Hi,
My IE kept opening up hao123.com from the homepage despite everything I have done:
- Run all the malwares program
- Remove hao123 in regedit but still reappears
- Reset IE settings
Please help. I have paste FRST logs here.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014
Ran by Desmond (administrator) on DESMOND-PC on 10-08-2014 21:13:25
Running from C:\Users\Desmond\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(腾讯公司) C:\Program Files (x86)\Tencent\QQPhoneManager\QQPMSRV.exe
(腾讯公司) C:\Program Files (x86)\Tencent\QQPhoneManager\QQPMExternal.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Tencent\QQPhoneManager\tadb.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
(Microsoft Corporation) C:\Users\Desmond\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
() C:\Program Files (x86)\WandouLabs\wandoujia_helper.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Desmond\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [3019376 2011-02-23] (VIA)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-19] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3139359546-1518747674-4288353645-1000\...\Run: [iFunBoxConnector] => C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe [812544 2012-11-20] ()
HKU\S-1-5-21-3139359546-1518747674-4288353645-1000\...\Run: [SkyDrive] => C:\Users\Desmond\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-08-02] (Microsoft Corporation)
Startup: C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wandoujia_helper.lnk
ShortcutTarget: wandoujia_helper.lnk -> C:\Program Files (x86)\WandouLabs\wandoujia_helper.exe ()
ShellIconOverlayIdentifiers: DownloadIcon -> {A8502600-B272-4F68-A67B-A0305D46D298} => C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.99.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DownloadIcon -> {A8502600-B272-4F68-A67B-A0305D46D297} => C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.99.0\QvodExtend.dll No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Desmond\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: 218.108.85.59:80
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1CB901A1A6B3CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {8AB03763-68EC-4F24-A74A-C5BF2F335575} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {8AB03763-68EC-4F24-A74A-C5BF2F335575} URL = https://www.google.c...q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D298} -> C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.99.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: AgentForAndroid Class -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3185\npQQPhoneManagerExt.dll (腾讯公司)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: QvodExtend -> {A8502600-B272-4F68-A67B-A0305D46D297} -> C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.99.0\QvodExtend.dll No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: C055494E-E5D5-1EEF-0F59-AE7CFD782579 Class -> {C055494E-E5D5-1EEF-0F59-AE7CFD782579} -> C:\Program Files (x86)\QvodPlayer\AddIn\{C055494E-E5D5-1EEF-0F59-AE7CFD782579}\QvodAddr.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://mail108.mmm.com/dwa85W.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5EA79262-F2BF-430F-9B34-A92DAE626093}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3185\npQQPhoneManagerExt.dll (腾讯公司)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Desmond\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Desmond\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: KuaiWanInsert -> C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-04-01]
Chrome:
=======
CHR HomePage: hxxp://sg.search.yahoo.com/?type=714647&fr=spigot-yhp-ch
CHR StartupUrls: "hxxp://sg.search.yahoo.com/?type=714647&fr=spigot-yhp-ch"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Desmond\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Desmond\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Desmond\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Desmond\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (YouTube) - C:\Users\Desmond\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-01]
CHR Extension: (FTP Editor) - C:\Users\Desmond\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljonifjecojdgoejokjfdffgpgliic [2013-08-20]
CHR Extension: (Google Search) - C:\Users\Desmond\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-01]
CHR Extension: (Google Wallet) - C:\Users\Desmond\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Desmond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-01]
CHR Extension: (Change HTTP Request Header) - C:\Users\Desmond\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppmibgfeefcglejjlpeihfdimbkfbbnm [2013-05-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 QQPMSRV; C:\Program Files (x86)\Tencent\QQPhoneManager\QQPMSRV.exe [31288 2013-09-27] (腾讯公司)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S1 bd0004; system32\DRIVERS\bd0004.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-10 21:13 - 2014-08-10 21:14 - 00019632 _____ () C:\Users\Desmond\Downloads\FRST.txt
2014-08-10 21:13 - 2014-08-10 21:13 - 00000000 ____D () C:\FRST
2014-08-10 21:12 - 2014-08-10 21:12 - 02100224 _____ (Farbar) C:\Users\Desmond\Downloads\FRST64.exe
2014-08-09 16:12 - 2014-08-09 16:12 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3139359546-1518747674-4288353645-1000
2014-08-09 16:12 - 2014-08-09 16:12 - 00003240 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3139359546-1518747674-4288353645-1000
2014-08-09 16:10 - 2014-08-09 16:18 - 00000000 ____D () C:\Program Files (x86)\Real
2014-08-09 16:10 - 2014-08-09 16:17 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\Real
2014-08-09 16:08 - 2014-08-09 16:18 - 00000000 ____D () C:\ProgramData\Real
2014-08-09 16:08 - 2014-08-09 16:08 - 01065168 _____ (RealNetworks, Inc.) C:\Users\Desmond\Downloads\RealPlayerCloud.exe
2014-08-09 15:25 - 2014-08-09 15:25 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-09 15:24 - 2014-08-09 15:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-09 15:24 - 2014-08-09 15:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-09 15:24 - 2014-08-09 15:24 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-09 15:24 - 2014-08-09 15:24 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-09 15:24 - 2014-08-09 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-09 15:24 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-09 15:20 - 2014-08-09 15:21 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Desmond\Downloads\spybot-2.4.exe
2014-08-08 17:13 - 2014-08-08 17:13 - 04696442 _____ () C:\Users\Desmond\Desktop\RE%253a_SCV_5559_-_Tourist_8pp_Pack_+_Pack_Sleeve.zip
2014-08-08 16:19 - 2014-08-08 16:19 - 383602796 _____ () C:\Windows\MEMORY.DMP
2014-08-08 16:19 - 2014-08-08 16:19 - 00262144 _____ () C:\Windows\Minidump\080814-26442-01.dmp
2014-08-07 23:30 - 2014-08-07 23:30 - 00262144 _____ () C:\Windows\Minidump\080714-20014-01.dmp
2014-08-07 23:18 - 2014-08-08 16:19 - 00000000 ____D () C:\Windows\Minidump
2014-08-07 23:18 - 2014-08-07 23:18 - 00262144 _____ () C:\Windows\Minidump\080714-21450-01.dmp
2014-08-07 22:44 - 2014-08-08 17:11 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-08-07 22:44 - 2014-08-07 22:44 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-08-07 22:36 - 2014-08-07 22:36 - 00000000 ____D () C:\Users\Desmond\Downloads\SpyHunter 4.16.5.4290+patch
2014-08-07 22:04 - 2014-08-07 22:18 - 00000000 ____D () C:\ComboFix
2014-08-07 22:04 - 2014-08-07 22:11 - 00000000 ____D () C:\Qoobox
2014-08-07 22:04 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-07 22:04 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-07 22:04 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-07 22:04 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-07 22:04 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-07 22:04 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-07 22:04 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-07 22:04 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-07 22:03 - 2014-08-07 22:18 - 00000000 ____D () C:\Windows\erdnt
2014-08-07 22:02 - 2014-08-07 22:02 - 05568206 ____R (Swearware) C:\Users\Desmond\Downloads\ComboFix.exe
2014-08-07 21:59 - 2014-08-07 21:59 - 00000000 ____D () C:\AdwCleaner
2014-08-07 21:58 - 2014-08-07 21:58 - 01475072 _____ () C:\Users\Desmond\Downloads\adwcleaner_3.303.exe
2014-08-03 22:36 - 2014-08-03 22:36 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-03 22:36 - 2014-08-03 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\Program Files\iTunes
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\Program Files\iPod
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-03 22:31 - 2014-08-03 22:43 - 00000000 ____D () C:\Users\Desmond\AppData\Local\yfe
2014-08-03 21:45 - 2014-08-03 22:43 - 00000000 ____D () C:\ProgramData\Baidu
2014-08-03 21:45 - 2014-08-03 21:45 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\Baidu
2014-08-03 21:37 - 2014-08-03 21:37 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-03 11:38 - 2014-05-15 00:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 11:38 - 2014-05-15 00:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 11:38 - 2014-05-15 00:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 11:38 - 2014-05-15 00:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 11:37 - 2014-05-15 00:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 11:37 - 2014-05-15 00:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 11:37 - 2014-05-15 00:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 11:37 - 2014-05-15 00:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 11:37 - 2014-05-15 00:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 11:37 - 2014-05-15 00:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 11:37 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 11:37 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 11:37 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 11:37 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-03 11:36 - 2014-08-07 22:07 - 00000000 ____D () C:\Users\Desmond\Desktop\Sis's Photoshoot
2014-07-12 19:46 - 2014-06-30 10:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-12 19:46 - 2014-06-30 10:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-12 19:46 - 2014-06-21 04:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-12 19:46 - 2014-06-21 03:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-12 19:46 - 2014-06-19 09:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-12 19:46 - 2014-06-19 09:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-12 19:46 - 2014-06-19 08:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-12 19:46 - 2014-06-19 08:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-12 19:46 - 2014-06-19 08:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-12 19:46 - 2014-06-19 08:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-12 19:46 - 2014-06-19 08:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-12 19:46 - 2014-06-19 08:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-12 19:46 - 2014-06-19 08:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-12 19:46 - 2014-06-19 08:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-12 19:46 - 2014-06-19 08:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-12 19:46 - 2014-06-19 08:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-12 19:46 - 2014-06-19 08:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-12 19:46 - 2014-06-19 07:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-12 19:46 - 2014-06-19 07:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-12 19:46 - 2014-06-19 07:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-12 19:46 - 2014-06-19 07:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-12 19:46 - 2014-06-19 07:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-12 19:46 - 2014-06-19 07:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-12 19:46 - 2014-06-19 07:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-12 19:46 - 2014-06-19 07:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-12 19:46 - 2014-06-19 07:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-12 19:46 - 2014-06-19 07:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-12 19:46 - 2014-06-19 07:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-12 19:46 - 2014-06-19 07:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-12 19:46 - 2014-06-19 07:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-12 19:46 - 2014-06-19 07:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-12 19:46 - 2014-06-19 07:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-12 19:46 - 2014-06-19 07:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-12 19:46 - 2014-06-19 07:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-12 19:46 - 2014-06-19 07:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-12 19:46 - 2014-06-19 07:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-12 19:46 - 2014-06-19 07:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-12 19:46 - 2014-06-19 07:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-12 19:46 - 2014-06-19 07:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-12 19:46 - 2014-06-19 06:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-12 19:46 - 2014-06-19 06:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-12 19:46 - 2014-06-19 06:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-12 19:46 - 2014-06-19 06:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-12 19:46 - 2014-06-19 06:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-12 19:46 - 2014-06-19 06:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-12 19:46 - 2014-06-19 06:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-12 19:46 - 2014-06-19 06:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-12 19:46 - 2014-06-19 06:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-12 19:46 - 2014-06-19 06:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-12 19:46 - 2014-06-19 06:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-12 19:46 - 2014-06-19 06:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-12 19:46 - 2014-06-18 10:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-12 19:46 - 2014-06-18 09:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-12 19:46 - 2014-06-18 09:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-12 19:46 - 2014-06-06 18:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-12 19:46 - 2014-06-06 17:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-12 19:46 - 2014-05-30 16:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-12 19:46 - 2014-05-30 15:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-12 19:46 - 2014-05-30 14:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-12 19:45 - 2014-06-19 09:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-12 19:45 - 2014-06-19 08:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-12 19:45 - 2014-06-19 08:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-12 19:45 - 2014-06-19 08:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-12 19:45 - 2014-06-19 07:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-12 19:45 - 2014-06-19 06:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-12 19:45 - 2014-06-19 06:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-12 19:44 - 2014-06-05 22:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-12 19:44 - 2014-06-05 22:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-12 19:44 - 2014-06-05 22:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-12 10:22 - 2014-07-12 10:22 - 00000132 _____ () C:\Users\Desmond\AppData\Roaming\Adobe PNG Format CS5 Prefs
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-10 21:14 - 2014-08-10 21:13 - 00019632 _____ () C:\Users\Desmond\Downloads\FRST.txt
2014-08-10 21:13 - 2014-08-10 21:13 - 00000000 ____D () C:\FRST
2014-08-10 21:12 - 2014-08-10 21:12 - 02100224 _____ (Farbar) C:\Users\Desmond\Downloads\FRST64.exe
2014-08-10 21:01 - 2012-03-31 23:12 - 01714692 _____ () C:\Windows\WindowsUpdate.log
2014-08-10 20:58 - 2009-07-14 12:45 - 00019360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-10 20:58 - 2009-07-14 12:45 - 00019360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-10 20:52 - 2013-02-19 22:55 - 00000000 ___RD () C:\Users\Desmond\SkyDrive
2014-08-10 20:50 - 2012-09-02 01:11 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-10 20:50 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-10 20:50 - 2009-07-14 12:51 - 00068991 _____ () C:\Windows\setupact.log
2014-08-09 20:19 - 2012-04-01 00:05 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139359546-1518747674-4288353645-1000UA.job
2014-08-09 20:16 - 2012-09-02 01:11 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-09 17:25 - 2014-05-04 15:53 - 00000000 ____D () C:\Program Files (x86)\QvodPlayer
2014-08-09 16:18 - 2014-08-09 16:10 - 00000000 ____D () C:\Program Files (x86)\Real
2014-08-09 16:18 - 2014-08-09 16:08 - 00000000 ____D () C:\ProgramData\Real
2014-08-09 16:17 - 2014-08-09 16:10 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\Real
2014-08-09 16:12 - 2014-08-09 16:12 - 00003370 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3139359546-1518747674-4288353645-1000
2014-08-09 16:12 - 2014-08-09 16:12 - 00003240 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3139359546-1518747674-4288353645-1000
2014-08-09 16:08 - 2014-08-09 16:08 - 01065168 _____ (RealNetworks, Inc.) C:\Users\Desmond\Downloads\RealPlayerCloud.exe
2014-08-09 15:40 - 2014-08-09 15:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-09 15:33 - 2014-08-09 15:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-09 15:25 - 2014-08-09 15:25 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-09 15:24 - 2014-08-09 15:24 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-09 15:24 - 2014-08-09 15:24 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-09 15:24 - 2014-08-09 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-09 15:24 - 2013-10-19 10:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-09 15:21 - 2014-08-09 15:21 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-09 15:21 - 2014-08-09 15:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-09 15:21 - 2014-08-09 15:20 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Desmond\Downloads\spybot-2.4.exe
2014-08-09 15:21 - 2012-12-21 00:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-08 17:55 - 2012-05-05 11:00 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\vlc
2014-08-08 17:28 - 2014-05-04 15:53 - 00000000 ____D () C:\ProgramData\QvodPlayer
2014-08-08 17:13 - 2014-08-08 17:13 - 04696442 _____ () C:\Users\Desmond\Desktop\RE%253a_SCV_5559_-_Tourist_8pp_Pack_+_Pack_Sleeve.zip
2014-08-08 17:11 - 2014-08-07 22:44 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-08-08 17:11 - 2013-01-27 13:41 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-08-08 16:19 - 2014-08-08 16:19 - 383602796 _____ () C:\Windows\MEMORY.DMP
2014-08-08 16:19 - 2014-08-08 16:19 - 00262144 _____ () C:\Windows\Minidump\080814-26442-01.dmp
2014-08-08 16:19 - 2014-08-07 23:18 - 00000000 ____D () C:\Windows\Minidump
2014-08-07 23:30 - 2014-08-07 23:30 - 00262144 _____ () C:\Windows\Minidump\080714-20014-01.dmp
2014-08-07 23:18 - 2014-08-07 23:18 - 00262144 _____ () C:\Windows\Minidump\080714-21450-01.dmp
2014-08-07 22:46 - 2012-04-23 15:14 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\uTorrent
2014-08-07 22:44 - 2014-08-07 22:44 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-08-07 22:36 - 2014-08-07 22:36 - 00000000 ____D () C:\Users\Desmond\Downloads\SpyHunter 4.16.5.4290+patch
2014-08-07 22:35 - 2014-05-04 15:54 - 00000954 _____ () C:\Users\Desmond\AppData\Roaming\coreavc.ini
2014-08-07 22:18 - 2014-08-07 22:04 - 00000000 ____D () C:\ComboFix
2014-08-07 22:18 - 2014-08-07 22:03 - 00000000 ____D () C:\Windows\erdnt
2014-08-07 22:14 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-07 22:13 - 2012-04-03 22:42 - 00164112 _____ () C:\Windows\PFRO.log
2014-08-07 22:12 - 2009-07-14 10:34 - 74711040 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-07 22:12 - 2009-07-14 10:34 - 17039360 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-07 22:12 - 2009-07-14 10:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-07 22:12 - 2009-07-14 10:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-07 22:12 - 2009-07-14 10:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-07 22:11 - 2014-08-07 22:04 - 00000000 ____D () C:\Qoobox
2014-08-07 22:07 - 2014-08-03 11:36 - 00000000 ____D () C:\Users\Desmond\Desktop\Sis's Photoshoot
2014-08-07 22:02 - 2014-08-07 22:02 - 05568206 ____R (Swearware) C:\Users\Desmond\Downloads\ComboFix.exe
2014-08-07 21:59 - 2014-08-07 21:59 - 00000000 ____D () C:\AdwCleaner
2014-08-07 21:58 - 2014-08-07 21:58 - 01475072 _____ () C:\Users\Desmond\Downloads\adwcleaner_3.303.exe
2014-08-03 22:43 - 2014-08-03 22:31 - 00000000 ____D () C:\Users\Desmond\AppData\Local\yfe
2014-08-03 22:43 - 2014-08-03 21:45 - 00000000 ____D () C:\ProgramData\Baidu
2014-08-03 22:36 - 2014-08-03 22:36 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-03 22:36 - 2014-08-03 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\Program Files\iTunes
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\Program Files\iPod
2014-08-03 22:35 - 2014-08-03 22:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-03 21:45 - 2014-08-03 21:45 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\Baidu
2014-08-03 21:37 - 2014-08-03 21:37 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-08-03 12:59 - 2013-08-11 22:15 - 00000000 ___RD () C:\Users\Desmond\Dropbox
2014-08-03 12:57 - 2012-05-19 21:00 - 00001456 _____ () C:\Users\Desmond\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-08-03 12:48 - 2009-07-14 13:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-03 12:47 - 2013-08-11 22:13 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\Dropbox
2014-08-03 11:44 - 2014-06-14 11:45 - 00000000 ____D () C:\Users\Desmond\AppData\Local\Adobe
2014-08-03 11:31 - 2014-06-07 09:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-03 11:31 - 2014-06-07 09:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-02 16:34 - 2014-06-07 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-02 11:31 - 2014-02-20 22:38 - 00002190 _____ () C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-07-28 23:06 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-28 16:38 - 2013-08-11 22:15 - 00001029 _____ () C:\Users\Desmond\Desktop\Dropbox.lnk
2014-07-28 16:38 - 2013-08-11 22:14 - 00000000 ____D () C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-20 19:21 - 2012-04-01 00:06 - 00002384 _____ () C:\Users\Desmond\Desktop\Google Chrome.lnk
2014-07-19 14:50 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-07-13 17:38 - 2012-04-14 22:56 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-13 17:38 - 2012-04-14 22:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-13 17:36 - 2009-07-14 12:45 - 05003304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-13 00:26 - 2014-05-01 13:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-13 00:26 - 2009-07-14 15:46 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 00:26 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-13 00:26 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-12 19:51 - 2013-07-15 23:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-12 19:50 - 2012-04-21 16:18 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-12 19:49 - 2012-04-01 21:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 11:19 - 2012-04-01 00:05 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139359546-1518747674-4288353645-1000Core.job
2014-07-12 10:22 - 2014-07-12 10:22 - 00000132 _____ () C:\Users\Desmond\AppData\Roaming\Adobe PNG Format CS5 Prefs
Some content of TEMP:
====================
C:\Users\Desmond\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Desmond\AppData\Local\Temp\lowproc.exe
C:\Users\Desmond\AppData\Local\Temp\stubhelper.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-19 14:43
==================== End Of Log ============================
Sign In
Create Account
