Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE infected by hao123.com


  • Please log in to reply

#1
bjory

bjory

    New Member

  • Member
  • Pip
  • 3 posts

Hi,

 

My IE kept opening up hao123.com from the homepage despite everything I have done:

  • Run all the malwares program
  • Remove hao123 in regedit but still reappears
  • Reset IE settings

Please help. I have paste FRST logs here.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014
Ran by Desmond (administrator) on DESMOND-PC on 10-08-2014 21:13:25
Running from C:\Users\Desmond\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(腾讯公司) C:\Program Files (x86)\Tencent\QQPhoneManager\QQPMSRV.exe
(腾讯公司) C:\Program Files (x86)\Tencent\QQPhoneManager\QQPMExternal.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Tencent\QQPhoneManager\tadb.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
(Microsoft Corporation) C:\Users\Desmond\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
() C:\Program Files (x86)\WandouLabs\wandoujia_helper.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3019376 2011-02-23] (VIA)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-19] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3139359546-1518747674-4288353645-1000\...\Run: [iFunBoxConnector] => C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2012-11-20] ()
HKU\S-1-5-21-3139359546-1518747674-4288353645-1000\...\Run: [SkyDrive] => C:\Users\Desmond\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-02] (Microsoft Corporation)
Startup: C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wandoujia_helper.lnk
ShortcutTarget: wandoujia_helper.lnk -> C:\Program Files (x86)\WandouLabs\wandoujia_helper.exe ()
ShellIconOverlayIdentifiers: DownloadIcon -> {A8502600-B272-4F68-A67B-A0305D46D298} => C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.99.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DownloadIcon -> {A8502600-B272-4F68-A67B-A0305D46D297} => C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.99.0\QvodExtend.dll No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: 218.108.85.59:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1CB901A1A6B3CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {8AB03763-68EC-4F24-A74A-C5BF2F335575} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {8AB03763-68EC-4F24-A74A-C5BF2F335575} URL = https://www.google.c...q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D298} -> C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.99.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: AgentForAndroid Class -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3185\npQQPhoneManagerExt.dll (腾讯公司)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D297} -> C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.99.0\QvodExtend.dll No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: C055494E-E5D5-1EEF-0F59-AE7CFD782579 Class -> {C055494E-E5D5-1EEF-0F59-AE7CFD782579} -> C:\Program Files (x86)\QvodPlayer\AddIn\{C055494E-E5D5-1EEF-0F59-AE7CFD782579}\QvodAddr.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://mail108.mmm.com/dwa85W.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5EA79262-F2BF-430F-9B34-A92DAE626093}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3185\npQQPhoneManagerExt.dll (腾讯公司)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Desmond\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Desmond\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: KuaiWanInsert -> C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-04-01]
 
Chrome: 
=======
CHR HomePage: hxxp://sg.search.yahoo.com/?type=714647&fr=spigot-yhp-ch
CHR StartupUrls: "hxxp://sg.search.yahoo.com/?type=714647&fr=spigot-yhp-ch"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Desmond\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Desmond\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Desmond\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Desmond\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Desmond\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-01]
CHR Extension: (FTP Editor) - C:\Users\Desmond\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljonifjecojdgoejokjfdffgpgliic [2013-08-20]
CHR Extension: (Google Search) - C:\Users\Desmond\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-01]
CHR Extension: (Google Wallet) - C:\Users\Desmond\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Desmond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-01]
CHR Extension: (Change HTTP Request Header) - C:\Users\Desmond\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmibgfeefcglejjlpeihfdimbkfbbnm [2013-05-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 QQPMSRV; C:\Program Files (x86)\Tencent\QQPhoneManager\QQPMSRV.exe [31288 2013-09-27] (腾讯公司)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S1 bd0004; system32\DRIVERS\bd0004.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-10 21:13 - 2014-08-10 21:14 - 00019632 _____ () C:\Users\Desmond\Downloads\FRST.txt
2014-08-10 21:13 - 2014-08-10 21:13 - 00000000 ____D () C:\FRST
2014-08-10 21:12 - 2014-08-10 21:12 - 02100224 _____ (Farbar) C:\Users\Desmond\Downloads\FRST64.exe
2014-08-09 16:12 - 2014-08-09 16:12 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3139359546-1518747674-4288353645-1000
2014-08-09 16:12 - 2014-08-09 16:12 - 00003240 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3139359546-1518747674-4288353645-1000
2014-08-09 16:10 - 2014-08-09 16:18 - 00000000 ____D () C:\Program Files (x86)\Real
2014-08-09 16:10 - 2014-08-09 16:17 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\Real
2014-08-09 16:08 - 2014-08-09 16:18 - 00000000 ____D () C:\ProgramData\Real
2014-08-09 16:08 - 2014-08-09 16:08 - 01065168 _____ (RealNetworks, Inc.) C:\Users\Desmond\Downloads\RealPlayerCloud.exe
2014-08-09 15:25 - 2014-08-09 15:25 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-09 15:24 - 2014-08-09 15:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-09 15:24 - 2014-08-09 15:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-09 15:24 - 2014-08-09 15:24 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-09 15:24 - 2014-08-09 15:24 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-09 15:24 - 2014-08-09 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-09 15:24 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-09 15:20 - 2014-08-09 15:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Desmond\Downloads\spybot-2.4.exe
2014-08-08 17:13 - 2014-08-08 17:13 - 04696442 _____ () C:\Users\Desmond\Desktop\RE%253a_SCV_5559_-_Tourist_8pp_Pack_+_Pack_Sleeve.zip
2014-08-08 16:19 - 2014-08-08 16:19 - 383602796 _____ () C:\Windows\MEMORY.DMP
2014-08-08 16:19 - 2014-08-08 16:19 - 00262144 _____ () C:\Windows\Minidump\080814-26442-01.dmp
2014-08-07 23:30 - 2014-08-07 23:30 - 00262144 _____ () C:\Windows\Minidump\080714-20014-01.dmp
2014-08-07 23:18 - 2014-08-08 16:19 - 00000000 ____D () C:\Windows\Minidump
2014-08-07 23:18 - 2014-08-07 23:18 - 00262144 _____ () C:\Windows\Minidump\080714-21450-01.dmp
2014-08-07 22:44 - 2014-08-08 17:11 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-08-07 22:44 - 2014-08-07 22:44 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-08-07 22:36 - 2014-08-07 22:36 - 00000000 ____D () C:\Users\Desmond\Downloads\SpyHunter 4.16.5.4290+patch 
2014-08-07 22:04 - 2014-08-07 22:18 - 00000000 ____D () C:\ComboFix
2014-08-07 22:04 - 2014-08-07 22:11 - 00000000 ____D () C:\Qoobox
2014-08-07 22:04 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-07 22:04 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-07 22:04 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-07 22:04 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-07 22:04 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-07 22:04 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-07 22:04 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-07 22:04 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-07 22:03 - 2014-08-07 22:18 - 00000000 ____D () C:\Windows\erdnt
2014-08-07 22:02 - 2014-08-07 22:02 - 05568206 ____R (Swearware) C:\Users\Desmond\Downloads\ComboFix.exe
2014-08-07 21:59 - 2014-08-07 21:59 - 00000000 ____D () C:\AdwCleaner
2014-08-07 21:58 - 2014-08-07 21:58 - 01475072 _____ () C:\Users\Desmond\Downloads\adwcleaner_3.303.exe
2014-08-03 22:36 - 2014-08-03 22:36 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-03 22:36 - 2014-08-03 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\Program Files\iTunes
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\Program Files\iPod
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-03 22:31 - 2014-08-03 22:43 - 00000000 ____D () C:\Users\Desmond\AppData\Local\yfe
2014-08-03 21:45 - 2014-08-03 22:43 - 00000000 ____D () C:\ProgramData\Baidu
2014-08-03 21:45 - 2014-08-03 21:45 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\Baidu
2014-08-03 21:37 - 2014-08-03 21:37 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-03 11:38 - 2014-05-15 00:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 11:38 - 2014-05-15 00:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 11:38 - 2014-05-15 00:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 11:38 - 2014-05-15 00:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 11:37 - 2014-05-15 00:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 11:37 - 2014-05-15 00:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 11:37 - 2014-05-15 00:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 11:37 - 2014-05-15 00:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 11:37 - 2014-05-15 00:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 11:37 - 2014-05-15 00:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 11:37 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 11:37 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 11:37 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 11:37 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-03 11:36 - 2014-08-07 22:07 - 00000000 ____D () C:\Users\Desmond\Desktop\Sis's Photoshoot
2014-07-12 19:46 - 2014-06-30 10:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-12 19:46 - 2014-06-30 10:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-12 19:46 - 2014-06-21 04:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-12 19:46 - 2014-06-21 03:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-12 19:46 - 2014-06-19 09:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-12 19:46 - 2014-06-19 09:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-12 19:46 - 2014-06-19 08:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-12 19:46 - 2014-06-19 08:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-12 19:46 - 2014-06-19 08:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-12 19:46 - 2014-06-19 08:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-12 19:46 - 2014-06-19 08:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-12 19:46 - 2014-06-19 08:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-12 19:46 - 2014-06-19 08:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-12 19:46 - 2014-06-19 08:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-12 19:46 - 2014-06-19 08:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-12 19:46 - 2014-06-19 08:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-12 19:46 - 2014-06-19 08:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-12 19:46 - 2014-06-19 07:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-12 19:46 - 2014-06-19 07:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-12 19:46 - 2014-06-19 07:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-12 19:46 - 2014-06-19 07:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-12 19:46 - 2014-06-19 07:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-12 19:46 - 2014-06-19 07:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-12 19:46 - 2014-06-19 07:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-12 19:46 - 2014-06-19 07:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-12 19:46 - 2014-06-19 07:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-12 19:46 - 2014-06-19 07:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-12 19:46 - 2014-06-19 07:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-12 19:46 - 2014-06-19 07:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-12 19:46 - 2014-06-19 07:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-12 19:46 - 2014-06-19 07:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-12 19:46 - 2014-06-19 07:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-12 19:46 - 2014-06-19 07:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-12 19:46 - 2014-06-19 07:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-12 19:46 - 2014-06-19 07:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-12 19:46 - 2014-06-19 07:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-12 19:46 - 2014-06-19 07:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-12 19:46 - 2014-06-19 07:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-12 19:46 - 2014-06-19 07:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-12 19:46 - 2014-06-19 06:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-12 19:46 - 2014-06-19 06:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-12 19:46 - 2014-06-19 06:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-12 19:46 - 2014-06-19 06:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-12 19:46 - 2014-06-19 06:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-12 19:46 - 2014-06-19 06:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-12 19:46 - 2014-06-19 06:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-12 19:46 - 2014-06-19 06:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-12 19:46 - 2014-06-19 06:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-12 19:46 - 2014-06-19 06:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-12 19:46 - 2014-06-19 06:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-12 19:46 - 2014-06-19 06:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-12 19:46 - 2014-06-18 10:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-12 19:46 - 2014-06-18 09:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-12 19:46 - 2014-06-18 09:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-12 19:46 - 2014-06-06 18:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-12 19:46 - 2014-06-06 17:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-12 19:46 - 2014-05-30 14:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-12 19:45 - 2014-06-19 09:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-12 19:45 - 2014-06-19 08:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-12 19:45 - 2014-06-19 08:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-12 19:45 - 2014-06-19 08:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-12 19:45 - 2014-06-19 07:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-12 19:45 - 2014-06-19 06:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-12 19:45 - 2014-06-19 06:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-12 19:44 - 2014-06-05 22:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-12 19:44 - 2014-06-05 22:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-12 19:44 - 2014-06-05 22:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-12 10:22 - 2014-07-12 10:22 - 00000132 _____ () C:\Users\Desmond\AppData\Roaming\Adobe PNG Format CS5 Prefs
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-10 21:14 - 2014-08-10 21:13 - 00019632 _____ () C:\Users\Desmond\Downloads\FRST.txt
2014-08-10 21:13 - 2014-08-10 21:13 - 00000000 ____D () C:\FRST
2014-08-10 21:12 - 2014-08-10 21:12 - 02100224 _____ (Farbar) C:\Users\Desmond\Downloads\FRST64.exe
2014-08-10 21:01 - 2012-03-31 23:12 - 01714692 _____ () C:\Windows\WindowsUpdate.log
2014-08-10 20:58 - 2009-07-14 12:45 - 00019360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-10 20:58 - 2009-07-14 12:45 - 00019360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-10 20:52 - 2013-02-19 22:55 - 00000000 ___RD () C:\Users\Desmond\SkyDrive
2014-08-10 20:50 - 2012-09-02 01:11 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-10 20:50 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-10 20:50 - 2009-07-14 12:51 - 00068991 _____ () C:\Windows\setupact.log
2014-08-09 20:19 - 2012-04-01 00:05 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139359546-1518747674-4288353645-1000UA.job
2014-08-09 20:16 - 2012-09-02 01:11 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-09 17:25 - 2014-05-04 15:53 - 00000000 ____D () C:\Program Files (x86)\QvodPlayer
2014-08-09 16:18 - 2014-08-09 16:10 - 00000000 ____D () C:\Program Files (x86)\Real
2014-08-09 16:18 - 2014-08-09 16:08 - 00000000 ____D () C:\ProgramData\Real
2014-08-09 16:17 - 2014-08-09 16:10 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\Real
2014-08-09 16:12 - 2014-08-09 16:12 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3139359546-1518747674-4288353645-1000
2014-08-09 16:12 - 2014-08-09 16:12 - 00003240 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3139359546-1518747674-4288353645-1000
2014-08-09 16:08 - 2014-08-09 16:08 - 01065168 _____ (RealNetworks, Inc.) C:\Users\Desmond\Downloads\RealPlayerCloud.exe
2014-08-09 15:40 - 2014-08-09 15:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-09 15:33 - 2014-08-09 15:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-09 15:25 - 2014-08-09 15:25 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-09 15:24 - 2014-08-09 15:24 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-09 15:24 - 2014-08-09 15:24 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-09 15:24 - 2014-08-09 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-09 15:24 - 2013-10-19 10:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-09 15:21 - 2014-08-09 15:21 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-09 15:21 - 2014-08-09 15:20 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Desmond\Downloads\spybot-2.4.exe
2014-08-09 15:21 - 2012-12-21 00:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-08 17:55 - 2012-05-05 11:00 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\vlc
2014-08-08 17:28 - 2014-05-04 15:53 - 00000000 ____D () C:\ProgramData\QvodPlayer
2014-08-08 17:13 - 2014-08-08 17:13 - 04696442 _____ () C:\Users\Desmond\Desktop\RE%253a_SCV_5559_-_Tourist_8pp_Pack_+_Pack_Sleeve.zip
2014-08-08 17:11 - 2014-08-07 22:44 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-08-08 17:11 - 2013-01-27 13:41 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-08-08 16:19 - 2014-08-08 16:19 - 383602796 _____ () C:\Windows\MEMORY.DMP
2014-08-08 16:19 - 2014-08-08 16:19 - 00262144 _____ () C:\Windows\Minidump\080814-26442-01.dmp
2014-08-08 16:19 - 2014-08-07 23:18 - 00000000 ____D () C:\Windows\Minidump
2014-08-07 23:30 - 2014-08-07 23:30 - 00262144 _____ () C:\Windows\Minidump\080714-20014-01.dmp
2014-08-07 23:18 - 2014-08-07 23:18 - 00262144 _____ () C:\Windows\Minidump\080714-21450-01.dmp
2014-08-07 22:46 - 2012-04-23 15:14 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\uTorrent
2014-08-07 22:44 - 2014-08-07 22:44 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-08-07 22:36 - 2014-08-07 22:36 - 00000000 ____D () C:\Users\Desmond\Downloads\SpyHunter 4.16.5.4290+patch
2014-08-07 22:35 - 2014-05-04 15:54 - 00000954 _____ () C:\Users\Desmond\AppData\Roaming\coreavc.ini
2014-08-07 22:18 - 2014-08-07 22:04 - 00000000 ____D () C:\ComboFix
2014-08-07 22:18 - 2014-08-07 22:03 - 00000000 ____D () C:\Windows\erdnt
2014-08-07 22:14 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-07 22:13 - 2012-04-03 22:42 - 00164112 _____ () C:\Windows\PFRO.log
2014-08-07 22:12 - 2009-07-14 10:34 - 74711040 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-07 22:12 - 2009-07-14 10:34 - 17039360 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-07 22:12 - 2009-07-14 10:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-07 22:12 - 2009-07-14 10:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-07 22:12 - 2009-07-14 10:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-07 22:11 - 2014-08-07 22:04 - 00000000 ____D () C:\Qoobox
2014-08-07 22:07 - 2014-08-03 11:36 - 00000000 ____D () C:\Users\Desmond\Desktop\Sis's Photoshoot
2014-08-07 22:02 - 2014-08-07 22:02 - 05568206 ____R (Swearware) C:\Users\Desmond\Downloads\ComboFix.exe
2014-08-07 21:59 - 2014-08-07 21:59 - 00000000 ____D () C:\AdwCleaner
2014-08-07 21:58 - 2014-08-07 21:58 - 01475072 _____ () C:\Users\Desmond\Downloads\adwcleaner_3.303.exe
2014-08-03 22:43 - 2014-08-03 22:31 - 00000000 ____D () C:\Users\Desmond\AppData\Local\yfe
2014-08-03 22:43 - 2014-08-03 21:45 - 00000000 ____D () C:\ProgramData\Baidu
2014-08-03 22:36 - 2014-08-03 22:36 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-03 22:36 - 2014-08-03 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\Program Files\iTunes
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\Program Files\iPod
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-03 21:45 - 2014-08-03 21:45 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\Baidu
2014-08-03 21:37 - 2014-08-03 21:37 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-03 12:59 - 2013-08-11 22:15 - 00000000 ___RD () C:\Users\Desmond\Dropbox
2014-08-03 12:57 - 2012-05-19 21:00 - 00001456 _____ () C:\Users\Desmond\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-08-03 12:48 - 2009-07-14 13:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-03 12:47 - 2013-08-11 22:13 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\Dropbox
2014-08-03 11:44 - 2014-06-14 11:45 - 00000000 ____D () C:\Users\Desmond\AppData\Local\Adobe
2014-08-03 11:31 - 2014-06-07 09:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-03 11:31 - 2014-06-07 09:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-02 16:34 - 2014-06-07 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-02 11:31 - 2014-02-20 22:38 - 00002190 _____ () C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-07-28 23:06 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-28 16:38 - 2013-08-11 22:15 - 00001029 _____ () C:\Users\Desmond\Desktop\Dropbox.lnk
2014-07-28 16:38 - 2013-08-11 22:14 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-20 19:21 - 2012-04-01 00:06 - 00002384 _____ () C:\Users\Desmond\Desktop\Google Chrome.lnk
2014-07-19 14:50 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-07-13 17:38 - 2012-04-14 22:56 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-13 17:38 - 2012-04-14 22:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-13 17:36 - 2009-07-14 12:45 - 05003304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-13 00:26 - 2014-05-01 13:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-13 00:26 - 2009-07-14 15:46 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 00:26 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-13 00:26 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-12 19:51 - 2013-07-15 23:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-12 19:50 - 2012-04-21 16:18 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-12 19:49 - 2012-04-01 21:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 11:19 - 2012-04-01 00:05 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139359546-1518747674-4288353645-1000Core.job
2014-07-12 10:22 - 2014-07-12 10:22 - 00000132 _____ () C:\Users\Desmond\AppData\Roaming\Adobe PNG Format CS5 Prefs
 
Some content of TEMP:
====================
C:\Users\Desmond\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Desmond\AppData\Local\Temp\lowproc.exe
C:\Users\Desmond\AppData\Local\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-19 14:43
 
==================== End Of Log ============================

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014
Ran by Desmond (administrator) on DESMOND-PC on 10-08-2014 21:13:25
Running from C:\Users\Desmond\Downloads


Farber scanner is running from the wrong location. We need it on the desktop. Open the downloads folder and drag to the desktop.

Farber creates 2 log reports, you have posted 1 log. I need the other log called additions.txt

1- Move farber scanner to the desktop
2- post the additions.txt log.
3- Do you have the combofix log ? I see that you ran that program.
4- Everything we download gets downloaded to the desktop, and you right click and run as administrator.
Thanks
Joe :)
  • 0

#3
bjory

bjory

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hi,

 

Have moved FRST into desktop and run the scan.

Attached are the log files.

Attached Files


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Thanks for those logs. I'm posting them to the forum now, so everthing is in one place and I'll review them.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by Desmond (administrator) on DESMOND-PC on 11-08-2014 21:41:41
Running from C:\Users\Desmond\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(腾讯公司) C:\Program Files (x86)\Tencent\QQPhoneManager\QQPMSRV.exe
(腾讯公司) C:\Program Files (x86)\Tencent\QQPhoneManager\QQPMExternal.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Tencent\QQPhoneManager\tadb.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
(Microsoft Corporation) C:\Users\Desmond\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
() C:\Program Files (x86)\WandouLabs\wandoujia_helper.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3019376 2011-02-23] (VIA)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-19] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3139359546-1518747674-4288353645-1000\...\Run: [iFunBoxConnector] => C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2012-11-20] ()
HKU\S-1-5-21-3139359546-1518747674-4288353645-1000\...\Run: [SkyDrive] => C:\Users\Desmond\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-02] (Microsoft Corporation)
Startup: C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wandoujia_helper.lnk
ShortcutTarget: wandoujia_helper.lnk -> C:\Program Files (x86)\WandouLabs\wandoujia_helper.exe ()
ShellIconOverlayIdentifiers: DownloadIcon -> {A8502600-B272-4F68-A67B-A0305D46D298} => C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.99.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DownloadIcon -> {A8502600-B272-4F68-A67B-A0305D46D297} => C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.99.0\QvodExtend.dll No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 218.108.85.59:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1CB901A1A6B3CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {8AB03763-68EC-4F24-A74A-C5BF2F335575} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {8AB03763-68EC-4F24-A74A-C5BF2F335575} URL = https://www.google.c...q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D298} -> C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.99.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: AgentForAndroid Class -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3185\npQQPhoneManagerExt.dll (腾讯公司)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D297} -> C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.99.0\QvodExtend.dll No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: C055494E-E5D5-1EEF-0F59-AE7CFD782579 Class -> {C055494E-E5D5-1EEF-0F59-AE7CFD782579} -> C:\Program Files (x86)\QvodPlayer\AddIn\{C055494E-E5D5-1EEF-0F59-AE7CFD782579}\QvodAddr.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://mail108.mmm.com/dwa85W.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5EA79262-F2BF-430F-9B34-A92DAE626093}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3185\npQQPhoneManagerExt.dll (腾讯公司)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Desmond\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Desmond\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: KuaiWanInsert -> C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-04-01]

Chrome:
=======
CHR HomePage: hxxp://sg.search.yahoo.com/?type=714647&fr=spigot-yhp-ch
CHR StartupUrls: "hxxp://sg.search.yahoo.com/?type=714647&fr=spigot-yhp-ch"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Desmond\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Desmond\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Desmond\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Desmond\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Desmond\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-01]
CHR Extension: (FTP Editor) - C:\Users\Desmond\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljonifjecojdgoejokjfdffgpgliic [2013-08-20]
CHR Extension: (Google Search) - C:\Users\Desmond\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-01]
CHR Extension: (Google Wallet) - C:\Users\Desmond\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Desmond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-01]
CHR Extension: (Change HTTP Request Header) - C:\Users\Desmond\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmibgfeefcglejjlpeihfdimbkfbbnm [2013-05-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 QQPMSRV; C:\Program Files (x86)\Tencent\QQPhoneManager\QQPMSRV.exe [31288 2013-09-27] (腾讯公司)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S1 bd0004; system32\DRIVERS\bd0004.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-11 21:39 - 2014-08-11 21:41 - 00018950 _____ () C:\Users\Desmond\Desktop\FRST.txt
2014-08-11 21:37 - 2014-08-11 21:38 - 02099712 _____ (Farbar) C:\Users\Desmond\Desktop\FRST64.exe
2014-08-10 21:14 - 2014-08-10 21:14 - 00035113 _____ () C:\Users\Desmond\Downloads\Addition.txt
2014-08-10 21:13 - 2014-08-11 21:41 - 00000000 ____D () C:\FRST
2014-08-10 21:13 - 2014-08-10 21:18 - 00046956 _____ () C:\Users\Desmond\Downloads\FRST.txt
2014-08-10 21:12 - 2014-08-10 21:12 - 02100224 _____ (Farbar) C:\Users\Desmond\Downloads\FRST64.exe
2014-08-09 16:12 - 2014-08-09 16:12 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3139359546-1518747674-4288353645-1000
2014-08-09 16:12 - 2014-08-09 16:12 - 00003240 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3139359546-1518747674-4288353645-1000
2014-08-09 16:10 - 2014-08-09 16:18 - 00000000 ____D () C:\Program Files (x86)\Real
2014-08-09 16:10 - 2014-08-09 16:17 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\Real
2014-08-09 16:08 - 2014-08-09 16:18 - 00000000 ____D () C:\ProgramData\Real
2014-08-09 16:08 - 2014-08-09 16:08 - 01065168 _____ (RealNetworks, Inc.) C:\Users\Desmond\Downloads\RealPlayerCloud.exe
2014-08-09 15:25 - 2014-08-09 15:25 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-09 15:24 - 2014-08-09 15:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-09 15:24 - 2014-08-09 15:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-09 15:24 - 2014-08-09 15:24 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-09 15:24 - 2014-08-09 15:24 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-09 15:24 - 2014-08-09 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-09 15:24 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-09 15:20 - 2014-08-09 15:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Desmond\Downloads\spybot-2.4.exe
2014-08-08 17:13 - 2014-08-08 17:13 - 04696442 _____ () C:\Users\Desmond\Desktop\RE%253a_SCV_5559_-_Tourist_8pp_Pack_+_Pack_Sleeve.zip
2014-08-08 16:19 - 2014-08-08 16:19 - 383602796 _____ () C:\Windows\MEMORY.DMP
2014-08-08 16:19 - 2014-08-08 16:19 - 00262144 _____ () C:\Windows\Minidump\080814-26442-01.dmp
2014-08-07 23:30 - 2014-08-07 23:30 - 00262144 _____ () C:\Windows\Minidump\080714-20014-01.dmp
2014-08-07 23:18 - 2014-08-08 16:19 - 00000000 ____D () C:\Windows\Minidump
2014-08-07 23:18 - 2014-08-07 23:18 - 00262144 _____ () C:\Windows\Minidump\080714-21450-01.dmp
2014-08-07 22:44 - 2014-08-08 17:11 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-08-07 22:44 - 2014-08-07 22:44 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-08-07 22:36 - 2014-08-07 22:36 - 00000000 ____D () C:\Users\Desmond\Downloads\SpyHunter 4.16.5.4290+patch
2014-08-07 22:04 - 2014-08-07 22:18 - 00000000 ____D () C:\ComboFix
2014-08-07 22:04 - 2014-08-07 22:11 - 00000000 ____D () C:\Qoobox
2014-08-07 22:04 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-07 22:04 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-07 22:04 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-07 22:04 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-07 22:04 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-07 22:04 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-07 22:04 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-07 22:04 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-07 22:03 - 2014-08-07 22:18 - 00000000 ____D () C:\Windows\erdnt
2014-08-07 22:02 - 2014-08-07 22:02 - 05568206 ____R (Swearware) C:\Users\Desmond\Downloads\ComboFix.exe
2014-08-07 21:59 - 2014-08-07 21:59 - 00000000 ____D () C:\AdwCleaner
2014-08-07 21:58 - 2014-08-07 21:58 - 01475072 _____ () C:\Users\Desmond\Downloads\adwcleaner_3.303.exe
2014-08-03 22:36 - 2014-08-03 22:36 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-03 22:36 - 2014-08-03 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\Program Files\iTunes
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\Program Files\iPod
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-03 22:31 - 2014-08-03 22:43 - 00000000 ____D () C:\Users\Desmond\AppData\Local\yfe
2014-08-03 21:45 - 2014-08-03 22:43 - 00000000 ____D () C:\ProgramData\Baidu
2014-08-03 21:45 - 2014-08-03 21:45 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\Baidu
2014-08-03 21:37 - 2014-08-03 21:37 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-03 11:38 - 2014-05-15 00:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 11:38 - 2014-05-15 00:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 11:38 - 2014-05-15 00:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 11:38 - 2014-05-15 00:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 11:37 - 2014-05-15 00:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 11:37 - 2014-05-15 00:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 11:37 - 2014-05-15 00:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 11:37 - 2014-05-15 00:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 11:37 - 2014-05-15 00:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 11:37 - 2014-05-15 00:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 11:37 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 11:37 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 11:37 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 11:37 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-03 11:36 - 2014-08-07 22:07 - 00000000 ____D () C:\Users\Desmond\Desktop\Sis's Photoshoot
2014-07-28 16:32 - 2014-07-28 16:32 - 00062586 _____ () C:\Users\Desmond\Downloads\[kickass.to]adobe.photoshop.cc.2014.64.bit.crack.chingliu.torrent
2014-07-12 19:46 - 2014-06-30 10:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-12 19:46 - 2014-06-30 10:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-12 19:46 - 2014-06-21 04:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-12 19:46 - 2014-06-21 03:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-12 19:46 - 2014-06-19 09:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-12 19:46 - 2014-06-19 09:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-12 19:46 - 2014-06-19 08:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-12 19:46 - 2014-06-19 08:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-12 19:46 - 2014-06-19 08:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-12 19:46 - 2014-06-19 08:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-12 19:46 - 2014-06-19 08:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-12 19:46 - 2014-06-19 08:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-12 19:46 - 2014-06-19 08:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-12 19:46 - 2014-06-19 08:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-12 19:46 - 2014-06-19 08:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-12 19:46 - 2014-06-19 08:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-12 19:46 - 2014-06-19 08:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-12 19:46 - 2014-06-19 07:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-12 19:46 - 2014-06-19 07:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-12 19:46 - 2014-06-19 07:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-12 19:46 - 2014-06-19 07:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-12 19:46 - 2014-06-19 07:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-12 19:46 - 2014-06-19 07:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-12 19:46 - 2014-06-19 07:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-12 19:46 - 2014-06-19 07:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-12 19:46 - 2014-06-19 07:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-12 19:46 - 2014-06-19 07:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-12 19:46 - 2014-06-19 07:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-12 19:46 - 2014-06-19 07:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-12 19:46 - 2014-06-19 07:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-12 19:46 - 2014-06-19 07:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-12 19:46 - 2014-06-19 07:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-12 19:46 - 2014-06-19 07:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-12 19:46 - 2014-06-19 07:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-12 19:46 - 2014-06-19 07:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-12 19:46 - 2014-06-19 07:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-12 19:46 - 2014-06-19 07:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-12 19:46 - 2014-06-19 07:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-12 19:46 - 2014-06-19 07:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-12 19:46 - 2014-06-19 06:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-12 19:46 - 2014-06-19 06:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-12 19:46 - 2014-06-19 06:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-12 19:46 - 2014-06-19 06:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-12 19:46 - 2014-06-19 06:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-12 19:46 - 2014-06-19 06:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-12 19:46 - 2014-06-19 06:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-12 19:46 - 2014-06-19 06:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-12 19:46 - 2014-06-19 06:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-12 19:46 - 2014-06-19 06:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-12 19:46 - 2014-06-19 06:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-12 19:46 - 2014-06-19 06:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-12 19:46 - 2014-06-18 10:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-12 19:46 - 2014-06-18 09:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-12 19:46 - 2014-06-18 09:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-12 19:46 - 2014-06-06 18:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-12 19:46 - 2014-06-06 17:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-12 19:46 - 2014-05-30 14:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-12 19:45 - 2014-06-19 09:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-12 19:45 - 2014-06-19 08:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-12 19:45 - 2014-06-19 08:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-12 19:45 - 2014-06-19 08:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-12 19:45 - 2014-06-19 07:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-12 19:45 - 2014-06-19 06:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-12 19:45 - 2014-06-19 06:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-12 19:44 - 2014-06-05 22:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-12 19:44 - 2014-06-05 22:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-12 19:44 - 2014-06-05 22:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-12 10:22 - 2014-07-12 10:22 - 00000132 _____ () C:\Users\Desmond\AppData\Roaming\Adobe PNG Format CS5 Prefs

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-11 21:41 - 2014-08-11 21:39 - 00018950 _____ () C:\Users\Desmond\Desktop\FRST.txt
2014-08-11 21:41 - 2014-08-10 21:13 - 00000000 ____D () C:\FRST
2014-08-11 21:41 - 2012-03-31 23:12 - 01744241 _____ () C:\Windows\WindowsUpdate.log
2014-08-11 21:38 - 2014-08-11 21:37 - 02099712 _____ (Farbar) C:\Users\Desmond\Desktop\FRST64.exe
2014-08-11 21:37 - 2013-02-19 22:55 - 00000000 ___RD () C:\Users\Desmond\SkyDrive
2014-08-11 21:35 - 2012-09-02 01:11 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-11 21:35 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-11 21:35 - 2009-07-14 12:51 - 00069047 _____ () C:\Windows\setupact.log
2014-08-10 21:19 - 2012-04-01 00:05 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139359546-1518747674-4288353645-1000UA.job
2014-08-10 21:18 - 2014-08-10 21:13 - 00046956 _____ () C:\Users\Desmond\Downloads\FRST.txt
2014-08-10 21:15 - 2012-09-02 01:11 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-10 21:14 - 2014-08-10 21:14 - 00035113 _____ () C:\Users\Desmond\Downloads\Addition.txt
2014-08-10 21:12 - 2014-08-10 21:12 - 02100224 _____ (Farbar) C:\Users\Desmond\Downloads\FRST64.exe
2014-08-10 20:58 - 2009-07-14 12:45 - 00019360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-10 20:58 - 2009-07-14 12:45 - 00019360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-09 17:25 - 2014-05-04 15:53 - 00000000 ____D () C:\Program Files (x86)\QvodPlayer
2014-08-09 16:18 - 2014-08-09 16:10 - 00000000 ____D () C:\Program Files (x86)\Real
2014-08-09 16:18 - 2014-08-09 16:08 - 00000000 ____D () C:\ProgramData\Real
2014-08-09 16:17 - 2014-08-09 16:10 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\Real
2014-08-09 16:12 - 2014-08-09 16:12 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3139359546-1518747674-4288353645-1000
2014-08-09 16:12 - 2014-08-09 16:12 - 00003240 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3139359546-1518747674-4288353645-1000
2014-08-09 16:08 - 2014-08-09 16:08 - 01065168 _____ (RealNetworks, Inc.) C:\Users\Desmond\Downloads\RealPlayerCloud.exe
2014-08-09 15:40 - 2014-08-09 15:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-09 15:33 - 2014-08-09 15:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-09 15:25 - 2014-08-09 15:25 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-09 15:24 - 2014-08-09 15:24 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-09 15:24 - 2014-08-09 15:24 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-09 15:24 - 2014-08-09 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-09 15:24 - 2013-10-19 10:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-09 15:21 - 2014-08-09 15:21 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-09 15:21 - 2014-08-09 15:20 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Desmond\Downloads\spybot-2.4.exe
2014-08-09 15:21 - 2012-12-21 00:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-08 17:55 - 2012-05-05 11:00 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\vlc
2014-08-08 17:28 - 2014-05-04 15:53 - 00000000 ____D () C:\ProgramData\QvodPlayer
2014-08-08 17:13 - 2014-08-08 17:13 - 04696442 _____ () C:\Users\Desmond\Desktop\RE%253a_SCV_5559_-_Tourist_8pp_Pack_+_Pack_Sleeve.zip
2014-08-08 17:11 - 2014-08-07 22:44 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-08-08 17:11 - 2013-01-27 13:41 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-08-08 16:19 - 2014-08-08 16:19 - 383602796 _____ () C:\Windows\MEMORY.DMP
2014-08-08 16:19 - 2014-08-08 16:19 - 00262144 _____ () C:\Windows\Minidump\080814-26442-01.dmp
2014-08-08 16:19 - 2014-08-07 23:18 - 00000000 ____D () C:\Windows\Minidump
2014-08-07 23:30 - 2014-08-07 23:30 - 00262144 _____ () C:\Windows\Minidump\080714-20014-01.dmp
2014-08-07 23:18 - 2014-08-07 23:18 - 00262144 _____ () C:\Windows\Minidump\080714-21450-01.dmp
2014-08-07 22:46 - 2012-04-23 15:14 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\uTorrent
2014-08-07 22:44 - 2014-08-07 22:44 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-08-07 22:36 - 2014-08-07 22:36 - 00000000 ____D () C:\Users\Desmond\Downloads\SpyHunter 4.16.5.4290+patch
2014-08-07 22:35 - 2014-05-04 15:54 - 00000954 _____ () C:\Users\Desmond\AppData\Roaming\coreavc.ini
2014-08-07 22:18 - 2014-08-07 22:04 - 00000000 ____D () C:\ComboFix
2014-08-07 22:18 - 2014-08-07 22:03 - 00000000 ____D () C:\Windows\erdnt
2014-08-07 22:14 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-07 22:13 - 2012-04-03 22:42 - 00164112 _____ () C:\Windows\PFRO.log
2014-08-07 22:12 - 2009-07-14 10:34 - 74711040 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-07 22:12 - 2009-07-14 10:34 - 17039360 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-07 22:12 - 2009-07-14 10:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-07 22:12 - 2009-07-14 10:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-07 22:12 - 2009-07-14 10:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-07 22:11 - 2014-08-07 22:04 - 00000000 ____D () C:\Qoobox
2014-08-07 22:07 - 2014-08-03 11:36 - 00000000 ____D () C:\Users\Desmond\Desktop\Sis's Photoshoot
2014-08-07 22:02 - 2014-08-07 22:02 - 05568206 ____R (Swearware) C:\Users\Desmond\Downloads\ComboFix.exe
2014-08-07 21:59 - 2014-08-07 21:59 - 00000000 ____D () C:\AdwCleaner
2014-08-07 21:58 - 2014-08-07 21:58 - 01475072 _____ () C:\Users\Desmond\Downloads\adwcleaner_3.303.exe
2014-08-03 22:43 - 2014-08-03 22:31 - 00000000 ____D () C:\Users\Desmond\AppData\Local\yfe
2014-08-03 22:43 - 2014-08-03 21:45 - 00000000 ____D () C:\ProgramData\Baidu
2014-08-03 22:36 - 2014-08-03 22:36 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-03 22:36 - 2014-08-03 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\Program Files\iTunes
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\Program Files\iPod
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-03 21:45 - 2014-08-03 21:45 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\Baidu
2014-08-03 21:37 - 2014-08-03 21:37 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-03 12:59 - 2013-08-11 22:15 - 00000000 ___RD () C:\Users\Desmond\Dropbox
2014-08-03 12:57 - 2012-05-19 21:00 - 00001456 _____ () C:\Users\Desmond\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-08-03 12:48 - 2009-07-14 13:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-03 12:47 - 2013-08-11 22:13 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\Dropbox
2014-08-03 11:44 - 2014-06-14 11:45 - 00000000 ____D () C:\Users\Desmond\AppData\Local\Adobe
2014-08-03 11:31 - 2014-06-07 09:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-03 11:31 - 2014-06-07 09:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-02 16:34 - 2014-06-07 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-02 11:31 - 2014-02-20 22:38 - 00002190 _____ () C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-07-28 23:06 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-28 16:38 - 2013-08-11 22:15 - 00001029 _____ () C:\Users\Desmond\Desktop\Dropbox.lnk
2014-07-28 16:38 - 2013-08-11 22:14 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-28 16:32 - 2014-07-28 16:32 - 00062586 _____ () C:\Users\Desmond\Downloads\[kickass.to]adobe.photoshop.cc.2014.64.bit.crack.chingliu.torrent
2014-07-20 19:21 - 2012-04-01 00:06 - 00002384 _____ () C:\Users\Desmond\Desktop\Google Chrome.lnk
2014-07-19 14:50 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-07-13 17:38 - 2012-04-14 22:56 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-13 17:38 - 2012-04-14 22:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-13 17:36 - 2009-07-14 12:45 - 05003304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-13 00:26 - 2014-05-01 13:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-13 00:26 - 2009-07-14 15:46 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 00:26 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-13 00:26 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-12 19:51 - 2013-07-15 23:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-12 19:50 - 2012-04-21 16:18 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-12 19:49 - 2012-04-01 21:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 11:19 - 2012-04-01 00:05 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139359546-1518747674-4288353645-1000Core.job
2014-07-12 10:22 - 2014-07-12 10:22 - 00000132 _____ () C:\Users\Desmond\AppData\Roaming\Adobe PNG Format CS5 Prefs

Some content of TEMP:
====================
C:\Users\Desmond\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Desmond\AppData\Local\Temp\lowproc.exe
C:\Users\Desmond\AppData\Local\Temp\stubhelper.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-19 14:43

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2014 01
Ran by Desmond at 2014-08-11 21:42:04
Running from C:\Users\Desmond\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.6.602.171 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
Canon MG5100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
DDPBInstaller (HKLM-x32\...\{0847D558-3CA6-4BA4-B99F-AA7DCAEFF030}) (Version: 1.0.8 - DauDen.vn)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FreeFileSync 5.20 (HKLM-x32\...\FreeFileSync) (Version: 5.20 - Zenju)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
IBM SPSS Statistics 21 (HKLM-x32\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
iFunbox (v2.1.2228.731), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.1.2228.731 - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
Intel® Processor ID Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 4.41.0000 - Intel® Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java™ 7 Update 4 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417004FF}) (Version: 7.0.40 - Oracle)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.0.162.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU (HKLM-x32\...\{FF63121D-91C6-42CC-B341-F1AA729728E7}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU (HKLM-x32\...\{D3A80508-CD83-4CA3-8671-914A1BC78B61}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1 - )
Oracle VM VirtualBox 4.1.12 (HKLM\...\{7492BCA7-9F62-4265-A727-DC26A9E3DF10}) (Version: 4.1.12 - Oracle Corporation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.36 - VIA Technologies, Inc.) Hidden
Prototyper Free 5.5.0 (HKLM-x32\...\Prototyper Free 5.5.0) (Version: 5.5.0 - Justinmind)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
SnapPea (HKLM-x32\...\Wandoujia2) (Version: - Wandou Labs)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SyncToy 2.1 (x86) (HKLM-x32\...\{A066194B-DC8F-449A-8E0F-B57BDD3A2072}) (Version: 2.1.0 - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.36 - VIA Technologies, Inc.)
Viper Plagiarism Scanner (HKLM-x32\...\{2D9F8754-84AB-4C46-8243-9EADF23A63EE}_is1) (Version: 4.1.90.1039 - All Answers Ltd)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
应用助手 (HKLM-x32\...\{365ADADE-814B-400C-877C-95E9F684BBEB}) (Version: 2.0.13 - 腾讯公司)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3139359546-1518747674-4288353645-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Desmond\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3139359546-1518747674-4288353645-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Desmond\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3139359546-1518747674-4288353645-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Desmond\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3139359546-1518747674-4288353645-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Desmond\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3139359546-1518747674-4288353645-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Desmond\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3139359546-1518747674-4288353645-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Desmond\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3139359546-1518747674-4288353645-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Desmond\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3139359546-1518747674-4288353645-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Desmond\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3139359546-1518747674-4288353645-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Desmond\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3139359546-1518747674-4288353645-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3139359546-1518747674-4288353645-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3139359546-1518747674-4288353645-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3139359546-1518747674-4288353645-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3139359546-1518747674-4288353645-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3139359546-1518747674-4288353645-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3139359546-1518747674-4288353645-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3139359546-1518747674-4288353645-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3139359546-1518747674-4288353645-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Desmond\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

28-07-2014 07:57:37 Windows Update
02-08-2014 03:41:00 Windows Update
02-08-2014 08:32:26 Windows Update
03-08-2014 03:36:24 Windows Update
03-08-2014 13:36:45 Installed Java 7 Update 65
07-08-2014 13:47:36 Windows Update
07-08-2014 14:44:18 Installed SpyHunter
08-08-2014 09:09:49 Removed SpyHunter
09-08-2014 07:20:20 Installed Java 7 Update 67

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2014-08-07 22:13 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DD7A723-E250-461D-BCA4-9C76BFE4AF8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-02] (Google Inc.)
Task: {13CB7C77-C4F1-4AA0-9BB2-3313E0510472} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-02] (Google Inc.)
Task: {1989628E-1D93-4346-99B0-12E9CD867985} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {1D2C98B2-1495-4BD6-843B-5EA8AB069045} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {3A12CF0E-FA2C-44BE-83E6-D26ABCB36E97} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4945C030-8295-4860-A8F9-FF2AC9AA0F43} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3139359546-1518747674-4288353645-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {63C3013A-AC5A-4451-8406-D7FDD7595049} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3139359546-1518747674-4288353645-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {7E996FDD-5225-40BC-B37C-A4A73D43D7D8} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {A4A4BD97-7526-4472-9F95-BA4A28E786AB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {B47F292D-2479-4086-B4CF-2A24F203A6E7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {D95B6934-6577-47E0-94D0-F01FCC21C373} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3139359546-1518747674-4288353645-1000Core => C:\Users\Desmond\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-01] (Google Inc.)
Task: {E1C048B9-AF71-45BD-8F01-4923C2848962} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {F6FFAD39-60B8-4406-A30B-75970647BF7A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3139359546-1518747674-4288353645-1000UA => C:\Users\Desmond\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-01] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139359546-1518747674-4288353645-1000Core.job => C:\Users\Desmond\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139359546-1518747674-4288353645-1000UA.job => C:\Users\Desmond\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 22:42 - 2010-01-02 22:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-04-23 15:22 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2011-07-19 05:04 - 2011-07-19 05:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2013-09-27 17:11 - 2013-09-27 17:11 - 00822840 _____ () C:\Program Files (x86)\Tencent\QQPhoneManager\tadb.exe
2010-11-28 20:34 - 2010-11-28 20:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-17 12:37 - 2012-11-20 01:03 - 00812544 _____ () C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
2014-01-11 15:21 - 2014-01-11 15:21 - 00258944 _____ () C:\Program Files (x86)\WandouLabs\wandoujia_helper.exe
2012-03-31 23:28 - 2011-02-23 21:12 - 00078448 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-03-31 23:28 - 2011-02-23 21:12 - 00386160 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-03-31 23:28 - 2011-02-23 21:12 - 00621168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-27 17:11 - 2013-09-27 17:11 - 00068152 _____ () C:\Program Files (x86)\Tencent\QQPhoneManager\zlib1.dll
2013-02-17 12:37 - 2012-04-26 14:38 - 20758016 _____ () C:\Program Files (x86)\i-Funbox DevTeam\libcef.dll
2014-01-11 15:22 - 2014-01-11 15:22 - 34663808 _____ () C:\Program Files (x86)\WandouLabs\core.dll
2014-08-09 15:24 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-09 15:24 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-09 15:24 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-09 15:24 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-09 15:24 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-08-08 03:25 - 2013-08-08 03:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-07-20 19:21 - 2014-07-15 17:24 - 00718664 _____ () C:\Users\Desmond\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-20 19:21 - 2014-07-15 17:24 - 00126280 _____ () C:\Users\Desmond\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-20 19:21 - 2014-07-15 17:24 - 08537928 _____ () C:\Users\Desmond\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-20 19:21 - 2014-07-15 17:24 - 00353096 _____ () C:\Users\Desmond\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-20 19:21 - 2014-07-15 17:24 - 01732936 _____ () C:\Users\Desmond\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: bd0004
Description: bd0004
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: bd0004
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2014 04:18:07 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Desmond-PC)
Description: Application or service 'RealNetworks Downloader Resolver Service' could not be restarted.

Error: (08/09/2014 04:18:04 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Desmond-PC)
Description: Application or service 'RealPlayer Update Service' could not be restarted.

Error: (08/08/2014 05:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 967175

Error: (08/08/2014 05:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 967175

Error: (08/08/2014 05:05:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/08/2014 05:05:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 951575

Error: (08/08/2014 05:05:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 951575

Error: (08/08/2014 05:05:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/08/2014 05:05:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 935975

Error: (08/08/2014 05:05:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 935975


System errors:
=============
Error: (08/11/2014 09:35:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (08/11/2014 09:35:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (08/10/2014 08:51:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (08/10/2014 08:51:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (08/09/2014 04:17:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RealPlayer Cloud Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/09/2014 03:48:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (08/09/2014 03:48:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (08/08/2014 05:07:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:06:21 PM on ‎8/‎8/‎2014 was unexpected.

Error: (08/08/2014 04:19:52 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000050 (0xfffffa7ffffffff1, 0x0000000000000000, 0xfffff80003001123, 0x0000000000000007)C:\Windows\MEMORY.DMP080814-26442-01

Error: (08/08/2014 04:19:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:18:16 PM on ‎8/‎8/‎2014 was unexpected.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-08-07 22:11:39.375
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-07 22:11:39.251
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 8104.66 MB
Available physical RAM: 5522.68 MB
Total Pagefile: 16207.49 MB
Available Pagefile: 13503.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:117.19 GB) (Free:23.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:478.98 GB) (Free:307.22 GB) NTFS
Drive e: (DATA 2) (Fixed) (Total:100.01 GB) (Free:91.76 GB) NTFS
Drive f: (DATA 3) (Fixed) (Total:132.88 GB) (Free:9.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: DBE9E2D8)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=133 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 46BD488E)
Partition 1: (Active) - (Size=117 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=479 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,
 

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)


I have noticed in your log file you are using µTorrent as seen above in quotes P2P program. We at Geeks to go ! Recommend removing these type of programs, they are a known cause of Malware infections. When you use file sharing programs like this you can never be sure of the file content and you are put at a much greater risk for infection. I strongly recommend you remove this program.

**I have also noticed that you ran Combofix. Do you have the log file that combofix created ?? I suggest in the future you refrain from using combofix unless you're being helped / guided at a Malware removal forum such as this.

Lets go through the removal process for combofix now.

1-Click on the Start button and then in the Search field enter combofix /uninstall Please note that there is a space between combofix and /uninstall.

Next

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
HKLM-x32\...\Run: [] => [X]
FF Plugin HKCU: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll No File
FF Plugin HKCU: KuaiWanInsert -> C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ProxyServer: 218.108.85.59:80
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

Next
  • Download Shortcutcleaner to your desktop.
  • Right click on sc-cleaner.exe and choose run as administrator.
  • Know the tool will scan all the windows shortcuts that belong to your installed browsers.
  • If the tool detects hijacked shortcuts, it will automatically clean them.
  • When the tool is ready, it will save a log file on your desktop, this file contains the information of the scanned and repaired shortcuts.
In your next reply post:
1-(Fixlog.txt)
2- JRT.TXT
3- Shortcut cleaner log

Thanks
Joe :)
  • 0

#6
bjory

bjory

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Thanks for the help! I ran the recommended anti malware program and the injection is gone!


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP