train station stabbing attack speak out.flv
2014-03-02 23:02 - 2014-03-02 23:02 - 00001208 _____ () C:\Users\David\Documents\cc_20140302_230228.reg
2014-03-02 16:26 - 2014-03-02 16:26 - 05651022 _____ () C:\Users\David\Downloads\Second Amendment Refresher.flv
2014-03-02 16:22 - 2014-03-02 16:21 - 13418283 _____ () C:\Users\David\Downloads\The REAL Purpose of the 2nd Amendment - The Ultimate Critique of Gun Control.flv
2014-03-02 16:18 - 2014-03-02 16:18 - 17037854 _____ () C:\Users\David\Downloads\The Second Amendment Explained The Constitution for Dummies Series.flv
2014-03-02 16:07 - 2014-03-02 16:07 - 08181165 _____ () C:\Users\David\Downloads\Why Switzerland Has The Lowest Crime Rate In The World.flv
2014-03-02 16:00 - 2014-03-02 16:00 - 11809041 _____ () C:\Users\David\Downloads\Don't Sell Me This! Communism Escapee Blasts Gun Control.flv
2014-03-02 15:45 - 2014-03-02 15:44 - 26504430 _____ () C:\Users\David\Downloads\Enemy of the Second Amendment Dianne Feinstein and Ron Johnson Debate on Gun Control.flv
2014-03-02 15:33 - 2014-03-02 15:33 - 03345301 _____ () C:\Users\David\Downloads\Senior Citizen Opens Fire on Robbers of Internet Cafe.flv
2014-03-02 15:30 - 2014-03-02 15:29 - 26744198 _____ () C:\Users\David\Downloads\The Armed Citizen II Public Defense.flv
2014-03-02 15:28 - 2014-03-02 15:27 - 16235774 _____ () C:\Users\David\Downloads\Gun Control - Watch What Happens When Guns Are Banned.flv
2014-03-02 15:19 - 2014-03-02 15:18 - 11555345 _____ () C:\Users\David\Downloads\Finally a sensible conversation on gun control.flv
2014-03-02 08:48 - 2014-03-02 08:48 - 00001182 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-03-02 08:47 - 2014-01-02 23:22 - 00000000 ____D () C:\Program Files\IObit
2014-03-02 08:45 - 2014-03-02 08:44 - 41807400 _____ (IObit ) C:\Users\David\Downloads\advanced-systemcare-setup (1).exe
2014-03-01 22:30 - 2014-03-01 22:29 - 11610760 _____ () C:\Users\David\Downloads\Video that will change your life. I have no words left.flv
2014-03-01 22:20 - 2014-03-01 22:19 - 23600500 _____ () C:\Users\David\Downloads\World's Most Powerful Speech.flv
2014-03-01 22:14 - 2014-03-01 22:14 - 08483872 _____ () C:\Users\David\Downloads\Powerful Inspirational true story...Don't give up!.flv
2014-03-01 20:49 - 2014-03-01 20:49 - 04795275 _____ () C:\Users\David\Downloads\Very Fit 60 Year Old.flv
2014-03-01 20:47 - 2014-03-01 20:46 - 07045069 _____ () C:\Users\David\Downloads\EXTREMELY RIPPED 46 YEAR OLD!.flv
2014-03-01 20:39 - 2014-03-01 20:39 - 07344199 _____ () C:\Users\David\Downloads\THE BEST Lower Ab Workout.flv
2014-03-01 20:31 - 2014-03-01 20:30 - 21647545 _____ () C:\Users\David\Downloads\Ultimate 8 Pack Abs Workout.flv
2014-03-01 20:29 - 2014-03-01 20:28 - 09717240 _____ () C:\Users\David\Downloads\8 Pack Abs Hitch TRU FITNESS EDITION.flv
2014-02-28 11:04 - 2014-02-28 11:03 - 00000000 ____D () C:\Program Files\iTunes
2014-02-28 11:03 - 2014-02-28 11:03 - 00000000 ____D () C:\Program Files\iPod
2014-02-28 11:03 - 2014-01-03 08:41 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-28 10:58 - 2014-02-28 10:53 - 137699152 _____ (Apple Inc.) C:\Users\David\Downloads\iTunesSetup.exe
2014-02-28 10:36 - 2014-02-28 10:36 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-27 08:10 - 2014-02-27 08:08 - 41807400 _____ (IObit ) C:\Users\David\Downloads\advanced-systemcare-setup.exe
2014-02-24 18:47 - 2014-02-24 18:47 - 00633752 _____ ( ) C:\Users\David\Downloads\FreeYouTubeDownloaderInstallerIC.exe
2014-02-24 18:32 - 2014-02-24 18:32 - 00001458 _____ () C:\Users\David\Documents\cc_20140224_183242.reg
2014-02-24 12:53 - 2014-02-24 12:53 - 00012184 _____ () C:\Users\David\Downloads\[kickass.to]21.day.fast.mass.building.vince.del.monte.lee.hayward.torrent
2014-02-24 12:53 - 2014-02-24 12:53 - 00012184 _____ () C:\Users\David\Downloads\[kickass.to]21.day.fast.mass.building.vince.del.monte.lee.hayward (1).torrent
2014-02-23 23:28 - 2014-02-23 23:28 - 00000000 ____D () C:\alipay
2014-02-23 22:56 - 2014-02-23 22:56 - 00034676 _____ () C:\Users\David\Downloads\Extras.Txt
2014-02-23 22:54 - 2014-02-23 22:54 - 00101428 _____ () C:\Users\David\Downloads\OTL.Txt
2014-02-23 22:34 - 2014-02-23 22:34 - 00602112 _____ (OldTimer Tools) C:\Users\David\Downloads\OTL.exe
2014-02-23 10:27 - 2014-01-04 09:32 - 00000000 ____D () C:\Program Files\alipay
2014-02-23 10:07 - 2014-02-23 10:07 - 00000000 ____D () C:\Users\David\AppData\Local\alipay
2014-02-23 10:07 - 2014-01-04 09:32 - 00000000 ____D () C:\Windows\system32\aliedit
2014-02-22 17:48 - 2014-02-14 13:32 - 00000000 ____D () C:\Users\David\AppData\Roaming\Astrill
2014-02-22 17:43 - 2014-02-14 13:30 - 00000945 _____ () C:\Users\Public\Desktop\Astrill.lnk
2014-02-22 17:43 - 2014-02-14 13:30 - 00000000 ____D () C:\Program Files\Astrill
2014-02-22 08:29 - 2014-01-02 23:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-22 08:28 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\IME
2014-02-22 08:24 - 2014-01-10 18:53 - 00000000 ____D () C:\Program Files\Adobe
2014-02-21 18:48 - 2014-01-02 23:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 18:48 - 2014-01-02 23:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 17:51 - 2014-01-02 22:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-21 15:32 - 2014-02-21 15:32 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVAST Software
2014-02-21 15:30 - 2014-02-21 15:30 - 00002115 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-21 15:28 - 2014-02-21 15:29 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-21 15:28 - 2014-02-21 15:29 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-21 15:28 - 2014-02-21 15:29 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-21 15:28 - 2014-02-21 15:29 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-21 15:28 - 2014-02-21 15:29 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-21 15:28 - 2014-02-21 15:28 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-21 15:28 - 2014-02-21 15:28 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-21 15:28 - 2014-02-21 15:28 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-21 15:28 - 2014-02-21 15:28 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-21 15:27 - 2014-02-21 15:27 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-21 15:26 - 2014-02-21 15:26 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-21 15:25 - 2014-02-21 15:21 - 88725592 _____ (AVAST Software) C:\Users\David\Downloads\avast_free_antivirus_setup(1).exe
2014-02-21 15:16 - 2014-02-21 15:16 - 00243049 _____ () C:\Users\David\Downloads\avast_free_antivirus_setup.exe
2014-02-21 13:15 - 2014-02-21 13:15 - 00000000 ____D () C:\Users\David\AppData\Roaming\Fighters
2014-02-21 13:15 - 2014-02-21 13:15 - 00000000 ____D () C:\ProgramData\Fighters
2014-02-21 13:13 - 2014-02-21 13:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\DesktopIconGoodgame
2014-02-21 09:45 - 2014-02-21 09:45 - 04011240 _____ (Avira Operations GmbH & Co. KG) C:\Users\David\Downloads\avira_oe_client_antivirus_en.exe
2014-02-20 14:28 - 2014-02-20 14:27 - 04721920 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup410 (1).exe
2014-02-20 14:27 - 2014-02-20 14:27 - 04721920 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup410.exe
2014-02-20 09:51 - 2014-02-20 09:51 - 00000000 ___RD () C:\Program Files\Skype
2014-02-20 09:51 - 2014-02-20 09:51 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-20 09:51 - 2014-01-03 18:39 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-20 09:51 - 2014-01-03 18:38 - 00000000 ____D () C:\ProgramData\Skype
2014-02-18 19:02 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-18 11:37 - 2014-01-02 23:40 - 00000000 ____D () C:\Users\David\Documents\Calibre Library
2014-02-16 10:18 - 2014-02-10 11:00 - 00000000 ____D () C:\ProgramData\icbc_data
2014-02-16 10:10 - 2014-01-03 10:11 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-16 10:10 - 2014-01-02 23:20 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-16 10:10 - 2014-01-02 23:20 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-15 11:50 - 2014-02-15 11:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 21:48 - 2014-02-14 21:48 - 00000000 ____D () C:\Users\David\AppData\Roaming\ProductData
2014-02-14 21:47 - 2014-02-14 21:47 - 11201344 _____ (IObit) C:\Users\David\Downloads\iobituninstaller3.1.exe
2014-02-14 21:47 - 2014-02-14 21:47 - 11201344 _____ (IObit) C:\Users\David\Downloads\iobituninstaller3.1 (1).exe
2014-02-14 17:46 - 2014-02-14 17:46 - 00020774 _____ () C:\Users\David\Documents\cc_20140214_174556.reg
2014-02-14 13:23 - 2014-02-14 13:23 - 03746600 _____ (Astrill ) C:\Users\David\Downloads\astrill-setup-win.exe
2014-02-14 05:49 - 2014-01-03 19:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 05:46 - 2014-01-03 19:48 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 05:38 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-02-13 11:42 - 2014-02-13 11:40 - 54414336 _____ () C:\Users\David\Downloads\calibre-1.23.0.msi

Files to move or delete:
====================
C:\ProgramData\999.dat


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 13:33

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by David at 2014-03-15 15:12:50
Running from C:\Users\David\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30446 - BitTorrent Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM\...\Advanced SystemCare 7_is1) (Version: 7.2.0 - IObit)
Alipay security control 3.7.0.0 (Version: 3.7.0.0 - Alipay.com Co., Ltd.) Hidden
AlipayDHC 1.1.0.0 (Version: 1.1.0.0 - Alipay.com Co., Ltd.) Hidden
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Astrill (HKLM\...\{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1) (Version: - Astrill)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2013 - Avast Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{7D69BF2B-6C60-4D0A-8A6C-BCFD025D5D84}) (Version: 1.17.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Driver Booster (HKLM\...\Driver Booster_is1) (Version: 1.2 - IObit)
EclipseCrossword (HKLM\...\{F389DB8F-0716-4FC6-82B2-02B2FA2B4F24}) (Version: 1.2.61 - Green Eclipse)
Eusing Free Registry Cleaner (HKLM\...\Eusing Free Registry Cleaner) (Version: - Eusing Software)
Flickr Uploadr 3.2.1 (HKLM\...\Flickr Uploadr) (Version: - )
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Free Video to MP3 Converter version 5.0.35.304 (HKLM\...\Free Video to MP3 Converter_is1) (Version: 5.0.35.304 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
ICBCChromeExtension (HKLM\...\{FAE970AE-A8FB-4AE4-91E7-8FD84ABAE007}) (Version: 1.0.2.0 - ICBC)
ICBCEBankAssist (HKLM\...\{96057DEB-9B1F-40D5-AD38-84FFDD4711A0}) (Version: 1.2.3.0 - Industrial and Commercial Bank of China)
ICBCEbankPlugins (HKLM\...\{3A76D8EA-E4DA-4C9B-BB65-7FDEB8AA57FF}) (Version: 1.0.2.0 - icbc)
IObit Malware Fighter (HKLM\...\IObit Malware Fighter_is1) (Version: 2.2.1 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.1.8.2434 - IObit)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
JetBoost (HKLM\...\JetBoost_is1) (Version: 2.0.0 - BlueSprig)
JetClean (HKLM\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel 2007 Help ¸üР(KB963678) (HKLM\...\{90120000-0016-0804-0000-0000000FF1CE}_PROPLUS_{CECF0828-8F1F-4205-86B9-61683BAF0321}) (Version: - Microsoft)
Microsoft Office Excel MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office IME (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 Help ¸üР(KB963677) (HKLM\...\{90120000-001A-0804-0000-0000000FF1CE}_PROPLUS_{CB739C4F-6ABE-4CB2-BC90-57583893094F}) (Version: - Microsoft)
Microsoft Office Outlook MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Powerpoint 2007 Help ¸üР(KB963669) (HKLM\...\{90120000-0018-0804-0000-0000000FF1CE}_PROPLUS_{833A1F95-EEEB-47D3-B13F-3243AB2E7FA5}) (Version: - Microsoft)
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Chinese (Simplified)) 2007 (Version: 12.0.4518.1016 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word 2007 Help ¸üР(KB963665) (HKLM\...\{90120000-001B-0804-0000-0000000FF1CE}_PROPLUS_{53A3BCC0-3278-4729-8718-D17DEC19DE48}) (Version: - Microsoft)
Microsoft Office Word MUI (Chinese (Simplified)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Ö§¸¶±¦°²È«¿Ø¼þ 3.22.0.0 (HKLM\...\alieditplus) (Version: 3.22.0.0 - Alipay.com Co., Ltd.)
Opera Stable 20.0.1387.64 (HKLM\...\Opera 20.0.1387.64) (Version: 20.0.1387.64 - Opera Software ASA)
PIXresizer (HKLM\...\PIXresizer_is1) (Version: 2.0.4 - Bluefive software)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
SafeTransaction 5.10.0.0 (Version: 5.10.0.0 - Alipay.com Co., Ltd.) Hidden
Security Task Manager 1.8c (HKLM\...\Security Task Manager) (Version: 1.8c - Neuber Software)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SLOW-PCfighter (Version: 1.7.59 - SPAMfighter ApS) Hidden
Smart Defrag 3 (HKLM\...\Smart Defrag 3_is1) (Version: 3.0 - IObit)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Subliminal Power (HKLM\...\Subliminal Power_is1) (Version: - WCCL)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1118 - SUPERAntiSpyware.com)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
TouchFreeze (HKLM\...\{9C9744E5-2BB7-4042-BD1C-8A339480A08C}) (Version: 1.1.0 - Ivan Zhakov)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0804-0000-0000000FF1CE}_PROPLUS_{E97580BE-C997-4428-A7A3-9AE01F85DDB4}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DC}) (Version: 17.5.10562 - WinZip Computing, S.L. )
WordWeb (HKLM\...\WordWeb) (Version: 6 - WordWeb Software)
YTD Video Downloader 4.7.2 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.2 - GreenTree Applications SRL)
中国工商银行防钓鱼软件 (HKLM\...\{E7CE0436-4E29-4EF8-B678-9747C60D81FB}) (Version: 2.2.5 - 中国工商银行)
谷歌拼音输入法 2.7 (HKLM\...\GooglePinyin2) (Version: - Google Inc.)
豌豆荚 (HKLM\...\Wandoujia2) (Version: - 豌豆实验室)

==================== Restore Points =========================

12-03-2014 06:59:58 Configured Microsoft Office Professional Plus 2007
12-03-2014 08:00:39 Configured Microsoft Office Professional Plus 2007

==================== Hosts content: ==========================

2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0815CF2C-21F0-4ADF-8E0F-2879292A9439} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {128979A8-B74C-4E1D-8574-A3219ED1E994} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {224EF4D6-4FB4-4078-B10C-3E63FC8CF9FF} - System32\Tasks\SLOW-PCfighter-David-Startup => C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe
Task: {2E857E1B-C601-4848-BEF9-0EEE55D8E0F7} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe [2014-02-11] (IObit)
Task: {4131B6CD-497E-4967-B868-3E1CECEC859A} - System32\Tasks\Driver Booster Update => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe [2014-01-07] (IObit)
Task: {4B9546CC-CE45-485B-B244-1407FD71E58B} - System32\Tasks\Google Pinyin Daemon => C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe [2014-01-02] (Google Inc.)
Task: {4C5C2E25-DEE4-4336-8E75-6806A015C21E} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe [2014-01-09] (IObit)
Task: {4D6BC66F-D7F6-4D6D-8F63-3821006CFD6C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {7334C863-C12A-4CB6-9BF5-81100623DD83} - System32\Tasks\JetBoost_AutoUpdate => C:\Program Files\BlueSprig\JetBoost\AutoUpdate.exe [2012-11-27] (BlueSprig)
Task: {761DE42F-7AC0-4A12-917B-08E5BC7308EF} - System32\Tasks\SLOW-PCfighter-David-Notification => C:\Program Files\Fighters\SLOW-PCfighter\Sync.exe
Task: {850FD229-205E-4EDF-9E88-AF5435032224} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {8D194B8A-CA11-4DB4-ACBA-3815F4B817EC} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Program Files\BlueSprig\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)
Task: {8E2F6C57-0A43-4A2A-9CD0-AFFA72B91ACC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-02] (Google Inc.)
Task: {8E97C2CE-D9F8-464D-A496-B6144FB4F2BE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-21] (Piriform Ltd)
Task: {9C92D169-A3C2-40FC-A0A9-BAB86874850C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {BA7B6327-899A-432D-A573-D3A30E80026B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {BABB5D3A-4830-4E65-ACA7-27BA97349F09} - System32\Tasks\Leader Technologies\PowerRegister\Seagate Product Registration (David) => C:\Users\David\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe [2012-09-27] (Leader Technologies/Seagate)
Task: {C254F144-1372-420F-854D-2D55CF032A02} - System32\Tasks\SmartDefrag3_Update => C:\Program Files\IObit\Smart Defrag 3\AutoUpdate.exe [2014-01-09] (IObit)
Task: {C8AE239B-9146-4813-B2E4-D3583FFC8360} - System32\Tasks\ASC7_SkipUac_David => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe [2014-02-14] (IObit)
Task: {D6BE5858-64C7-4B5C-B6DF-B2A7F08A9ED7} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2014-01-10] (IObit)
Task: {DD715D02-D814-4D1A-8A92-A8545DF7907C} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-02-13] (IObit)
Task: {E0B1C85E-2A70-4F4C-B629-C284ACA32902} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-21] (AVAST Software)
Task: {FC2AD35B-6347-4865-BDEE-A3A5AEE4599D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-02] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Driver Booster Update.job => C:\Program Files\IObit\Driver Booster\AutoUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SLOW-PCfighter-David-Notification.job => C:\Program Files\Fighters\SLOW-PCfighter\Sync.exe
Task: C:\Windows\Tasks\SLOW-PCfighter-David-Startup.job => C:\Program Files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe

==================== Loaded Modules (whitelisted) =============

2014-01-02 23:22 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files\IObit\Advanced SystemCare 7\sqlite3.dll
2014-03-14 22:20 - 2014-03-14 19:55 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031400\algo.dll
2014-03-15 09:14 - 2014-03-15 02:36 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031401\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-13 17:31 - 2013-12-13 17:31 - 00422536 _____ () C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
2014-01-06 15:03 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-06 15:03 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-06 15:03 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-06 15:03 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-06 15:03 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-02 23:09 - 2014-01-02 23:09 - 00921040 _____ () C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
2014-01-22 20:34 - 2012-09-05 18:55 - 00892288 _____ () C:\Program Files\IObit\Smart Defrag 3\webres.dll
2014-01-02 23:22 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madExcept_.bpl
2014-01-02 23:22 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madBasic_.bpl
2014-01-02 23:22 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files\IObit\Advanced SystemCare 7\madDisAsm_.bpl
2014-01-02 23:22 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files\IObit\Advanced SystemCare 7\webres.dll
2012-07-24 19:26 - 2012-07-24 19:26 - 00040960 _____ () C:\Users\David\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
2012-07-24 19:26 - 2012-07-24 19:26 - 00034304 _____ () C:\Users\David\AppData\Local\Programs\TouchFreeze\TouchFreeze.dll
2014-02-15 11:50 - 2014-02-15 11:50 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ASProxy => ""="service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wandoujia_helper.lnk => C:\Windows\pss\wandoujia_helper.lnk.Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CommonToolkitTray =>
MSCONFIG\startupreg: ICBCEBankAssist => "C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\RunEBank.exe"
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: uTorrent => "C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/14/2014 10:35:56 PM) (Source: Application Hang) (User: )
Description: The program SDWelcome.exe version 2.2.21.129 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 318

Start Time: 01cf3f41f835e2ff

Termination Time: 842

Application Path: C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe

Report Id: ecb7ab54-ab85-11e3-92cc-00219bd0c3e0

Error: (03/14/2014 11:37:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045

Error: (03/14/2014 11:37:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045

Error: (03/14/2014 11:37:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/13/2014 07:46:58 AM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/13/2014 07:46:58 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/13/2014 07:46:58 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/13/2014 07:46:58 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (03/13/2014 07:46:57 AM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/13/2014 07:46:57 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)


System errors:
=============
Error: (03/15/2014 09:10:57 AM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (03/14/2014 10:33:42 AM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (03/14/2014 10:32:45 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (03/14/2014 10:32:45 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (03/13/2014 07:59:41 AM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (03/13/2014 07:46:58 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/13/2014 07:46:58 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (03/12/2014 04:38:20 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (03/12/2014 03:58:41 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (03/12/2014 03:14:48 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-02-03 20:03:47.755
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\David\AppData\Local\Temp\0399523\kldw.exe because the set of per-page image hashes could not be found on the system.

Date: 2014-02-03 20:03:47.241
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\David\AppData\Local\Temp\0399523\kldw.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 1918 MB
Available physical RAM: 826.89 MB
Total Pagefile: 3836.01 MB
Available Pagefile: 2271.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1865.95 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.65 GB) (Free:68.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:68.36 GB) (Free:46.23 GB) NTFS
Drive e: () (Fixed) (Total:66.86 GB) (Free:21.58 GB) NTFS
Drive g: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:563.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: EF08263A)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 99C46DCD)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#4
emeraldnzl
Posted 15 March 2014 - 12:43 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello daba,

Please download : ADWCleaner to your desktop (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When the "Please uncheck elements you don't want to remove" appears just go ahead and click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

After that

  • Please run Farbars Recovery Scan Tool again
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
When you return please post
  • AdwCleaner report
  • FRST.txt
  • 0

#5
daba
Posted 21 March 2014 - 05:22 PM

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts
Thank you very much for the follow-up. Here are the reports that you requested:

AdwCleaner v3.022 - Report created 22/03/2014 at 00:40:05
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : David - DAVID-PC
# Running from : C:\Users\David\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Program Files\Common Files\baidu
Folder Deleted : C:\Windows\system32\AI_RecycleBin
Folder Deleted : C:\Users\David\AppData\Roaming\baidu
Folder Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\Extensions\[email protected]
File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\user.js
File Deleted : C:\Windows\Tasks\Driver Booster Update.job
File Deleted : C:\Windows\System32\Tasks\Driver Booster Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4131B6CD-497E-4967-B868-3E1CECEC859A}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4131B6CD-497E-4967-B868-3E1CECEC859A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\OCS

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16533


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1816 octets] - [21/03/2014 23:04:18]
AdwCleaner[S0].txt - [1798 octets] - [22/03/2014 00:40:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1858 octets] ##########
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by David (administrator) on DAVID-PC on 22-03-2014 07:21:53
Running from C:\Users\David\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Alipay Inc. ) C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
(IObit) C:\Program Files\IObit\Smart Defrag 3\SmartDefrag.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Users\David\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
(阿里巴巴(中国)有限公司) C:\Program Files\alipay\SafeTransaction\TaobaoProtect.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(BitTorrent Inc.) C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe
(Alipay Inc. ) C:\Program Files\alipay\SafeTransaction\Alipaybsm.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\David\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Microsoft Pinyin IME Migration] - C:\Program Files\Common Files\microsoft shared\IME12\IMESC\IMSCMIG.EXE [32112 2011-05-31] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-21] (AVAST Software)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-05] (Microsoft Corporation)
HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\Run: [TouchFreeze] - C:\Users\David\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [40960 2012-07-24] ()
HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-15] (SUPERAntiSpyware)
HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\Run: [uTorrent] - C:\Users\David\AppData\Roaming\uTorrent\uTorrent.exe [1340496 2014-01-11] (BitTorrent Inc.)
HKU\S-1-5-21-1483477416-240000409-50094224-1000\...\MountPoints2: {f1a8d70c-7426-11e3-b52f-806e6f6e6963} - F:\SETUP.EXE

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...?client=aff-ime
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB83525F3C507CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {095EEDD2-9A61-4BA6-9891-94E310EA237C} URL = http://startpage.com...uage=english_uk
SearchScopes: HKCU - {0CA308D4-5FE7-4E88-837B-02527DC767D2} URL = http://www.baidu.com...d={searchTerms}
BHO: Í㶹¼Ô apk °²×°Æ÷ - {000DA090-57AA-424B-A8F0-621B7C08B8F4} - C:\Program Files\WandouLabs\wandoujia_bho.dll (Wandoulabs)
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: ICBC Anti-Phishing class - {BB4491A2-D11A-4c6b-91C0-B53246A3122B} - C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll (中国工商银行)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\ASProxy.dll [353824] (Astrill)
Winsock: Catalog9 02 C:\Windows\system32\ASProxy.dll [353824] (Astrill)
Winsock: Catalog9 03 C:\Windows\system32\ASProxy.dll [353824] (Astrill)
Winsock: Catalog9 04 C:\Windows\system32\ASProxy.dll [353824] (Astrill)
Winsock: Catalog9 41 C:\Windows\system32\ASProxy.dll [353824] (Astrill)
Tcpip\..\Interfaces\{B69EE329-2CA7-4807-B85B-14C2398B23F2}: [NameServer]221.7.128.68 221.7.136.68

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default
FF DefaultSearchEngine: Startpage HTTPS
FF SelectedSearchEngine: Startpage HTTPS
FF Homepage: www.startpage.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @alipay.com/npalidcp - C:\Windows\system32\aliedit\3.7.0.0\npalidcp.dll (Alipay.com co.,ltd)
FF Plugin: @alipay.com/npaliedit - C:\Windows\system32\aliedit\3.7.0.0\npaliedit.dll (Alipay.com co.,ltd)
FF Plugin: @alipay.com/npAliSecCtrl - C:\Windows\system32\aliedit\3.7.0.0\npAliSecCtrl.dll (Alipay.com Inc. )
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @icbc.com/npChromeClientBinding,ver=1.0.0.0 - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeClientBinding.dll (ICBC)
FF Plugin: @icbc.com/npChromeFullScreen,ver=1.0.0.1 - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeFullScreen.dll (ICBC)
FF Plugin: @icbc.com/npChromeSubmit,ver=1.0.0.1 - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeSubmit.dll (ICBC)
FF Plugin: @icbc.com/npChromeXXin,ver=1.0.0.1 - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\npChromeXXin.dll ( )
FF Plugin: @icbc/icbc_ms_npClCache,Version=1.0.0.2 - C:\Program Files\ICBCEbankTools\FirefoxPlugins\npClCache.dll ()
FF Plugin: @icbc/icbc_ms_npClientBinding,Version=1.0.0.2 - C:\Program Files\ICBCEbankTools\FirefoxPlugins\npClientBinding.dll ( )
FF Plugin: @icbc/icbc_ms_npFullScreen,Version=1.0.0.2 - C:\Program Files\ICBCEbankTools\FirefoxPlugins\npFullScreen.dll ()
FF Plugin: @icbc/icbc_ms_npsubmit,Version=1.0.0.7 - C:\Program Files\ICBCEbankTools\FirefoxPlugins\npsubmit.dll ( )
FF Plugin: @icbc/icbc_ms_npxxin,Version=1.0.0.8 - C:\Program Files\ICBCEbankTools\FirefoxPlugins\npxxin.dll ( )
FF Plugin: @icbc/npAssistComm,Version=1.0.0.1 - C:\Program Files\ICBCEbankTools\ICBCSetupIntegration\npAssistComm.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wandoujia.com - C:\Program Files\WandouLabs\npWandoujiaHelper.dll (wandoujia.com)
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\searchplugins\baidu.xml
FF SearchPlugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\searchplugins\startpage-https.xml
FF Extension: Astrill Proxy Switcher - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\Extensions\[email protected] [2014-02-14]
FF Extension: Popup Chinese Dictionary - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\Extensions\[email protected] [2014-01-11]
FF Extension: ICBCClrCache - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\Extensions\[email protected] [2014-02-10]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-02-22]
FF Extension: Zhong Wen - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\Extensions\{bbfec13e-8cb4-53f4-c852-999eb2a852cb}.xpi [2014-01-03]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-21]
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files\WordWeb\WCaptureMoz [2014-01-03]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: google.com.au
CHR DefaultSearchProvider: Google OZ
CHR DefaultSearchURL: http://www.google.co...q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Advanced SystemCare 7) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\Plugin/ASCPlugin_Protect.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll No File
CHR Extension: (Media Hint) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja [2014-01-22]
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-02]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-02]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-03-02]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-02]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-02]
CHR Extension: (Zhongwen: A Chinese-English Popup Dictionary) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde [2014-01-02]
CHR Extension: (ICBCChromeExtension) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\lehjanbmddecbhgnnncapflmglinppcj [2014-02-10]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-02]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-02-21]
CHR HKLM\...\Chrome\Extension: [lehjanbmddecbhgnnncapflmglinppcj] - C:\Program Files\ICBCEbankTools\ICBCChromeExtension\ICBCChromeExtension.crx [2013-07-02]
CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\WordWeb\wcxChrome.crx [2014-01-03]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-12] (SUPERAntiSpyware.com)
R2 AlipaySecSvc; C:\Program Files\alipay\alieditplus\AlipaySecSvc.exe [540032 2014-03-07] (Alipay Inc. )
S3 ASOVPNHelper; C:\Program Files\Astrill\ASOvpnSvc.exe [434024 2014-01-19] (Astrill)
S3 ASProxy; C:\Program Files\Astrill\ASProxy.exe [1983520 2013-12-27] (Astrill)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-21] (AVAST Software)
R2 ICBC Daemon Service; C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe [422536 2013-12-13] ()
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-02-14] (IObit)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 asvpndrv; C:\Windows\System32\DRIVERS\asvpndrv.sys [25856 2012-02-29] (Astrill)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2014-02-21] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-02-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-21] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-21] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-02-21] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18624 2013-12-24] (IObit)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-07-01] (The OpenVPN Project)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-22 07:19 - 2014-03-22 07:21 - 01145856 _____ (Farbar) C:\Users\David\Downloads\FRST(1).exe
2014-03-21 23:04 - 2014-03-22 00:40 - 00000000 ____D () C:\AdwCleaner
2014-03-21 22:55 - 2014-03-21 22:59 - 01950720 _____ () C:\Users\David\Downloads\AdwCleaner.exe
2014-03-21 22:00 - 2014-03-22 00:41 - 00004588 _____ () C:\Windows\WindowsUpdate.log
2014-03-21 06:37 - 2014-03-22 00:43 - 00000168 _____ () C:\Windows\setupact.log
2014-03-21 06:37 - 2014-03-21 06:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-21 06:36 - 2014-03-21 06:36 - 00002966 _____ () C:\Windows\PFRO.log
2014-03-20 22:10 - 2014-03-20 22:19 - 25434090 _____ () C:\Users\David\Downloads\Exporting Beauty Chinese beauty queen pageant.flv
2014-03-20 22:08 - 2014-03-20 22:12 - 25361763 _____ () C:\Users\David\Downloads\Ideal Girl Beauty Standards in China vs. the West.flv
2014-03-20 21:55 - 2014-03-20 22:00 - 41902499 _____ () C:\Users\David\Downloads\China's Tortured Beauties Make Me Look Western.flv
2014-03-20 12:49 - 2014-03-20 12:49 - 00000000 ____D () C:\Users\David\Downloads\schdulefromsarah
2014-03-20 12:47 - 2014-03-20 12:47 - 00017676 _____ () C:\Users\David\Downloads\schdulefromsarah.zip
2014-03-18 22:15 - 2014-03-18 22:15 - 14209212 _____ () C:\Users\David\Downloads\5 Homemade Cleaners! DIY Cleaning Products!.flv
2014-03-18 15:15 - 2014-03-18 15:15 - 00000000 ____D () C:\Users\David\AppData\Local\Kingsoft
2014-03-18 15:03 - 2014-03-22 07:16 - 00000362 _____ () C:\Windows\Tasks\WpsNotifyTask_David.job
2014-03-18 15:03 - 2014-03-22 06:56 - 00000362 _____ () C:\Windows\Tasks\WpsUpdateTask_David.job
2014-03-18 15:03 - 2014-03-18 15:03 - 00001358 _____ () C:\Users\Public\Desktop\Kingsoft Writer.lnk
2014-03-18 15:03 - 2014-03-18 15:03 - 00001356 _____ () C:\Users\Public\Desktop\Kingsoft Presentation.lnk
2014-03-18 15:03 - 2014-03-18 15:03 - 00001337 _____ () C:\Users\Public\Desktop\Kingsoft Spreadsheets.lnk
2014-03-18 15:02 - 2014-03-18 15:02 - 00000000 ____D () C:\ProgramData\Kingsoft
2014-03-18 15:00 - 2014-03-18 15:00 - 00000000 ____D () C:\Users\David\AppData\Roaming\Kingsoft
2014-03-18 15:00 - 2014-03-18 15:00 - 00000000 ____D () C:\Program Files\Kingsoft
2014-03-18 14:57 - 2014-03-18 14:59 - 47578936 _____ (Kingsoft Corp. Ltd.) C:\Users\David\Downloads\office_free_2013.exe
2014-03-16 19:20 - 2014-03-16 19:20 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-03-16 19:19 - 2014-03-16 19:19 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2014-03-16 18:03 - 2014-03-16 18:03 - 01775701 _____ () C:\Users\David\Downloads\Inside Area 51 rare footage.flv
2014-03-16 18:02 - 2014-03-16 18:03 - 05937701 _____ () C:\Users\David\Downloads\humans working along side aliens at area 51.flv
2014-03-16 17:56 - 2014-03-16 17:56 - 05514804 _____ () C:\Users\David\Downloads\Zhineng Qigong Dissolved Tumor 智能气功化瘤子.flv
2014-03-16 17:56 - 2014-03-16 17:56 - 05514804 _____ () C:\Users\David\Downloads\Zhineng Qigong Dissolved Tumor 智能气功化瘤子(1).flv
2014-03-16 17:55 - 2014-03-16 17:56 - 21646316 _____ () C:\Users\David\Downloads\Alien abduction Jesse Long Abducted By Aliens at only 5 years old!.flv
2014-03-16 17:50 - 2014-03-16 17:50 - 08715916 _____ () C:\Users\David\Downloads\Bermuda Triangle what happened to Flight 19 - BBC.flv
2014-03-16 17:45 - 2014-03-16 17:45 - 05230029 _____ () C:\Users\David\Downloads\Hybrid Man Found in China.flv
2014-03-16 17:14 - 2014-03-16 17:15 - 02921662 _____ () C:\Users\David\Downloads\Time Travel Evidence Watch Found in 400 Year Old Tomb.flv
2014-03-16 17:07 - 2014-03-16 17:08 - 12874334 _____ () C:\Users\David\Downloads\Pyramid UFO Moscow Colombia China UK New York City Washington DC Pyramid UFOS.flv
2014-03-16 15:47 - 2014-03-16 15:47 - 03862387 _____ () C:\Users\David\Downloads\Freaky Spontaneous Human Combustion!!!.flv
2014-03-16 15:45 - 2014-03-16 15:45 - 02127824 _____ () C:\Users\David\Downloads\UFO cometa em Hangzhou-China.flv
2014-03-16 15:40 - 2014-03-16 15:40 - 01597977 _____ () C:\Users\David\Downloads\UFO in Nanjing,China.flv
2014-03-16 15:40 - 2014-03-16 15:40 - 01597977 _____ () C:\Users\David\Downloads\UFO in Nanjing,China(1).flv
2014-03-16 15:31 - 2014-03-16 15:32 - 06896867 _____ () C:\Users\David\Downloads\Aliens UFO landed at China Yanjiao-Full version.flv
2014-03-16 12:39 - 2014-03-16 12:39 - 05817600 _____ () C:\Users\David\Downloads\[HD]UFO Lands In China!!! June 7th, 2013 Unbelievable UFO Sighting!!!.flv
2014-03-15 15:21 - 2014-03-15 15:21 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-03-15 15:12 - 2014-03-22 07:21 - 00016323 _____ () C:\Users\David\Downloads\FRST.txt
2014-03-15 15:12 - 2014-03-15 15:13 - 00026374 _____ () C:\Users\David\Downloads\Addition.txt
2014-03-15 15:11 - 2014-03-22 07:21 - 00000000 ____D () C:\FRST
2014-03-15 15:09 - 2014-03-15 15:09 - 01145856 _____ (Farbar) C:\Users\David\Downloads\FRST.exe
2014-03-12 21:32 - 2014-03-12 21:32 - 00005646 _____ () C:\Users\David\Documents\cc_20140312_213230.reg
2014-03-11 20:16 - 2014-03-11 20:16 - 07011754 _____ () C:\Users\David\Downloads\The Making Of 'Gutter Oil'.flv
2014-03-11 17:02 - 2014-03-11 17:02 - 00002244 _____ () C:\Users\Public\Desktop\Free Video to MP3 Converter.lnk
2014-03-11 17:02 - 2014-03-11 17:02 - 00000000 ____D () C:\Users\David\AppData\Roaming\DVDVideoSoft
2014-03-11 17:02 - 2014-03-11 17:02 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-03-11 17:02 - 2014-03-11 17:02 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-03-11 16:59 - 2014-03-11 16:59 - 00930952 _____ (CNET Download.com) C:\Users\David\Downloads\cbsidlm-cbsi183-Free_Video_to_MP3_Converter-SEO-10638108.exe
2014-03-10 20:19 - 2006-10-26 19:56 - 00032592 _____ (Microsoft Corporation) C:\Windows\system32\msonpmon.dll
2014-03-10 13:14 - 2014-03-10 13:14 - 06134698 _____ () C:\Users\David\Downloads\Deadly Human Parasite __ Parasites inside humans ep2.flv
2014-03-10 13:14 - 2014-03-10 13:14 - 02181510 _____ () C:\Users\David\Downloads\Parasites Round Worm Found in Human Colon.flv
2014-03-09 21:35 - 2014-03-09 21:38 - 04502180 _____ () C:\Users\David\Downloads\Fast Food - The Infographics Show.flv
2014-03-09 16:36 - 2014-03-09 16:36 - 00000000 ____D () C:\Program Files\EclipseCrossword
2014-03-09 16:35 - 2014-03-09 16:35 - 00592896 _____ () C:\Users\David\Downloads\Install EclipseCrossword.msi
2014-03-08 20:32 - 2014-03-08 20:32 - 00000000 ____D () C:\Users\David\AppData\Roaming\dvdcss
2014-03-07 12:17 - 2014-03-22 00:43 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-03-06 07:34 - 2014-03-06 07:35 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-05 21:08 - 2014-03-05 21:08 - 01178636 _____ () C:\Users\David\Downloads\Fear and Courage.flv
2014-03-05 20:46 - 2014-03-05 20:49 - 12186285 _____ () C:\Users\David\Downloads\[FULL] Oscars 2014 Cate Blanchett Wins Best Actress at Oscar 2014 _ FULL VIDEO.flv
2014-03-05 20:24 - 2014-03-05 20:27 - 10219546 _____ () C:\Users\David\Downloads\[FULL] Matthew McConaughey Wins Best Actor at Oscars 2014 _ Oscar 2014 _ FULL VIDEO.flv
2014-03-05 19:28 - 2014-03-05 19:29 - 04765152 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup411.exe
2014-03-05 18:40 - 2014-03-05 18:40 - 00000000 ____D () C:\Windows\pss
2014-03-03 11:45 - 2014-03-03 11:46 - 08323096 _____ () C:\Users\David\Downloads\Jared Leto wins oscars 2014 - Acceptance Speech HQ.flv
2014-03-03 11:44 - 2014-03-03 11:45 - 08031226 _____ () C:\Users\David\Downloads\Lupita Nyong'o wins oscars 2014 - Acceptance Speech HQ.flv
2014-03-03 11:43 - 2014-03-03 11:43 - 03055383 _____ () C:\Users\David\Downloads\Survivors of China train station stabbing attack speak out.flv
2014-03-02 23:02 - 2014-03-02 23:02 - 00001208 _____ () C:\Users\David\Documents\cc_20140302_230228.reg
2014-03-02 16:26 - 2014-03-02 16:26 - 05651022 _____ () C:\Users\David\Downloads\Second Amendment Refresher.flv
2014-03-02 16:21 - 2014-03-02 16:22 - 13418283 _____ () C:\Users\David\Downloads\The REAL Purpose of the 2nd Amendment - The Ultimate Critique of Gun Control.flv
2014-03-02 16:18 - 2014-03-02 16:18 - 17037854 _____ () C:\Users\David\Downloads\The Second Amendment Explained The Constitution for Dummies Series.flv
2014-03-02 16:07 - 2014-03-02 16:07 - 08181165 _____ () C:\Users\David\Downloads\Why Switzerland Has The Lowest Crime Rate In The World.flv
2014-03-02 16:00 - 2014-03-02 16:00 - 11809041 _____ () C:\Users\David\Downloads\Don't Sell Me This! Communism Escapee Blasts Gun Control.flv
2014-03-02 15:44 - 2014-03-02 15:45 - 26504430 _____ () C:\Users\David\Downloads\Enemy of the Second Amendment Dianne Feinstein and Ron Johnson Debate on Gun Control.flv
2014-03-02 15:33 - 2014-03-02 15:33 - 03345301 _____ () C:\Users\David\Downloads\Senior Citizen Opens Fire on Robbers of Internet Cafe.flv
2014-03-02 15:29 - 2014-03-02 15:30 - 26744198 _____ () C:\Users\David\Downloads\The Armed Citizen II Public Defense.flv
2014-03-02 15:27 - 2014-03-02 15:28 - 16235774 _____ () C:\Users\David\Downloads\Gun Control - Watch What Happens When Guns Are Banned.flv
2014-03-02 15:18 - 2014-03-02 15:19 - 11555345 _____ () C:\Users\David\Downloads\Finally a sensible conversation on gun control.flv
2014-03-02 08:48 - 2014-03-02 08:48 - 00001182 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-03-02 08:44 - 2014-03-02 08:45 - 41807400 _____ (IObit ) C:\Users\David\Downloads\advanced-systemcare-setup (1).exe
2014-03-01 22:29 - 2014-03-01 22:30 - 11610760 _____ () C:\Users\David\Downloads\Video that will change your life. I have no words left.flv
2014-03-01 22:19 - 2014-03-01 22:20 - 23600500 _____ () C:\Users\David\Downloads\World's Most Powerful Speech.flv
2014-03-01 22:14 - 2014-03-01 22:14 - 08483872 _____ () C:\Users\David\Downloads\Powerful Inspirational true story...Don't give up!.flv
2014-03-01 20:49 - 2014-03-01 20:49 - 04795275 _____ () C:\Users\David\Downloads\Very Fit 60 Year Old.flv
2014-03-01 20:46 - 2014-03-01 20:47 - 07045069 _____ () C:\Users\David\Downloads\EXTREMELY RIPPED 46 YEAR OLD!.flv
2014-03-01 20:39 - 2014-03-01 20:39 - 07344199 _____ () C:\Users\David\Downloads\THE BEST Lower Ab Workout.flv
2014-03-01 20:30 - 2014-03-01 20:31 - 21647545 _____ () C:\Users\David\Downloads\Ultimate 8 Pack Abs Workout.flv
2014-03-01 20:28 - 2014-03-01 20:29 - 09717240 _____ () C:\Users\David\Downloads\8 Pack Abs Hitch TRU FITNESS EDITION.flv
2014-02-28 11:04 - 2014-03-06 07:35 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-28 11:03 - 2014-02-28 11:04 - 00000000 ____D () C:\Program Files\iTunes
2014-02-28 11:03 - 2014-02-28 11:03 - 00000000 ____D () C:\Program Files\iPod
2014-02-28 10:53 - 2014-02-28 10:58 - 137699152 _____ (Apple Inc.) C:\Users\David\Downloads\iTunesSetup.exe
2014-02-28 10:36 - 2014-02-28 10:36 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-27 08:08 - 2014-02-27 08:10 - 41807400 _____ (IObit ) C:\Users\David\Downloads\advanced-systemcare-setup.exe
2014-02-24 18:47 - 2014-02-24 18:47 - 00633752 _____ ( ) C:\Users\David\Downloads\FreeYouTubeDownloaderInstallerIC.exe
2014-02-24 18:32 - 2014-02-24 18:32 - 00001458 _____ () C:\Users\David\Documents\cc_20140224_183242.reg
2014-02-24 12:53 - 2014-02-24 12:53 - 00012184 _____ () C:\Users\David\Downloads\[kickass.to]21.day.fast.mass.building.vince.del.monte.lee.hayward.torrent
2014-02-24 12:53 - 2014-02-24 12:53 - 00012184 _____ () C:\Users\David\Downloads\[kickass.to]21.day.fast.mass.building.vince.del.monte.lee.hayward (1).torrent
2014-02-23 23:28 - 2014-02-23 23:28 - 00000000 ____D () C:\alipay
2014-02-23 22:56 - 2014-02-23 22:56 - 00034676 _____ () C:\Users\David\Downloads\Extras.Txt
2014-02-23 22:54 - 2014-02-23 22:54 - 00101428 _____ () C:\Users\David\Downloads\OTL.Txt
2014-02-23 22:34 - 2014-02-23 22:34 - 00602112 _____ (OldTimer Tools) C:\Users\David\Downloads\OTL.exe
2014-02-23 16:54 - 2014-03-10 11:37 - 00000000 ____D () C:\Users\David\Desktop\GXMU
2014-02-23 10:07 - 2014-03-22 07:14 - 00000000 ____D () C:\Users\David\AppData\Roaming\TaobaoProtect
2014-02-23 10:07 - 2014-02-23 10:07 - 00000000 ____D () C:\Users\David\AppData\Local\alipay
2014-02-21 15:32 - 2014-02-21 15:32 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVAST Software
2014-02-21 15:30 - 2014-03-21 22:54 - 00002115 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-21 15:29 - 2014-02-21 15:28 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-21 15:29 - 2014-02-21 15:28 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-21 15:29 - 2014-02-21 15:28 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-21 15:29 - 2014-02-21 15:28 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-21 15:29 - 2014-02-21 15:28 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-21 15:28 - 2014-02-21 15:28 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-21 15:28 - 2014-02-21 15:28 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-21 15:28 - 2014-02-21 15:28 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-21 15:28 - 2014-02-21 15:28 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-21 15:27 - 2014-02-21 15:27 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-21 15:26 - 2014-02-21 15:26 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-21 15:21 - 2014-02-21 15:25 - 88725592 _____ (AVAST Software) C:\Users\David\Downloads\avast_free_antivirus_setup(1).exe
2014-02-21 15:16 - 2014-02-21 15:16 - 00243049 _____ () C:\Users\David\Downloads\avast_free_antivirus_setup.exe
2014-02-21 13:15 - 2014-03-22 06:55 - 00000384 _____ () C:\Windows\Tasks\SLOW-PCfighter-David-Notification.job
2014-02-21 13:15 - 2014-03-22 06:55 - 00000378 _____ () C:\Windows\Tasks\SLOW-PCfighter-David-Startup.job
2014-02-21 13:15 - 2014-02-21 13:15 - 00000000 ____D () C:\Users\David\AppData\Roaming\Fighters
2014-02-21 13:15 - 2014-02-21 13:15 - 00000000 ____D () C:\ProgramData\Fighters
2014-02-21 13:13 - 2014-02-21 13:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\DesktopIconGoodgame
2014-02-21 09:45 - 2014-02-21 09:45 - 04011240 _____ (Avira Operations GmbH & Co. KG) C:\Users\David\Downloads\avira_oe_client_antivirus_en.exe
2014-02-20 14:27 - 2014-02-20 14:28 - 04721920 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup410 (1).exe
2014-02-20 14:27 - 2014-02-20 14:27 - 04721920 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup410.exe
2014-02-20 09:51 - 2014-02-20 09:51 - 00000000 ___RD () C:\Program Files\Skype
2014-02-20 09:51 - 2014-02-20 09:51 - 00000000 ____D () C:\Program Files\Common Files\Skype

==================== One Month Modified Files and Folders =======

2014-03-22 07:22 - 2014-03-15 15:12 - 00016323 _____ () C:\Users\David\Downloads\FRST.txt
2014-03-22 07:22 - 2014-01-02 23:20 - 00000000 ____D () C:\Users\David\AppData\Roaming\uTorrent
2014-03-22 07:21 - 2014-03-22 07:19 - 01145856 _____ (Farbar) C:\Users\David\Downloads\FRST(1).exe
2014-03-22 07:21 - 2014-03-15 15:11 - 00000000 ____D () C:\FRST
2014-03-22 07:16 - 2014-03-18 15:03 - 00000362 _____ () C:\Windows\Tasks\WpsNotifyTask_David.job
2014-03-22 07:14 - 2014-02-23 10:07 - 00000000 ____D () C:\Users\David\AppData\Roaming\TaobaoProtect
2014-03-22 07:02 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\tracing
2014-03-22 06:58 - 2009-07-14 12:34 - 00014336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 06:58 - 2009-07-14 12:34 - 00014336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 06:56 - 2014-03-18 15:03 - 00000362 _____ () C:\Windows\Tasks\WpsUpdateTask_David.job
2014-03-22 06:55 - 2014-02-21 13:15 - 00000384 _____ () C:\Windows\Tasks\SLOW-PCfighter-David-Notification.job
2014-03-22 06:55 - 2014-02-21 13:15 - 00000378 _____ () C:\Windows\Tasks\SLOW-PCfighter-David-Startup.job
2014-03-22 00:43 - 2014-03-21 06:37 - 00000168 _____ () C:\Windows\setupact.log
2014-03-22 00:43 - 2014-03-07 12:17 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-03-22 00:43 - 2014-01-02 23:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-22 00:43 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-22 00:41 - 2014-03-21 22:00 - 00004588 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 00:40 - 2014-03-21 23:04 - 00000000 ____D () C:\AdwCleaner
2014-03-22 00:39 - 2014-01-03 16:54 - 00000000 ____D () C:\Users\David\AppData\Roaming\vlc
2014-03-21 23:10 - 2014-01-02 23:15 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2014-03-21 23:07 - 2014-01-02 23:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-21 23:07 - 2014-01-02 23:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-21 22:59 - 2014-03-21 22:55 - 01950720 _____ () C:\Users\David\Downloads\AdwCleaner.exe
2014-03-21 22:54 - 2014-02-21 15:30 - 00002115 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-21 12:44 - 2014-02-14 13:43 - 00004284 _____ () C:\Windows\system32\ASProxy.ini
2014-03-21 12:44 - 2014-02-14 13:43 - 00002680 _____ () C:\Windows\system32\ASProxyOff.ini
2014-03-21 06:37 - 2014-03-21 06:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-21 06:36 - 2014-03-21 06:36 - 00002966 _____ () C:\Windows\PFRO.log
2014-03-20 22:19 - 2014-03-20 22:10 - 25434090 _____ () C:\Users\David\Downloads\Exporting Beauty Chinese beauty queen pageant.flv
2014-03-20 22:12 - 2014-03-20 22:08 - 25361763 _____ () C:\Users\David\Downloads\Ideal Girl Beauty Standards in China vs. the West.flv
2014-03-20 22:00 - 2014-03-20 21:55 - 41902499 _____ () C:\Users\David\Downloads\China's Tortured Beauties Make Me Look Western.flv
2014-03-20 12:49 - 2014-03-20 12:49 - 00000000 ____D () C:\Users\David\Downloads\schdulefromsarah
2014-03-20 12:47 - 2014-03-20 12:47 - 00017676 _____ () C:\Users\David\Downloads\schdulefromsarah.zip
2014-03-19 16:04 - 2014-01-10 10:43 - 00387790 _____ () C:\Windows\system32\prfh0804.dat
2014-03-19 16:04 - 2014-01-10 10:43 - 00123268 _____ () C:\Windows\system32\prfc0804.dat
2014-03-19 16:04 - 2014-01-02 22:20 - 01275540 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-19 08:42 - 2009-07-14 12:33 - 00458184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-18 22:15 - 2014-03-18 22:15 - 14209212 _____ () C:\Users\David\Downloads\5 Homemade Cleaners! DIY Cleaning Products!.flv
2014-03-18 15:15 - 2014-03-18 15:15 - 00000000 ____D () C:\Users\David\AppData\Local\Kingsoft
2014-03-18 15:15 - 2014-01-02 23:12 - 00116144 _____ () C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 15:03 - 2014-03-18 15:03 - 00001358 _____ () C:\Users\Public\Desktop\Kingsoft Writer.lnk
2014-03-18 15:03 - 2014-03-18 15:03 - 00001356 _____ () C:\Users\Public\Desktop\Kingsoft Presentation.lnk
2014-03-18 15:03 - 2014-03-18 15:03 - 00001337 _____ () C:\Users\Public\Desktop\Kingsoft Spreadsheets.lnk
2014-03-18 15:03 - 2009-07-14 15:49 - 00000000 ____D () C:\Windows\ShellNew
2014-03-18 15:02 - 2014-03-18 15:02 - 00000000 ____D () C:\ProgramData\Kingsoft
2014-03-18 15:00 - 2014-03-18 15:00 - 00000000 ____D () C:\Users\David\AppData\Roaming\Kingsoft
2014-03-18 15:00 - 2014-03-18 15:00 - 00000000 ____D () C:\Program Files\Kingsoft
2014-03-18 14:59 - 2014-03-18 14:57 - 47578936 _____ (Kingsoft Corp. Ltd.) C:\Users\David\Downloads\office_free_2013.exe
2014-03-17 11:17 - 2014-01-02 23:22 - 00000000 ____D () C:\Program Files\IObit
2014-03-17 11:17 - 2014-01-02 23:20 - 00000000 ____D () C:\Users\David\AppData\Roaming\IObit
2014-03-17 11:08 - 2014-01-03 16:33 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-03-16 21:10 - 2014-01-17 10:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-16 19:20 - 2014-03-16 19:20 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-03-16 19:20 - 2014-01-17 10:49 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-03-16 19:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-16 19:19 - 2014-03-16 19:19 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2014-03-16 19:19 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-03-16 19:10 - 2009-07-14 10:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-16 19:10 - 2009-07-14 10:04 - 00000478 _____ () C:\Windows\win.ini
2014-03-16 18:03 - 2014-03-16 18:03 - 01775701 _____ () C:\Users\David\Downloads\Inside Area 51 rare footage.flv
2014-03-16 18:03 - 2014-03-16 18:02 - 05937701 _____ () C:\Users\David\Downloads\humans working along side aliens at area 51.flv
2014-03-16 17:56 - 2014-03-16 17:56 - 05514804 _____ () C:\Users\David\Downloads\Zhineng Qigong Dissolved Tumor 智能气功化瘤子.flv
2014-03-16 17:56 - 2014-03-16 17:56 - 05514804 _____ () C:\Users\David\Downloads\Zhineng Qigong Dissolved Tumor 智能气功化瘤子(1).flv
2014-03-16 17:56 - 2014-03-16 17:55 - 21646316 _____ () C:\Users\David\Downloads\Alien abduction Jesse Long Abducted By Aliens at only 5 years old!.flv
2014-03-16 17:50 - 2014-03-16 17:50 - 08715916 _____ () C:\Users\David\Downloads\Bermuda Triangle what happened to Flight 19 - BBC.flv
2014-03-16 17:45 - 2014-03-16 17:45 - 05230029 _____ () C:\Users\David\Downloads\Hybrid Man Found in China.flv
2014-03-16 17:15 - 2014-03-16 17:14 - 02921662 _____ () C:\Users\David\Downloads\Time Travel Evidence Watch Found in 400 Year Old Tomb.flv
2014-03-16 17:08 - 2014-03-16 17:07 - 12874334 _____ () C:\Users\David\Downloads\Pyramid UFO Moscow Colombia China UK New York City Washington DC Pyramid UFOS.flv
2014-03-16 15:47 - 2014-03-16 15:47 - 03862387 _____ () C:\Users\David\Downloads\Freaky Spontaneous Human Combustion!!!.flv
2014-03-16 15:45 - 2014-03-16 15:45 - 02127824 _____ () C:\Users\David\Downloads\UFO cometa em Hangzhou-China.flv
2014-03-16 15:40 - 2014-03-16 15:40 - 01597977 _____ () C:\Users\David\Downloads\UFO in Nanjing,China.flv
2014-03-16 15:40 - 2014-03-16 15:40 - 01597977 _____ () C:\Users\David\Downloads\UFO in Nanjing,China(1).flv
2014-03-16 15:32 - 2014-03-16 15:31 - 06896867 _____ () C:\Users\David\Downloads\Aliens UFO landed at China Yanjiao-Full version.flv
2014-03-16 12:39 - 2014-03-16 12:39 - 05817600 _____ () C:\Users\David\Downloads\[HD]UFO Lands In China!!! June 7th, 2013 Unbelievable UFO Sighting!!!.flv
2014-03-15 18:01 - 2014-01-02 23:20 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 16:57 - 2014-01-02 23:22 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-15 15:21 - 2014-03-15 15:21 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-03-15 15:13 - 2014-03-15 15:12 - 00026374 _____ () C:\Users\David\Downloads\Addition.txt
2014-03-15 15:09 - 2014-03-15 15:09 - 01145856 _____ (Farbar) C:\Users\David\Downloads\FRST.exe
2014-03-12 21:32 - 2014-03-12 21:32 - 00005646 _____ () C:\Users\David\Documents\cc_20140312_213230.reg
2014-03-12 15:25 - 2014-01-17 10:44 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-03-11 20:16 - 2014-03-11 20:16 - 07011754 _____ () C:\Users\David\Downloads\The Making Of 'Gutter Oil'.flv
2014-03-11 17:02 - 2014-03-11 17:02 - 00002244 _____ () C:\Users\Public\Desktop\Free Video to MP3 Converter.lnk
2014-03-11 17:02 - 2014-03-11 17:02 - 00000000 ____D () C:\Users\David\AppData\Roaming\DVDVideoSoft
2014-03-11 17:02 - 2014-03-11 17:02 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-03-11 17:02 - 2014-03-11 17:02 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-03-11 16:59 - 2014-03-11 16:59 - 00930952 _____ (CNET Download.com) C:\Users\David\Downloads\cbsidlm-cbsi183-Free_Video_to_MP3_Converter-SEO-10638108.exe
2014-03-10 22:28 - 2014-01-04 09:32 - 00001078 _____ () C:\Users\David\AppData\Roaming\base64.cer
2014-03-10 13:14 - 2014-03-10 13:14 - 06134698 _____ () C:\Users\David\Downloads\Deadly Human Parasite __ Parasites inside humans ep2.flv
2014-03-10 13:14 - 2014-03-10 13:14 - 02181510 _____ () C:\Users\David\Downloads\Parasites Round Worm Found in Human Colon.flv
2014-03-10 11:37 - 2014-02-23 16:54 - 00000000 ____D () C:\Users\David\Desktop\GXMU
2014-03-09 21:38 - 2014-03-09 21:35 - 04502180 _____ () C:\Users\David\Downloads\Fast Food - The Infographics Show.flv
2014-03-09 16:36 - 2014-03-09 16:36 - 00000000 ____D () C:\Program Files\EclipseCrossword
2014-03-09 16:35 - 2014-03-09 16:35 - 00592896 _____ () C:\Users\David\Downloads\Install EclipseCrossword.msi
2014-03-08 20:32 - 2014-03-08 20:32 - 00000000 ____D () C:\Users\David\AppData\Roaming\dvdcss
2014-03-06 12:27 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache
2014-03-06 07:35 - 2014-03-06 07:34 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-06 07:35 - 2014-02-28 11:04 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-05 21:53 - 2014-01-03 09:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-05 21:42 - 2014-01-02 22:31 - 00000000 ____D () C:\Program Files\Opera
2014-03-05 21:08 - 2014-03-05 21:08 - 01178636 _____ () C:\Users\David\Downloads\Fear and Courage.flv
2014-03-05 20:49 - 2014-03-05 20:46 - 12186285 _____ () C:\Users\David\Downloads\[FULL] Oscars 2014 Cate Blanchett Wins Best Actress at Oscar 2014 _ FULL VIDEO.flv
2014-03-05 20:27 - 2014-03-05 20:24 - 10219546 _____ () C:\Users\David\Downloads\[FULL] Matthew McConaughey Wins Best Actor at Oscars 2014 _ Oscar 2014 _ FULL VIDEO.flv
2014-03-05 19:37 - 2014-01-05 12:38 - 00000000 ____D () C:\Users\David\AppData\Roaming\Wandoujia2
2014-03-05 19:29 - 2014-03-05 19:28 - 04765152 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup411.exe
2014-03-05 19:05 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\DVD Maker
2014-03-05 18:40 - 2014-03-05 18:40 - 00000000 ____D () C:\Windows\pss
2014-03-05 16:56 - 2014-01-05 12:42 - 00002328 _____ () C:\Users\David\Desktop\华为 T8830Pro - 豌豆荚.lnk
2014-03-05 16:56 - 2014-01-05 12:42 - 00000000 ____D () C:\Users\David\Documents\Wandoujia2
2014-03-05 07:53 - 2014-01-03 18:39 - 00000000 ____D () C:\Users\David\AppData\Roaming\Skype
2014-03-03 11:46 - 2014-03-03 11:45 - 08323096 _____ () C:\Users\David\Downloads\Jared Leto wins oscars 2014 - Acceptance Speech HQ.flv
2014-03-03 11:45 - 2014-03-03 11:44 - 08031226 _____ () C:\Users\David\Downloads\Lupita Nyong'o wins oscars 2014 - Acceptance Speech HQ.flv
2014-03-03 11:43 - 2014-03-03 11:43 - 03055383 _____ () C:\Users\David\Downloads\Survivors of China train station stabbing attack speak out.flv
2014-03-02 23:02 - 2014-03-02 23:02 - 00001208 _____ () C:\Users\David\Documents\cc_20140302_230228.reg
2014-03-02 16:26 - 2014-03-02 16:26 - 05651022 _____ () C:\Users\David\Downloads\Second Amendment Refresher.flv
2014-03-02 16:22 - 2014-03-02 16:21 - 13418283 _____ () C:\Users\David\Downloads\The REAL Purpose of the 2nd Amendment - The Ultimate Critique of Gun Control.flv
2014-03-02 16:18 - 2014-03-02 16:18 - 17037854 _____ () C:\Users\David\Downloads\The Second Amendment Explained The Constitution for Dummies Series.flv
2014-03-02 16:07 - 2014-03-02 16:07 - 08181165 _____ () C:\Users\David\Downloads\Why Switzerland Has The Lowest Crime Rate In The World.flv
2014-03-02 16:00 - 2014-03-02 16:00 - 11809041 _____ () C:\Users\David\Downloads\Don't Sell Me This! Communism Escapee Blasts Gun Control.flv
2014-03-02 15:45 - 2014-03-02 15:44 - 26504430 _____ () C:\Users\David\Downloads\Enemy of the Second Amendment Dianne Feinstein and Ron Johnson Debate on Gun Control.flv
2014-03-02 15:33 - 2014-03-02 15:33 - 03345301 _____ () C:\Users\David\Downloads\Senior Citizen Opens Fire on Robbers of Internet Cafe.flv
2014-03-02 15:30 - 2014-03-02 15:29 - 26744198 _____ () C:\Users\David\Downloads\The Armed Citizen II Public Defense.flv
2014-03-02 15:28 - 2014-03-02 15:27 - 16235774 _____ () C:\Users\David\Downloads\Gun Control - Watch What Happens When Guns Are Banned.flv
2014-03-02 15:19 - 2014-03-02 15:18 - 11555345 _____ () C:\Users\David\Downloads\Finally a sensible conversation on gun control.flv
2014-03-02 08:48 - 2014-03-02 08:48 - 00001182 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-03-02 08:45 - 2014-03-02 08:44 - 41807400 _____ (IObit ) C:\Users\David\Downloads\advanced-systemcare-setup (1).exe
2014-03-01 22:30 - 2014-03-01 22:29 - 11610760 _____ () C:\Users\David\Downloads\Video that will change your life. I have no words left.flv
2014-03-01 22:20 - 2014-03-01 22:19 - 23600500 _____ () C:\Users\David\Downloads\World's Most Powerful Speech.flv
2014-03-01 22:14 - 2014-03-01 22:14 - 08483872 _____ () C:\Users\David\Downloads\Powerful Inspirational true story...Don't give up!.flv
2014-03-01 20:49 - 2014-03-01 20:49 - 04795275 _____ () C:\Users\David\Downloads\Very Fit 60 Year Old.flv
2014-03-01 20:47 - 2014-03-01 20:46 - 07045069 _____ () C:\Users\David\Downloads\EXTREMELY RIPPED 46 YEAR OLD!.flv
2014-03-01 20:39 - 2014-03-01 20:39 - 07344199 _____ () C:\Users\David\Downloads\THE BEST Lower Ab Workout.flv
2014-03-01 20:31 - 2014-03-01 20:30 - 21647545 _____ () C:\Users\David\Downloads\Ultimate 8 Pack Abs Workout.flv
2014-03-01 20:29 - 2014-03-01 20:28 - 09717240 _____ () C:\Users\David\Downloads\8 Pack Abs Hitch TRU FITNESS EDITION.flv
2014-02-28 11:04 - 2014-02-28 11:03 - 00000000 ____D () C:\Program Files\iTunes
2014-02-28 11:03 - 2014-02-28 11:03 - 00000000 ____D () C:\Program Files\iPod
2014-02-28 11:03 - 2014-01-03 08:41 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-28 10:58 - 2014-02-28 10:53 - 137699152 _____ (Apple Inc.) C:\Users\David\Downloads\iTunesSetup.exe
2014-02-28 10:36 - 2014-02-28 10:36 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-27 08:10 - 2014-02-27 08:08 - 41807400 _____ (IObit ) C:\Users\David\Downloads\advanced-systemcare-setup.exe
2014-02-24 18:47 - 2014-02-24 18:47 - 00633752 _____ ( ) C:\Users\David\Downloads\FreeYouTubeDownloaderInstallerIC.exe
2014-02-24 18:32 - 2014-02-24 18:32 - 00001458 _____ () C:\Users\David\Documents\cc_20140224_183242.reg
2014-02-24 12:53 - 2014-02-24 12:53 - 00012184 _____ () C:\Users\David\Downloads\[kickass.to]21.day.fast.mass.building.vince.del.monte.lee.hayward.torrent
2014-02-24 12:53 - 2014-02-24 12:53 - 00012184 _____ () C:\Users\David\Downloads\[kickass.to]21.day.fast.mass.building.vince.del.monte.lee.hayward (1).torrent
2014-02-23 23:28 - 2014-02-23 23:28 - 00000000 ____D () C:\alipay
2014-02-23 22:56 - 2014-02-23 22:56 - 00034676 _____ () C:\Users\David\Downloads\Extras.Txt
2014-02-23 22:54 - 2014-02-23 22:54 - 00101428 _____ () C:\Users\David\Downloads\OTL.Txt
2014-02-23 22:34 - 2014-02-23 22:34 - 00602112 _____ (OldTimer Tools) C:\Users\David\Downloads\OTL.exe
2014-02-23 10:27 - 2014-01-04 09:32 - 00000000 ____D () C:\Program Files\alipay
2014-02-23 10:07 - 2014-02-23 10:07 - 00000000 ____D () C:\Users\David\AppData\Local\alipay
2014-02-23 10:07 - 2014-01-04 09:32 - 00000000 ____D () C:\Windows\system32\aliedit
2014-02-22 17:48 - 2014-02-14 13:32 - 00000000 ____D () C:\Users\David\AppData\Roaming\Astrill
2014-02-22 17:43 - 2014-02-14 13:30 - 00000945 _____ () C:\Users\Public\Desktop\Astrill.lnk
2014-02-22 17:43 - 2014-02-14 13:30 - 00000000 ____D () C:\Program Files\Astrill
2014-02-22 08:28 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\IME
2014-02-22 08:24 - 2014-01-10 18:53 - 00000000 ____D () C:\Program Files\Adobe
2014-02-21 17:51 - 2014-01-02 22:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-21 15:32 - 2014-02-21 15:32 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVAST Software
2014-02-21 15:28 - 2014-02-21 15:29 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-21 15:28 - 2014-02-21 15:29 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-21 15:28 - 2014-02-21 15:29 - 00180248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-21 15:28 - 2014-02-21 15:29 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-21 15:28 - 2014-02-21 15:29 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-21 15:28 - 2014-02-21 15:28 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-21 15:28 - 2014-02-21 15:28 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-21 15:28 - 2014-02-21 15:28 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-21 15:28 - 2014-02-21 15:28 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-21 15:27 - 2014-02-21 15:27 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-21 15:26 - 2014-02-21 15:26 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-21 15:25 - 2014-02-21 15:21 - 88725592 _____ (AVAST Software) C:\Users\David\Downloads\avast_free_antivirus_setup(1).exe
2014-02-21 15:16 - 2014-02-21 15:16 - 00243049 _____ () C:\Users\David\Downloads\avast_free_antivirus_setup.exe
2014-02-21 13:15 - 2014-02-21 13:15 - 00000000 ____D () C:\Users\David\AppData\Roaming\Fighters
2014-02-21 13:15 - 2014-02-21 13:15 - 00000000 ____D () C:\ProgramData\Fighters
2014-02-21 13:13 - 2014-02-21 13:13 - 00000000 ____D () C:\Users\David\AppData\Roaming\DesktopIconGoodgame
2014-02-21 09:45 - 2014-02-21 09:45 - 04011240 _____ (Avira Operations GmbH & Co. KG) C:\Users\David\Downloads\avira_oe_client_antivirus_en.exe
2014-02-20 14:28 - 2014-02-20 14:27 - 04721920 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup410 (1).exe
2014-02-20 14:27 - 2014-02-20 14:27 - 04721920 _____ (Piriform Ltd) C:\Users\David\Downloads\ccsetup410.exe
2014-02-20 09:51 - 2014-02-20 09:51 - 00000000 ___RD () C:\Program Files\Skype
2014-02-20 09:51 - 2014-02-20 09:51 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-20 09:51 - 2014-01-03 18:39 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-20 09:51 - 2014-01-03 18:38 - 00000000 ____D () C:\ProgramData\Skype

Files to move or delete:
====================
C:\ProgramData\999.dat


Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\promote-upx.exe
C:\Users\David\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-21 11:34

==================== End Of Log ============================
  • 0

#6
emeraldnzl
Posted 21 March 2014 - 06:02 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Before we go further, did you install Startpage as your home page?
  • 0

#7
daba
Posted 25 March 2014 - 06:36 AM

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

Yes, on FIrefox. Is it a problem?


  • 0

#8
emeraldnzl
Posted 25 March 2014 - 03:44 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Yes, on FIrefox. Is it a problem?


No problem I just wanted to make sure it wasn't part of this one before we went further. You also have this which can be good or bad. Together they look suspicious and I would usually fix them but you are living in China the home of Baidu and these might be quite legitimate.

Moving on

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
 

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
 


  • 0

#9
daba
Posted 25 March 2014 - 11:43 PM

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

First off, thanks for your help. Due to being somewhat marooned and without non-RMB income, I cannot donate; however, I'd like you to know that I do not take this for granted. I really value your help a lot. I also worry about vestigial stuff on my machine. I have no Baidu stuff that I use other than an occasional search with their engine for Chinese content. So if you think it's dodgy, and we know like Google, they are government data-miners, right? So just tell me what to do to get rid and I'll do it. I also have other anomolous values on my machine which I would value your take on. For example: I have a couple of long numbers on my C Drive which when opened appear to be Opera stuff. Strings of 1029-1050.

 

So I tried to follow your instructions re Combofix to the letter. First issue was that despite not showing in the Tray, Spybot real-time protection needed to be turned off according to the Combofix message. Had to uninstall it in the end which was maybe a blessing in disguise since after the changes it's a pain. I couldn't even find how to disable the protection. After that all went smoothly and I have posted the logfile. Today though when I was trying to prep a class I discovered that I couldn't open a New Folder in my thumbdrive (though I can on my desktop). So I ended up viewing this:Link removed.

 

When I opened ContextMenuHandlers I couldn't go any further because there is no 'New' in my list. It looked totally to the guy onscreen's. Plus it had two really long numbers again at the top and perplexingly since I had totally uninstalled Advanced System Care (or so I thought) an entry 'Advanced System Care'. I would have expected the 'Powerful scan' for remnants to have picked that up. Guess not. I don't understand computers like you do but may I ask if there were some surveillance stuff on my laptop where would it most likely be lurking and is there a way to check it out?

 

So I still cannot open a new folder in my thumbdrive. Any ideas? Thanks a lot.

ComboFix 14-03-24.01 - David 03/26/2014  12:59:52.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.1918.1287 [GMT 8:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
G:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-26 to 2014-03-26  )))))))))))))))))))))))))))))))
.
.
2014-03-25 10:03 . 2014-03-25 10:03    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-24 12:48 . 2014-03-24 12:48    43152    ----a-w-    c:\windows\avastSS.scr
2014-03-21 15:04 . 2014-03-21 16:40    --------    d-----w-    C:\AdwCleaner
2014-03-18 07:15 . 2014-03-23 02:56    --------    d-----w-    c:\users\David\AppData\Local\Kingsoft
2014-03-18 07:02 . 2014-03-18 07:02    --------    d-----w-    c:\programdata\Kingsoft
2014-03-18 07:00 . 2014-03-18 07:00    --------    d-----w-    c:\program files\Kingsoft
2014-03-18 07:00 . 2014-03-18 07:00    --------    d-----w-    c:\users\David\AppData\Roaming\Kingsoft
2014-03-15 07:11 . 2014-03-21 23:22    --------    d-----w-    C:\FRST
2014-03-11 09:02 . 2014-03-11 09:02    --------    d-----w-    c:\users\David\AppData\Roaming\DVDVideoSoft
2014-03-11 09:02 . 2014-03-11 09:02    --------    d-----w-    c:\program files\DVDVideoSoft
2014-03-11 09:02 . 2014-03-11 09:02    --------    d-----w-    c:\program files\Common Files\DVDVideoSoft
2014-03-10 12:19 . 2006-10-26 11:56    33104    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2014-03-10 12:19 . 2006-10-26 11:56    32592    ----a-w-    c:\windows\system32\msonpmon.dll
2014-03-10 05:31 . 2014-02-06 07:08    7947048    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0A872A1-B66E-4059-88D6-F4D71DBA5BA0}\mpengine.dll
2014-03-09 08:36 . 2014-03-09 08:36    --------    d-----w-    c:\program files\EclipseCrossword
2014-03-08 12:32 . 2014-03-08 12:32    --------    d-----w-    c:\users\David\AppData\Roaming\dvdcss
2014-02-28 03:03 . 2014-02-28 03:03    --------    d-----w-    c:\program files\iPod
2014-02-28 03:03 . 2014-02-28 03:04    --------    d-----w-    c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-24 12:48 . 2014-02-21 07:29    67264    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-03-24 12:48 . 2014-02-21 07:29    180760    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-03-24 12:48 . 2014-02-21 07:29    776976    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-03-24 12:48 . 2014-02-21 07:29    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-03-24 12:48 . 2014-02-21 07:29    411552    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2014-03-24 12:48 . 2014-02-21 07:28    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-03-24 12:48 . 2014-02-21 07:28    81768    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-03-24 12:48 . 2014-02-21 07:28    271264    ----a-w-    c:\windows\system32\aswBoot.exe
2014-03-21 15:07 . 2014-01-02 15:19    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-21 15:07 . 2014-01-02 15:19    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-10 10:17 . 2014-01-22 12:48    109856    ----a-w-    c:\windows\system32\IObitSmartDefragExtension.dll
2014-02-05 08:56 . 2014-02-13 21:41    1806848    ----a-w-    c:\windows\system32\jscript9.dll
2014-02-05 08:50 . 2014-02-13 21:41    1129472    ----a-w-    c:\windows\system32\wininet.dll
2014-02-05 08:49 . 2014-02-13 21:41    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-02-05 08:48 . 2014-02-13 21:41    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-02-05 08:48 . 2014-02-13 21:41    421376    ----a-w-    c:\windows\system32\vbscript.dll
2014-02-05 08:47 . 2014-02-13 21:42    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2014-02-03 04:20 . 2014-01-02 14:28    231584    ------w-    c:\windows\system32\MpSigStub.exe
2014-01-10 11:10 . 2014-01-10 11:10    91448    ----a-w-    c:\windows\system32\bcmwlcoi.dll
2014-01-10 11:10 . 2014-01-10 11:09    4248128    ----a-w-    c:\windows\system32\drivers\BCMWL6.SYS
2014-01-10 11:09 . 2014-01-10 11:09    3563520    ----a-w-    c:\windows\system32\bcmihvui.dll
2014-01-10 11:09 . 2014-01-10 11:09    3874816    ----a-w-    c:\windows\system32\bcmihvsrv.dll
2014-01-06 21:24 . 2014-01-06 21:24    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-06 21:24 . 2014-01-06 21:24    906240    ----a-w-    c:\windows\system32\FntCache.dll
2014-01-06 21:24 . 2014-01-06 21:24    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-01-06 21:24 . 2014-01-06 21:24    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-01-06 21:24 . 2014-01-06 21:24    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-01-06 21:24 . 2014-01-06 21:24    364544    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2014-01-06 21:24 . 2014-01-06 21:24    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-01-06 21:24 . 2014-01-06 21:24    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-01-06 21:24 . 2014-01-06 21:24    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-01-06 21:24 . 2014-01-06 21:24    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-01-06 21:24 . 2014-01-06 21:24    249856    ----a-w-    c:\windows\system32\d3d10_1core.dll
2014-01-06 21:24 . 2014-01-06 21:24    2284544    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-01-06 21:24 . 2014-01-06 21:24    220160    ----a-w-    c:\windows\system32\d3d10core.dll
2014-01-06 21:24 . 2014-01-06 21:24    207872    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2014-01-06 21:24 . 2014-01-06 21:24    161792    ----a-w-    c:\windows\system32\d3d10_1.dll
2014-01-06 21:24 . 2014-01-06 21:24    1247744    ----a-w-    c:\windows\system32\DWrite.dll
2014-01-06 21:24 . 2014-01-06 21:24    1158144    ----a-w-    c:\windows\system32\XpsPrint.dll
2014-01-06 21:24 . 2014-01-06 21:24    1080832    ----a-w-    c:\windows\system32\d3d10.dll
2014-01-06 21:24 . 2014-01-06 21:24    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-01-06 21:24 . 2014-01-06 21:24    604160    ----a-w-    c:\windows\system32\d3d10level9.dll
2014-01-06 21:24 . 2014-01-06 21:24    293376    ----a-w-    c:\windows\system32\dxgi.dll
2014-01-06 21:24 . 2014-01-06 21:24    187392    ----a-w-    c:\windows\system32\UIAnimation.dll
2014-01-05 04:37 . 2014-01-05 04:37    850352    ----a-w-    c:\windows\system32\WinUSBCoInstaller2.dll
2014-01-05 04:37 . 2014-01-05 04:37    54704    ----a-w-    c:\windows\system32\USBCoInstaller.dll
2014-01-05 04:37 . 2014-01-05 04:37    1461168    ----a-w-    c:\windows\system32\WdfCoInstaller01009.dll
2014-01-05 00:48 . 2009-07-14 02:05    152576    ----a-w-    c:\windows\system32\msclmd.dll
2014-01-03 11:42 . 2014-01-03 11:42    86528    ----a-w-    c:\windows\system32\iesysprep.dll
2014-01-03 11:42 . 2014-01-03 11:42    76800    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-01-03 11:42 . 2014-01-03 11:42    74752    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-01-03 11:42 . 2014-01-03 11:42    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-01-03 11:42 . 2014-01-03 11:42    161792    ----a-w-    c:\windows\system32\msls31.dll
2014-01-03 11:42 . 2014-01-03 11:42    110592    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-01-03 11:42 . 2014-01-03 11:42    74752    ----a-w-    c:\windows\system32\iesetup.dll
2014-01-03 11:42 . 2014-01-03 11:42    63488    ----a-w-    c:\windows\system32\tdc.ocx
2014-01-03 11:42 . 2014-01-03 11:42    367104    ----a-w-    c:\windows\system32\html.iec
2014-01-03 11:42 . 2014-01-03 11:42    23552    ----a-w-    c:\windows\system32\licmgr10.dll
2014-01-03 11:42 . 2014-01-03 11:42    152064    ----a-w-    c:\windows\system32\wextract.exe
2014-01-03 11:42 . 2014-01-03 11:42    150528    ----a-w-    c:\windows\system32\iexpress.exe
2014-01-03 11:42 . 2014-01-03 11:42    11776    ----a-w-    c:\windows\system32\mshta.exe
2014-01-03 11:42 . 2014-01-03 11:42    101888    ----a-w-    c:\windows\system32\admparse.dll
2014-01-03 11:42 . 2014-01-03 11:42    35840    ----a-w-    c:\windows\system32\imgutil.dll
2014-01-02 15:09 . 2014-01-02 15:09    3489232    ----a-w-    c:\windows\system32\GooglePinyin2.ime
2013-12-26 22:20 . 2014-02-14 05:32    353824    ----a-w-    c:\windows\system32\ASProxy.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-03-02 00:48    752960    ----a-w-    c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-24 12:48    260976    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchFreeze"="c:\users\David\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe" [2012-07-24 40960]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-15 5625624]
"uTorrent"="c:\users\David\AppData\Roaming\uTorrent\uTorrent.exe" [2014-01-11 1340496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2011-05-31 32112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-20 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-24 3854640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-01-05 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
   Ime File    REG_SZ             GOOGLEPINYIN2.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wandoujia_helper.lnk]
backup=c:\windows\pss\wandoujia_helper.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CommonToolkitTray
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-02-12 12:57    43848    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICBCEBankAssist]
2013-12-17 12:41    319112    ----a-w-    c:\program files\ICBCEbankTools\ICBCSetupIntegration\RunEBank.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-04-30 19:59    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-11-14 08:42    20584608    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2014-01-11 07:19    1340496    ----a-w-    c:\users\David\AppData\Roaming\uTorrent\uTorrent.exe
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-02-14 2151744]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 ASOVPNHelper;Astrill OpenVPN Service;c:\program files\Astrill\ASOvpnSvc.exe [2014-01-19 434024]
R3 ASProxy;ASProxy;c:\program files\Astrill\ASProxy.exe [2013-12-26 1983520]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-08-03 26112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2013-12-24 18624]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-03-24 776976]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-03-24 411552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AlipaySecSvc;Alipay security service;c:\program files\alipay\alieditplus\AlipaySecSvc.exe [2014-03-07 540032]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-03-24 67824]
S2 ICBC Daemon Service;ICBC Daemon Service;c:\program files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe [2013-12-13 422536]
S3 asvpndrv;Astrill SSL VPN Adapter;c:\windows\system32\DRIVERS\asvpndrv.sys [2012-02-29 25856]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-03-24 67264]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 09:53    1150280    ----a-w-    c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-02 15:07]
.
2014-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-02 15:19]
.
2014-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-02 15:19]
.
2014-03-26 c:\windows\Tasks\WpsNotifyTask_David.job
- c:\program files\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe [2014-03-05 16:00]
.
2014-03-26 c:\windows\Tasks\WpsUpdateTask_David.job
- c:\program files\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2014-03-05 16:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/webhp?client=aff-ime
uInternet Settings,ProxyServer = localhost:8080
IE: ??? Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\ASProxy.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: cfca.com.cn\www
Trusted Zone: icbc.com.cn
Trusted Zone: taobao.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\j9jtgznc.default\
FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS
FF - prefs.js: browser.startup.homepage - www.startpage.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-IObit Malware Fighter - c:\program files\IObit\IObit Malware Fighter\IMF.exe
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}"=hex:51,66,7a,6c,4c,1d,38,12,34,14,09,
   c8,69,aa,83,04,dc,1a,8a,f1,d2,fe,84,3b
"{000DA090-57AA-424B-A8F0-621B7C08B8F4}"=hex:51,66,7a,6c,4c,1d,38,12,fe,a3,1e,
   04,98,19,25,07,d7,e6,21,5b,79,56,fc,e0
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
   8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}"=hex:51,66,7a,6c,4c,1d,38,12,e2,4f,84,
   99,a0,23,95,01,c1,b9,f7,1a,19,52,b5,6b
"{BB4491A2-D11A-4C6B-91C0-B53246A3122B}"=hex:51,66,7a,6c,4c,1d,38,12,cc,92,57,
   bf,28,9f,05,09,ee,d6,f6,72,43,fd,56,3f
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:9e,d1,c0,d9,4f,33,cf,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,37,c8,ba,11,ac,cc,40,b7,46,55,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,37,c8,ba,11,ac,cc,40,b7,46,55,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Google Pinyin 2\GooglePinyinDaemon.exe
c:\program files\Google\Google Pinyin 2\GooglePinyinService.exe
c:\program files\IObit\Smart Defrag 3\SmartDefrag.exe
c:\program files\alipay\SafeTransaction\TaobaoProtect.exe
c:\windows\system32\conhost.exe
c:\program files\alipay\SafeTransaction\Alipaybsm.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2014-03-26  13:22:54 - machine was rebooted
ComboFix-quarantined-files.txt  2014-03-26 05:22
.
Pre-Run: 68,737,064,960 bytes free
Post-Run: 68,633,636,864 bytes free
.
- - End Of File - - C4DB010FE9BDA3A9D9E5A529E64E65FB
A36C5E4F47E84449FF07ED3517B43A31
 


  • 0

#10
emeraldnzl
Posted 26 March 2014 - 01:39 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I cannot donate


This site is free. You don't need to donate, it's only there as an option. :)
 

I have a couple of long numbers on my C Drive which when opened appear to be Opera stuff. Strings of 1029-1050.


Are they a path to something? That is, to a file maybe?

 

It's difficult to know what they might be without seeing them and even then there are a range of possibilities including quite legitimate ones.
 

I have no Baidu stuff that I use other than an occasional search with their engine for Chinese content.


It may be okay but if you don't use it I will include it in a fix and deal with it.
 

Plus it had two really long numbers again at the top and perplexingly since I had totally uninstalled Advanced System Care (or so I thought) an entry 'Advanced System Care'.


So I guess what you are saying is that there are remnants of Advanced System Care on your machine?

 

Actually while I am helping it's probably better that you refer a problem here rather than try finding a solution elsewhere otherwise we can be working at cross purposes making the problem worse.

SOoo, what is the path to the folder on your thumb drive? Also, do you think it might be a permissions thing? Have you tried opening the folder as administrator - right click on the folder and open as administrator?
 

may I ask if there were some surveillance stuff on my laptop where would it most likely be lurking and is there a way to check it out?

+

Our scans do cover some areas that surveillance stuff might be but when you think about it that sort of activity tries it's best to be hidden. Further, as you have already commented many legitimate programs track you e.g. Google and Facebook. Actually, surveillance might not be on your machine. Nevertheless we will do our best.

Now

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Download Windows Repair (All In One) from here.

It will allow you to repair common issues with your computer such as firewall, file permission, and Windows Update problems. When using this tool you can select the particular fixes you would like to launch and start the repair process.

Please download the tool to your desk top and run it following the prompts.

It will probably come as a Zip file and you will need to right click on the Zip file and click Extract. The contents will then be extracted to a separate folder.

Double click the folder (Tweaking dot.com - Windows Repair) then from the list that shows double click the file (about the 5th one down the list) Repair_Windows.exe to run the program.

When the program opens click on the tab Start Repairs and the button Start

At the list that presents put a check (tick) in the following:

• Reset Registry Permissions
• Reset File Permissions
• Register System Files
• Repair WMI
• Repair Windows Firewall
• Repair Internet Explorer
• Repair MDAC & MS Jet
• Remove Policies Set By Infections
• Repair Icons
• Repair Winsock & DNS Cache
• Repair Proxy Settings
• Unhide Non System Files
• Repair Windows Updates

Also put a check in the Restart/Shutdown System When Finished (lower right) box.

and in Restart System

Then click on the Start button if it doesn't do it automatically

If it asks you to back up your system click No and continue

When it is finished come back and tell me how it went and if you can open that folder.
 


  • 0

Advertisements

#11
daba
Posted 28 March 2014 - 08:13 PM

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

Oh dear, I do apologise but I cannot follow. I  really am exceedingly thick. First of all you wrote: 'SOoo, what is the path to the folder on your thumb drive? Also, do you think it might be a permissions thing? Have you tried opening the folder as administrator - right click on the folder and open as administrator?'

 

I have no idea what folder you are referring to. My issue is that I cannot make a New Folder in my thumbdrive. So there is no folder to open or click on, I cannot make one.

 

I downloaded the first stage of your fix, the fixlist, no problemo. But again, I was totally stumped with your second instruction to download FRST and make them both be in the same location There was no link or attachment to FRST, whatever that may be, and even if there were (there isn't unless I'm missing something), I am unclear about the meaning of download them to the same place. So i am unable to comply. Apologies.

 

Update: In the interim, my computer is behaving extremely oddly: yesterday, it said something about an authorised access (don't recall the exact message) but I noticed that  desktop saved Word Doc had somehow reverted to the content of its original of which it itself was an updated edit - very bizarre. On top of which, perhaps as a result of removing Advanced System Care which had a tweak for internet optimisation, my itunes radio stations keep dropping out, which frankly annoys the [bleep] out of me and webpages won't open without me having to repeatedly click refresh.....it was never this bad before. So that's the state of play.


  • 0

#12
emeraldnzl
Posted 28 March 2014 - 08:36 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello daba,
 

My issue is that I cannot make a New Folder in my thumbdrive.

 
Oh dear, I thought it was that you couldn't open a folder that was already on your flash drive. :bashhead:
 

But again, I was totally stumped with your second instruction to download FRST


Nope, have another look at the instruction, it says:

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

You already have FRST on your machine. You posted logs after running it... see post numbers 2 and 3.
 

I am unclear about the meaning of download them to the same place. So i am unable to comply.


As far as FRST and fixlist.txt being in the same location, well that is important but if you just download fixlist.txt in the same way as you did FRST earlier on, then it will end up in the same location.
 

Update: In the interim, my computer is behaving extremely oddly: yesterday, it said something about an authorised access (don't recall the exact message) but I noticed that  desktop saved Word Doc had somehow reverted to the content of its original of which it itself was an updated edit - very bizarre. On top of which, perhaps as a result of removing Advanced System Care which had a tweak for internet optimisation, my itunes radio stations keep dropping out, which frankly annoys the [bleep] out of me and webpages won't open without me having to repeatedly click refresh.....it was never this bad before. So that's the state of play.


Yes we are still working on your machine. The second instruction about downloading Windows Repair All-In-One is aimed at repairing some of the things that I think Advanced System Care tinkered with.

Let's see how it goes. If necessary you can reinstall Advanced System Care down the track. :)


  • 0

#13
daba
Posted 30 March 2014 - 05:53 AM

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

Thank you for your patience with me. I see what's happened now. You assumed that I still had that program on my machine because I did have it earlier as you say. However, as with all these temporary fix things, Combofix being another one, as soon as I've done what is asked I delete them. No problem, I'm a bit under pressure of work at the moment but have a break coming up in the next week. I'll have another go then. (Update: so I got to the point with Firefox where the pages would take forever to open so I'm here now via Google. No problemo. I have some add-ons on Firefox but would be surprised if any of them would be messing things up...). I'll get what you asked to you ASAP but it will be at least a couple of days. Thank you again for your kind help.


  • 0

#14
emeraldnzl
Posted 30 March 2014 - 01:36 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

 

Combofix being another one, as soon as I've done what is asked I delete them

 

Probably best to wait for us to complete the work we are doing on your computer. There is a CleanUp process at the end where we clear away the tools that we have been using. ComboFix for example really should be uninstalled properly or it can leave behind bits and pieces. Just deleting doesn't do the job completely. ;)

 

Look forward to hearing from you when you have time. :)


  • 0

#15
daba
Posted 06 April 2014 - 09:22 PM

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 367 posts

Hello,

 

Look, please don't misunderstand me: I do appreciate your good intentions to help me, really I do. And...I just don't have the patience to deal with stuff that is deficient or causes me to second-guess. Despite locating the FRT and fixlist in the same folder, it continues to flag that it is NOT in the same folder. Regarding the Combofix thing, you should communicate up-front that it needs to be kept on the machine until fix completion - I'm not a mindreader. These hitches make the whole thing unworthwhile. In this case, despite your sincere best efforts which again I acknowledge and am grateful for, it's simply not a pleasant and smooth end-user experience and so, I'm calling it a day here. I would like to thank you once again and wish you every good thing.

 

David


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP