Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web browser hijacker - sogou from China


  • This topic is locked This topic is locked
17 replies to this topic

#1 syen

syen

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Knoxville, Tennessee
  • Local time:10:21 PM

Posted 13 May 2015 - 07:43 PM

Hi, I have been hit by a web browser haijacker called sogou (sogou.com). It haijacks my Mozilla Firefox. Also, my Internet Explorer gets disabled (not sure if it is part of the same problem). I followed Microsoft's suggestions to turn the i.e. feature off and then back on but this did not resolve the problem. A minor problem (which I am not sure is related) is some mp4 files downloaded earlier no longer work (Windows Media Player complained about not having the right codec).

 

Below I paste text from file "FRST.txt" and also attach file "Addition.txt". Please help. Thank you!

 

---

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2015 01
Ran by syen01 (administrator) on STY1 on 13-05-2015 20:24:26
Running from C:\Users\syen01\Desktop
Loaded Profiles: syen01 (Available profiles: syen01 & abc)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\CAAMSvc.exe
(Computer Associates International, Inc.) C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\isafe.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PC Pitstop LLC) C:\Program Files (x86)\Total Defense\PCPitstopScheduleService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(CA) C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\ccEvtMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\syen01\AppData\Roaming\¿áÒô´«ËÍ\kumusic1.0.4.6\KuPlayer.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Dropbox, Inc.) C:\Users\syen01\AppData\Roaming\Dropbox\bin\Dropbox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(QUALCOMM Incorporated) C:\Program Files (x86)\Qualcomm\Eudora\Eudora.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Karen Kenworthy) C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [cctray] => C:\Program Files\Total Defense\Internet Security Suite\casc.exe [2733576 2013-09-21] (Total Defense, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-04-19] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-08-05] (Wondershare)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-10-15] (Hewlett-Packard Company)
HKLM-x32\...\Run: [PowerDVD13Agent] => C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [517144 2013-09-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Total Defense PC Tuneup Reminder] => C:\Program Files (x86)\Total Defense\PC Tune-Up\Reminder-PCTuneup.exe [325288 2011-12-16] (PC Pitstop LLC)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2015-01-31] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [bfcloud] => "C:\Program Files (x86)\bfcloud\bfcloader.exe" "wins"
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4923832 2015-05-10] (Emsisoft Ltd)
HKLM-x32\...\Run: [MTview] => C:\Program Files (x86)\MTV20150510\MTView.exe [1879432 2015-05-10] (STA)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\PFW-x32: UmxWnp.Dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-11-02] (Google Inc.)
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\...\Run: [OneDrive] => C:\Users\syen01\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-13] (Microsoft Corporation)
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\...\Run: [bfcmpasrv] => C:\Program Files (x86)\bfcmpa\bfcmpasrv.exe [926136 2014-11-11] (杭州边锋网络技术有限公司)
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\...\Run: [frmPlayer] => C:\Users\syen01\AppData\Roaming\¿áÒô´«ËÍ\kumusic1.0.4.6\KuPlayer.exe [578488 2015-04-05] ()
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\...\MountPoints2: {889802b8-58d9-11e3-be9f-48d224606871} - "J:\SISetup.exe"
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156256 2013-12-23] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2015-01-31]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk [2014-03-31]
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\(749)X_mp4_Downloader.lnk [2015-04-17]
ShortcutTarget: (749)X_mp4_Downloader.lnk -> C:\ProgramData\{ee518c91-123f-fe25-ee51-18c911233244}\(749)X_mp4_Downloader.exe (No File)
Startup: C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\syen01\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eudora.lnk [2013-11-03]
ShortcutTarget: Eudora.lnk -> C:\Program Files (x86)\Qualcomm\Eudora\Eudora.exe (QUALCOMM Incorporated)
Startup: C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Replicator.lnk [2013-11-22]
ShortcutTarget: Replicator.lnk -> C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe (Karen Kenworthy)
Startup: C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-06-28]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk [2014-06-29]
ShortcutTarget: Skype.lnk -> C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe ()
Startup: C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk [2014-02-18]
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Total Defense Security Center.lnk [2013-11-22]
ShortcutTarget: Total Defense Security Center.lnk -> C:\Program Files\Total Defense\Internet Security Suite\casc.exe (Total Defense, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\syen01\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\syen01\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\syen01\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\syen01\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\syen01\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\syen01\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\syen01\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\syen01\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2310646588-1305869816-1876807301-1002 -> {0C4B3353-D1AD-465A-949C-B38FE17F011B} URL =
SearchScopes: HKU\S-1-5-21-2310646588-1305869816-1876807301-1002 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Total Defense Anti-Phishing Toolbar Helper -> {45011CF5-E4A9-4F13-9093-F30A784EB9B2} -> C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\toolbar\caIEToolbar.dll [2013-09-21] (Total Defense, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-12] (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: Í㶹¼Ô apk °²×°Æ÷ -> {000DA090-57AA-424B-A8F0-621B7C08B8F4} -> C:\Program Files (x86)\WandouLabs\wandoujia_bho32.dll No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO-x32: Total Defense Anti-Phishing Toolbar Helper -> {45011CF5-E4A9-4F13-9093-F30A784EB9B2} -> C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\toolbar\caIEToolbar.dll [2013-09-21] (Total Defense, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-09] (Oracle Corporation)
BHO-x32: Qualys BrowserCheck IE Helper -> {7D2FB79E-E58C-4DB5-A36F-AC1C73967FA5} -> C:\Windows\Downloaded Program Files\qbc_bho.dll [2013-12-03] (Qualys, Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-12] (Google Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-09] (Oracle Corporation)
Toolbar: HKLM - Total Defense Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\toolbar\caIEToolbar.dll [2013-09-21] (Total Defense, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-12] (Google Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKLM-x32 - Total Defense Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\toolbar\caIEToolbar.dll [2013-09-21] (Total Defense, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-12] (Google Inc.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2310646588-1305869816-1876807301-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-12] (Google Inc.)
DPF: HKLM-x32 {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck.qualys.com/qbc_ax.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()
Handler: WSWSVCUchrome - No CLSID Value
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\syen01\AppData\Roaming\Mozilla\Firefox\Profiles\dwzaj1yw.default
FF NewTab: https://us.search.yahoo.com/yhs/web?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_NT,205,0_0,NewTab,20141146,20031,0,IE11,6944
FF DefaultSearchEngine: Search Provided by Yahoo
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: user_pref("browser.startup.homepage","123.sogou.com/?21676");user_pref("extensions.enabledAddons", "%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0");
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-09] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll No File
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-01-31] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-01-31] (RealPlayer Cloud)
FF Plugin-x32: @sohu.com/npifox -> C:\Program Files (x86)\搜狐影音\npifox.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2310646588-1305869816-1876807301-1002: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File
FF SearchPlugin: C:\Users\syen01\AppData\Roaming\Mozilla\Firefox\Profiles\dwzaj1yw.default\searchplugins\Search Provided by Yahoo.xml [2015-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-22]
FF HKLM-x32\...\Firefox\Extensions: [caaphishtoolbar@ca.com] - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\Firefox
FF Extension: Total Defense Anti-Phishing Toolbar - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\Firefox [2013-11-03]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.0.0.52\coFFFw
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn [2015-05-13]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\syen01\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Pixlr Grabber  Screen capture image grabbing) - C:\Users\syen01\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn [2014-08-28]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]
CHR HKLM-x32\...\Chrome\Extension: [hpdpkkpdlooddakbebmkeeegehfjdnih] - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\GoogleChrome\td_aphish_toolbar.crx [2013-11-03]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5164328 2015-05-10] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-10-01] (Windows ® Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 CAAMSvc; C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\caamsvc.exe [313040 2013-11-03] (Total Defense, Inc.)
S3 CaCCProvSP; C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe [367112 2013-09-21] (Total Defense, Inc.)
R2 CAISafe; C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\isafe.exe [314888 2013-09-21] (Computer Associates International, Inc.)
R2 ccSchedulerSVC; C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe [288776 2013-09-21] (Total Defense, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
S3 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-09-13] (CyberLink)
S3 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2013-09-13] (CyberLink)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
S3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-12-03] (Freemake) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
S3 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
S3 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) [File not signed]
S3 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [361888 2012-07-25] (HP)
S3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 PCPitstop Scheduling; C:\Program Files (x86)\Total Defense\PCPitstopScheduleService.exe [91816 2011-12-16] (PC Pitstop LLC)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2015-01-31] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit)
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-10-17] (TOSHIBA CORPORATION)
R2 UmxEngine; C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe [920656 2011-04-04] (CA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WebUpdate4; C:\windows\SysWOW64\WebUpdateSvc4.exe [229592 2007-06-25] (Data Perceptions / PowerProgrammer)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S3 WinSvchostManagerSrv; C:\windows\SysWOW64\cfgmig32.exe [265736 2013-09-21] ()
S3 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 omaha; C:\Program Files (x86)\Wandoujia\Update\wandoujia_update.exe /svc [X]
S3 omaham; C:\Program Files (x86)\Wandoujia\Update\wandoujia_update.exe /medsvc [X]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4226560 2014-10-27] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-12] ()
S3 GENERICDRV; C:\Program Files (x86)\UEFI WinFlash\amifldrv64.sys [15640 2012-07-27] ()
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16896 2012-11-07] ()
R1 KmxAgent; C:\Windows\System32\DRIVERS\kmxagent.sys [113744 2011-10-26] (CA)
R0 KmxAMRT; C:\Windows\System32\DRIVERS\KmxAMRT.sys [182352 2011-10-27] (Total Defense)
R2 KmxCF; C:\Windows\System32\DRIVERS\KmxCF.sys [201936 2011-09-07] (CA)
R1 KmxCfg; C:\Windows\System32\DRIVERS\kmxcfg.sys [365136 2011-09-07] (CA)
R1 KmxFile; C:\Windows\System32\DRIVERS\KmxFile.sys [87120 2011-09-07] (CA)
R1 KmxFilter; C:\Windows\system32\DRIVERS\KmxFilter.sys [99024 2011-09-07] (CA)
R0 KmxFw; C:\Windows\System32\DRIVERS\kmxfw.sys [143824 2011-09-07] (CA)
R2 KmxSbx; C:\Windows\System32\DRIVERS\KmxSbx.sys [81488 2011-09-07] (CA)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-05-13] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2015-05-12] ()
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R1 usbcomp; C:\Windows\System32\Drivers\usbcomp.sys [409424 2015-05-05] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-09-13] (CyberLink Corp.)
S3 TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16345.222\TS888x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-12-07 00:07 - 2016-01-06 08:22 - 00000176 _____ () C:\Users\syen01\Desktop\cleanup.bat
2015-05-13 20:23 - 2015-05-13 20:23 - 00001246 _____ () C:\Users\Public\Desktop\Performance Center.lnk
2015-05-13 20:14 - 2015-05-13 20:24 - 00039075 _____ () C:\Users\syen01\Desktop\FRST.txt
2015-05-13 19:53 - 2015-05-13 19:53 - 00003356 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2310646588-1305869816-1876807301-1002
2015-05-13 19:49 - 2015-05-13 19:49 - 00001417 ____H () C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-13 19:39 - 2015-05-13 19:39 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2310646588-1305869816-1876807301-1002
2015-05-13 18:56 - 2015-05-13 20:24 - 00000000 ____D () C:\FRST
2015-05-13 18:30 - 2015-05-13 18:30 - 00003404 _____ () C:\Users\syen01\Desktop\JRT.txt
2015-05-13 18:16 - 2015-05-13 18:16 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-STY1-Windows-8.1-(64-bit).dat
2015-05-13 18:16 - 2015-05-13 18:16 - 00000000 ____D () C:\RegBackup
2015-05-13 18:12 - 2015-05-13 18:14 - 00003664 _____ () C:\Users\syen01\Desktop\Rkill.txt
2015-05-13 18:09 - 2015-05-13 18:09 - 02720307 _____ (Thisisu) C:\Users\syen01\Desktop\JRT.exe
2015-05-13 18:09 - 2015-05-13 18:09 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\syen01\Desktop\rkill.exe
2015-05-13 18:06 - 2015-05-13 18:07 - 02104832 _____ (Farbar) C:\Users\syen01\Desktop\FRST64.exe
2015-05-13 16:47 - 2015-05-13 19:37 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\frmdata
2015-05-13 16:47 - 2015-05-13 16:47 - 00000186 _____ () C:\Users\syen01\Desktop\¿áÒô´«ËÍ.URL
2015-05-13 16:47 - 2015-05-13 16:47 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\¿áÒô´«ËÍ
2015-05-13 16:47 - 2015-05-13 16:47 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\¿áÒô´«ËÍ
2015-05-13 16:46 - 2015-05-13 16:47 - 00000000 ____D () C:\Program Files (x86)\MTV20150510
2015-05-13 16:46 - 2015-05-13 16:46 - 00001043 _____ () C:\Users\Public\Desktop\ÃÀͼä¯ÀÀ.lnk
2015-05-13 16:46 - 2015-05-13 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÃÀͼä¯ÀÀ
2015-05-13 05:41 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 05:41 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:36 - 2015-05-13 04:38 - 00001628 _____ () C:\EamClean.log
2015-05-13 01:23 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-13 01:23 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-13 01:23 - 2015-04-24 17:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-13 01:23 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-13 01:23 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-13 01:23 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 01:23 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-13 01:23 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-13 01:23 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-13 01:23 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-13 01:23 - 2015-03-17 13:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-13 01:23 - 2015-03-12 20:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-13 01:23 - 2015-03-08 22:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-13 01:23 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-13 01:23 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-13 01:23 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 01:23 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-13 01:22 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-13 01:22 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-13 01:22 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-13 01:22 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-13 01:22 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-13 01:22 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-13 01:22 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-13 01:22 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-13 01:22 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-13 01:22 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-13 01:22 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-13 01:22 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-13 01:22 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-13 01:22 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-13 01:22 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-13 01:22 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-13 01:22 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-13 01:22 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-13 01:22 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-13 01:22 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 01:22 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-13 01:22 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-13 01:22 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-13 01:22 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-13 01:22 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-13 01:22 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-13 01:22 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-13 01:22 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-13 01:22 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-13 01:22 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-13 01:22 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-13 01:22 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-13 01:22 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-13 01:22 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-13 01:22 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-13 01:22 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-13 01:22 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-13 01:22 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-13 01:22 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-13 01:22 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-13 01:22 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-13 01:22 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-13 01:22 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-13 01:22 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-13 01:22 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-13 01:22 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 01:22 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-13 01:22 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-13 01:22 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-13 01:22 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-13 01:22 - 2015-03-13 00:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-13 01:22 - 2015-03-13 00:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-13 01:22 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-13 01:22 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-13 01:22 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-13 01:22 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-13 01:22 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-13 01:22 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-13 01:22 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-13 01:22 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-13 01:22 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-13 00:39 - 2015-05-13 00:39 - 00028984 _____ (Tencent) C:\WINDOWS\SysWOW64\Drivers\TS888x64.sys
2015-05-13 00:26 - 2015-05-13 03:52 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-05-13 00:26 - 2015-05-13 00:26 - 00087864 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
2015-05-13 00:24 - 2015-05-13 00:36 - 00000000 ____D () C:\Program Files (x86)\DongFangInput
2015-05-13 00:23 - 2015-05-13 00:28 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\ÓÎÏ·
2015-05-13 00:23 - 2015-05-13 00:28 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÍøÂçÓÎÏ·ÖÐÐÄ
2015-05-13 00:23 - 2015-05-13 00:23 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\游戏
2015-05-12 21:51 - 2015-05-12 21:51 - 00003322 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-05-12 21:50 - 2015-05-12 21:50 - 00000000 ____D () C:\sh4ldr
2015-05-12 21:49 - 2015-05-12 21:49 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-05-12 21:49 - 2015-05-12 21:49 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-05-12 21:25 - 2015-05-12 21:25 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-05-12 21:07 - 2015-05-12 21:07 - 00001118 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-05-12 21:07 - 2015-05-12 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-05-12 21:07 - 2015-03-24 00:17 - 00135800 _____ (Emsisoft GmbH) C:\WINDOWS\system32\Drivers\epp64.sys
2015-05-12 20:52 - 2015-05-13 20:18 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-05-12 20:48 - 2015-05-12 20:50 - 162680144 _____ (Emsisoft Ltd. ) C:\Users\syen01\Downloads\EmsisoftAntiMalwareSetup.exe
2015-05-12 20:36 - 2015-05-12 20:36 - 02209792 _____ () C:\Users\syen01\Downloads\adwcleaner_4.204.exe
2015-05-12 20:33 - 2015-05-12 20:33 - 00000000 ____D () C:\Program Files\HitmanPro
2015-05-12 19:35 - 2015-05-12 19:35 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\syen01\Downloads\tdsskiller.exe
2015-05-12 03:03 - 2015-05-13 20:25 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\LockIE
2015-05-12 03:03 - 2015-05-13 19:52 - 00000000 ____D () C:\WINDOWS\LockIE
2015-05-12 02:58 - 2015-05-13 19:52 - 00002788 _____ () C:\WINDOWS\NvConfig.dat
2015-05-12 02:52 - 2015-05-12 03:36 - 00000000 ____D () C:\Users\syen01\AppData\Local\bfcloud
2015-05-12 02:51 - 2015-05-13 19:56 - 00000396 _____ () C:\WINDOWS\Tasks\WandoujiaUpdateTaskMachineUA.job
2015-05-12 02:51 - 2015-05-13 19:49 - 00000392 _____ () C:\WINDOWS\Tasks\WandoujiaUpdateTaskMachineCore.job
2015-05-12 02:51 - 2015-05-12 03:18 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\Wandoujia2
2015-05-12 02:51 - 2015-05-12 02:51 - 00003266 _____ () C:\WINDOWS\System32\Tasks\WandoujiaUpdateTaskMachineUA
2015-05-12 02:51 - 2015-05-12 02:51 - 00003030 _____ () C:\WINDOWS\System32\Tasks\WandoujiaUpdateTaskMachineCore
2015-05-12 02:51 - 2015-05-12 02:51 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\WandoujiaUsbDriver
2015-05-12 02:51 - 2015-05-12 02:51 - 00000000 ____D () C:\Users\syen01\AppData\Local\Wandoujia2
2015-05-12 02:51 - 2015-05-12 02:51 - 00000000 ____D () C:\Users\syen01\AppData\Local\Wandoujia
2015-05-12 02:49 - 2015-05-12 03:48 - 00000000 ____D () C:\Program Files (x86)\bfcmpa
2015-05-12 02:49 - 2015-05-12 02:49 - 00000053 _____ () C:\WINDOWS\nvse.dat
2015-05-12 02:49 - 2015-05-12 02:49 - 00000000 ____D () C:\Users\syen01\AppData\Local\MiLai
2015-05-12 02:49 - 2015-05-05 04:23 - 00409424 _____ () C:\WINDOWS\system32\Drivers\usbcomp.sys
2015-05-12 02:48 - 2015-05-12 02:54 - 00000000 ____D () C:\Users\syen01\Documents\搜狐影音
2015-05-12 02:48 - 2015-05-12 02:48 - 00000000 ____D () C:\Users\syen01\Documents\ËѺüÓ°Òô
2015-05-12 02:48 - 2015-05-12 02:48 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\PushApp
2015-05-12 02:48 - 2015-05-12 02:48 - 00000000 ____D () C:\Users\syen01\AppData\Local\Temp尰
2015-05-10 01:58 - 2015-05-10 01:58 - 00000000 ____D () C:\ProgramData\COMODO
2015-05-10 01:57 - 2015-05-10 01:57 - 00001309 _____ () C:\Users\Public\Desktop\Free PDF Splitter.lnk
2015-05-10 01:57 - 2015-05-10 01:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF Splitter
2015-05-10 01:57 - 2015-05-10 01:57 - 00000000 ____D () C:\Program Files\COMODO
2015-05-10 01:57 - 2015-05-10 01:57 - 00000000 ____D () C:\Program Files (x86)\Free PDF Solutions
2015-05-10 01:56 - 2015-05-13 19:56 - 00000342 _____ () C:\WINDOWS\Tasks\Chromium.job
2015-05-10 01:56 - 2015-05-10 01:56 - 00002680 _____ () C:\WINDOWS\System32\Tasks\Chromium
2015-05-10 01:56 - 2015-05-10 01:56 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\Free PDF Solutions
2015-05-10 01:55 - 2015-05-12 05:32 - 00000000 ____D () C:\Users\syen01\AppData\Local\Chromium
2015-05-10 01:53 - 2015-05-10 01:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-05-09 22:28 - 2015-05-09 22:28 - 00000000 ____D () C:\ado
2015-05-05 16:16 - 2015-05-05 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-04-24 11:41 - 2015-04-24 11:41 - 00000000 ____D () C:\Users\syen01\AppData\Local\PCTeX
2015-04-24 11:40 - 2015-04-24 11:40 - 00000000 ____D () C:\Users\syen01\Documents\My PCTeX Files
2015-04-14 16:18 - 2015-03-23 17:59 - 07476032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-14 16:18 - 2015-03-23 17:59 - 01733952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-14 16:18 - 2015-03-23 17:59 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-04-14 16:18 - 2015-03-23 17:58 - 01498872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-14 16:18 - 2015-03-23 17:45 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-04-14 16:18 - 2015-03-20 00:12 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-04-14 16:18 - 2015-03-20 00:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-04-14 16:18 - 2015-03-20 00:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-04-14 16:18 - 2015-03-19 23:17 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-04-14 16:18 - 2015-03-19 22:41 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-04-14 16:18 - 2015-03-19 22:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-04-14 16:18 - 2015-03-19 22:16 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-04-14 16:18 - 2015-03-14 04:20 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-14 16:18 - 2015-03-14 04:13 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-14 16:18 - 2015-03-12 22:58 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-14 16:18 - 2015-03-12 22:37 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-14 16:18 - 2015-02-24 04:32 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-14 16:18 - 2015-02-20 19:49 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-14 16:17 - 2015-03-22 18:45 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-14 16:17 - 2015-03-22 18:09 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-14 16:17 - 2015-03-22 18:09 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-14 16:17 - 2015-03-22 18:09 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-14 16:17 - 2015-03-22 18:09 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-14 16:17 - 2015-03-22 18:09 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-14 16:17 - 2015-03-22 18:09 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-14 16:17 - 2015-03-14 04:54 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-14 16:17 - 2015-03-13 21:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-14 16:17 - 2015-03-13 21:56 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-14 16:17 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-04-14 16:17 - 2015-03-13 21:37 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-14 16:17 - 2015-03-13 21:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-14 16:17 - 2015-03-13 20:22 - 03678720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-14 16:17 - 2015-03-13 20:12 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-14 16:17 - 2015-03-13 20:12 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-14 16:17 - 2015-03-13 20:09 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-14 16:17 - 2015-03-13 20:08 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-14 16:17 - 2015-03-13 20:08 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-14 16:17 - 2015-03-13 20:06 - 02373632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-14 16:17 - 2015-03-13 20:06 - 00891392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-14 16:17 - 2015-03-13 20:02 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-14 16:17 - 2015-03-13 20:02 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-14 16:17 - 2015-03-13 19:59 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-14 16:17 - 2015-03-13 19:59 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-14 16:17 - 2015-03-04 06:25 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-14 16:17 - 2015-03-03 23:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-14 16:17 - 2015-03-03 22:19 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-14 13:40 - 2015-04-14 13:40 - 00001736 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-14 13:40 - 2015-04-14 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-14 13:40 - 2015-04-14 13:40 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-14 13:40 - 2015-04-14 13:40 - 00000000 ____D () C:\Program Files\iTunes
2015-04-14 13:40 - 2015-04-14 13:40 - 00000000 ____D () C:\Program Files\iPod
2015-04-14 13:40 - 2015-04-14 13:40 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-13 23:23 - 2015-04-13 23:23 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\pdf995
2015-04-13 23:22 - 2015-05-12 19:26 - 00000000 ____D () C:\ProgramData\pdf995
2015-04-13 23:22 - 2015-04-13 23:22 - 00040448 _____ () C:\WINDOWS\SysWOW64\pdf995mon64.dll
2015-04-13 23:22 - 2015-04-13 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software995
2015-04-13 23:22 - 2012-06-07 10:29 - 02266624 _____ (TODO: <Company name>) C:\WINDOWS\system32\pdfmona64.dll
2015-04-13 23:22 - 2012-04-26 15:51 - 00040448 _____ () C:\WINDOWS\system32\pdf995mon64.dll
2015-04-13 23:22 - 2007-08-24 11:13 - 00000142 _____ () C:\WINDOWS\wpd99.drv
2015-04-13 23:22 - 2005-06-30 15:29 - 00011264 _____ () C:\WINDOWS\system32\pdf995mon64ui.dll
2015-04-13 22:08 - 2015-05-04 12:42 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\TaxCut
2015-04-13 22:08 - 2015-04-13 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2014
2015-04-13 22:08 - 2015-04-13 22:08 - 00002060 _____ () C:\Users\Public\Desktop\H&R Block 2014.lnk
2015-04-13 22:07 - 2015-04-13 23:22 - 00000000 ____D () C:\Program Files (x86)\PDF995
2015-04-13 22:07 - 2015-04-13 22:08 - 00000000 ____D () C:\Program Files (x86)\HRBlock2014
2015-04-13 22:06 - 2015-04-13 22:06 - 00000000 ____D () C:\ProgramData\TaxCut

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-13 20:23 - 2013-11-02 20:46 - 00000000 ____D () C:\Users\syen01\AppData\Local\CrashDumps
2015-05-13 20:15 - 2013-11-20 09:11 - 01427706 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-13 20:14 - 2014-08-19 01:53 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{57113DAC-B451-48EE-8D46-73F27B79F834}
2015-05-13 20:02 - 2013-11-03 10:07 - 00004962 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for STY1-syen01 STY1
2015-05-13 20:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-13 19:56 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-05-13 19:55 - 2013-11-02 20:26 - 00000000 __RDO () C:\Users\syen01\SkyDrive
2015-05-13 19:53 - 2014-04-01 17:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-13 19:53 - 2013-11-02 21:28 - 00000000 ___RD () C:\Users\syen01\Dropbox
2015-05-13 19:52 - 2013-11-02 21:28 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\Dropbox
2015-05-13 19:51 - 2013-11-03 03:09 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\Skype
2015-05-13 19:50 - 2014-08-17 03:02 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-13 19:48 - 2014-08-14 00:50 - 00023280 _____ () C:\WINDOWS\setupact.log
2015-05-13 19:47 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-13 19:45 - 2013-11-03 23:14 - 08307171 _____ () C:\WINDOWS\system32\Drivers\kmxcfg.u2k0
2015-05-13 19:45 - 2013-11-03 23:14 - 00980460 _____ () C:\WINDOWS\system32\Drivers\KmxAgent.asc
2015-05-13 19:45 - 2013-11-03 23:14 - 00000471 _____ () C:\WINDOWS\system32\Drivers\kmxzone.u2k0
2015-05-13 19:45 - 2013-11-03 23:14 - 00000085 _____ () C:\WINDOWS\system32\Drivers\kmxcfg.u2k7
2015-05-13 19:45 - 2013-11-03 23:14 - 00000085 _____ () C:\WINDOWS\system32\Drivers\kmxcfg.u2k6
2015-05-13 19:45 - 2013-11-03 23:14 - 00000085 _____ () C:\WINDOWS\system32\Drivers\kmxcfg.u2k5
2015-05-13 19:45 - 2013-11-03 23:14 - 00000085 _____ () C:\WINDOWS\system32\Drivers\kmxcfg.u2k4
2015-05-13 19:45 - 2013-11-03 23:14 - 00000085 _____ () C:\WINDOWS\system32\Drivers\kmxcfg.u2k3
2015-05-13 19:45 - 2013-11-03 23:14 - 00000085 _____ () C:\WINDOWS\system32\Drivers\kmxcfg.u2k2
2015-05-13 19:45 - 2013-11-03 23:14 - 00000085 _____ () C:\WINDOWS\system32\Drivers\kmxcfg.u2k1
2015-05-13 19:45 - 2013-11-03 23:14 - 00000049 _____ () C:\WINDOWS\system32\Drivers\kmxzone.u2k7
2015-05-13 19:45 - 2013-11-03 23:14 - 00000049 _____ () C:\WINDOWS\system32\Drivers\kmxzone.u2k6
2015-05-13 19:45 - 2013-11-03 23:14 - 00000049 _____ () C:\WINDOWS\system32\Drivers\kmxzone.u2k5
2015-05-13 19:45 - 2013-11-03 23:14 - 00000049 _____ () C:\WINDOWS\system32\Drivers\kmxzone.u2k4
2015-05-13 19:45 - 2013-11-03 23:14 - 00000049 _____ () C:\WINDOWS\system32\Drivers\kmxzone.u2k3
2015-05-13 19:45 - 2013-11-03 23:14 - 00000049 _____ () C:\WINDOWS\system32\Drivers\kmxzone.u2k2
2015-05-13 19:45 - 2013-11-03 23:14 - 00000049 _____ () C:\WINDOWS\system32\Drivers\kmxzone.u2k1
2015-05-13 19:43 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-13 19:36 - 2014-02-20 08:55 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2310646588-1305869816-1876807301-1002
2015-05-13 19:33 - 2013-11-02 18:41 - 00000000 ____D () C:\Users\syen01\AppData\Local\Packages
2015-05-13 19:31 - 2013-11-03 02:25 - 00000000 ____D () C:\ProgramData\PCPitstop
2015-05-13 18:46 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-13 16:58 - 2014-08-16 19:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-13 15:51 - 2013-11-02 21:07 - 00000000 ____D () C:\Temp
2015-05-13 15:10 - 2014-08-18 15:13 - 00000418 ____H () C:\WINDOWS\Tasks\Norton Security Scan for syen01.job
2015-05-13 10:44 - 2014-08-19 01:21 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-13 10:37 - 2014-07-29 16:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 10:37 - 2014-07-29 16:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 10:37 - 2013-08-22 10:44 - 00473968 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 10:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-13 10:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-13 05:32 - 2013-11-03 22:14 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-13 05:32 - 2013-11-03 22:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-13 05:24 - 2014-07-29 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 05:15 - 2013-09-29 23:51 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 04:36 - 2014-09-01 20:24 - 00000000 ____D () C:\AdwCleaner
2015-05-13 04:00 - 2014-08-14 01:41 - 01133012 _____ () C:\WINDOWS\PFRO.log
2015-05-13 03:55 - 2013-05-06 03:00 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-13 00:40 - 2013-11-02 18:42 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-05-13 00:35 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-12 21:51 - 2013-11-20 09:03 - 00000000 ____D () C:\Users\syen01
2015-05-12 21:28 - 2013-12-05 21:22 - 00000000 ____D () C:\Users\syen01\AppData\Local\SlimWare Utilities Inc
2015-05-12 18:02 - 2013-12-05 21:22 - 00016152 _____ () C:\WINDOWS\system32\Drivers\SWDUMon.sys
2015-05-11 16:36 - 2014-08-11 05:32 - 00001078 _____ () C:\Users\syen01\Desktop\Dropbox.lnk
2015-05-11 16:36 - 2014-08-11 05:31 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-10 02:23 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-10 00:22 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-09 22:07 - 2013-11-03 03:09 - 00000000 ____D () C:\ProgramData\Skype
2015-05-05 13:59 - 2015-03-12 10:40 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 13:59 - 2015-03-12 10:40 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-02 21:34 - 2014-09-03 20:50 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-27 17:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-04-19 23:01 - 2013-11-02 18:43 - 00000000 ____D () C:\Users\syen01\AppData\Local\Toshiba
2015-04-17 18:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-17 04:12 - 2014-12-10 03:48 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-17 04:12 - 2014-07-09 18:16 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-14 13:40 - 2014-03-11 13:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-14 12:53 - 2014-04-01 17:47 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2014-08-17 21:41 - 2014-08-17 21:42 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2014-06-02 18:23 - 2014-10-25 07:16 - 0000098 _____ () C:\Users\syen01\AppData\Roaming\WB.CFG
2015-01-13 00:50 - 2015-01-13 00:50 - 0003584 _____ () C:\Users\syen01\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-01 15:43 - 2014-06-18 05:51 - 0007605 _____ () C:\Users\syen01\AppData\Local\Resmon.ResmonCfg
2013-11-03 02:20 - 2013-11-16 17:39 - 0000262 _____ () C:\ProgramData\LastUpdate.xml
2014-04-12 12:38 - 2014-04-13 00:05 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-11-02 21:17 - 2013-11-04 12:54 - 0002225 _____ () C:\ProgramData\NLOGIT 5.lnk
2014-08-17 04:14 - 2014-08-17 04:12 - 5338896 _____ (PC Cleaners) C:\ProgramData\pclunst.exe
2014-03-03 02:09 - 2014-09-29 23:21 - 0001534 _____ () C:\ProgramData\ss.ini
2014-07-05 04:32 - 2014-07-05 04:34 - 0000056 _____ () C:\ProgramData\TMSetp2.dbf

Files to move or delete:
====================
C:\ProgramData\pclunst.exe


Some content of TEMP:
====================
C:\Users\abc\AppData\Local\Temp\wruninstall.exe
C:\Users\syen01\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmdkrrv.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-13 17:10

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:21 PM

Posted 17 May 2015 - 10:57 AM

hi,

 

Iam shelf life and will try to help you. Iam only on this site once or twice per day. More on the weekends. Replies may not be on the same day.

 

Look in Firefox; Tools>addons>plugins and disable anything labeled as: 123.sogou.com. Is chrome compromised also?

 

Do you know what this is? Did you install it?:

HKLM-x32\...\Run: [bfcloud] => "C:\Program Files (x86)\bfcloud\bfcloader.exe" "wins"

 

It dosnt appear in your add/remove programs list. If you dont know you can manually delete the entire folder from Program files or we can use a FRST script to remove it.


How Can I Reduce My Risk to Malware?


#3 syen

syen
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Knoxville, Tennessee
  • Local time:10:21 PM

Posted 17 May 2015 - 08:26 PM

Hi

I cleaned up Tools->addons->plugins and disable a few unfameliar things, manually removed some directories in c:\ and c:\program files (x86) and c:\program files. I also ran Emsisoft Anti-Malware, Spybot-S&D, and Malwarebytes Anti-Malware once each. That got rid of all pop-ups at start-up. But I did not find 123.sogou.com in Tools->addons->plugins and did not find it anywhere. It seemed to survive all scrutiny.

As of now, (1) no pop-up's at start-up; (2) 123.sogou.com continues to run as Firefox's starting page and resetting the homepage did not help.

 

I do not use/run chrome.

 

Internet Explorer has remained unresponsive. I ran Firefox only because i.e. did not work, and I am particularly interested in getting i.e. to run again. Perhaps related, some of my recently downloaded .mp4 files do not run (codedec issue). Thanks.



#4 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:21 PM

Posted 18 May 2015 - 05:20 PM

ok Thanks for the info. Lets run this FRST script and we will go from there;

 

Copy/paste whats below in the code box into notepad. Save it as fixlist.txt in the same location that you have FRST.

 

Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
 The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

System may reboot also to finish.

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM-x32\...\Run: [bfcloud] => "C:\Program Files (x86)\bfcloud\bfcloader.exe" "wins"
HKLM-x32\...\Run: [] => [X]
2014-03-03 02:09 - 2014-09-29 23:21 - 0001534 _____ () C:\ProgramData\ss.ini
2014-07-05 04:32 - 2014-07-05 04:34 - 0000056 _____ () C:\ProgramData\TMSetp2.dbf
2014-08-17 04:14 - 2014-08-17 04:12 - 5338896 _____ (PC Cleaners) C:\ProgramData\pclunst.exe
2015-01-13 00:50 - 2015-01-13 00:50 - 0003584 _____ () C:\Users\syen01\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-02 18:23 - 2014-10-25 07:16 - 0000098 _____ () C:\Users\syen01\AppData\Roaming\WB.CFG
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2310646588-1305869816-1876807301-1002 -> {0C4B3353-D1AD-465A-949C-B38FE17F011B} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =   
  

For IE you can backup your bookmarks, then reset IE back to its defaults;

Tools>Internet Options> Advanced Tab> Reset button and click to delete personal settings also. Apply, Ok

 

Download and run AdwCleaner and JRT also:

 

 

Please download adwcleaner and save to your desktop.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Right click AdwCleaner.exe and select "run as admin"
    Accept the disclaimer
    Click on the Scan button.
    Once the scan is done, Click the Clean button
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder.
 
==========================================================
     Please download Junkware Removal Tool to your desktop.

     http://thisisudax.org/downloads/JRT.exe

    Shutdown your antivirus to avoid any conflicts.
    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message
 

 

 

 

 

 

 

 

 

 

 


How Can I Reduce My Risk to Malware?


#5 syen

syen
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Knoxville, Tennessee
  • Local time:10:21 PM

Posted 18 May 2015 - 10:15 PM

Hi

I paste all the .txt files below as suggested. I have not fixed the Internet Explorer as suggested as it is not even running (unresponsive when I click the i.e. icon).

Thanks.

 

---

File: fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02
Ran by syen01 at 2015-05-18 22:24:41 Run:1
Running from C:\Users\syen01\Desktop
Loaded Profiles: syen01 & abc (Available profiles: syen01 & abc)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM-x32\...\Run: [bfcloud] => "C:\Program Files (x86)\bfcloud\bfcloader.exe" "wins"
HKLM-x32\...\Run: [] => [X]
2014-03-03 02:09 - 2014-09-29 23:21 - 0001534 _____ () C:\ProgramData\ss.ini
2014-07-05 04:32 - 2014-07-05 04:34 - 0000056 _____ () C:\ProgramData\TMSetp2.dbf
2014-08-17 04:14 - 2014-08-17 04:12 - 5338896 _____ (PC Cleaners) C:\ProgramData\pclunst.exe
2015-01-13 00:50 - 2015-01-13 00:50 - 0003584 _____ () C:\Users\syen01\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-02 18:23 - 2014-10-25 07:16 - 0000098 _____ () C:\Users\syen01\AppData\Roaming\WB.CFG
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2310646588-1305869816-1876807301-1002 -> {0C4B3353-D1AD-465A-949C-B38FE17F011B} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\bfcloud => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\ProgramData\ss.ini => Moved successfully.
C:\ProgramData\TMSetp2.dbf => Moved successfully.
C:\ProgramData\pclunst.exe => Moved successfully.
C:\Users\syen01\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Users\syen01\AppData\Roaming\WB.CFG => Moved successfully.
"HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0C4B3353-D1AD-465A-949C-B38FE17F011B}" => Key deleted successfully.
HKCR\CLSID\{0C4B3353-D1AD-465A-949C-B38FE17F011B} => Key not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.


The system needed a reboot.

==== End of Fixlog 22:24:57 ====

AdwCleaner[S4].txt

# AdwCleaner v4.204 - Logfile created 18/05/2015 at 22:40:24
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : syen01 - STY1
# Running from : C:\Users\syen01\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\syen01\Favorites\StumbleUpon
Folder Deleted : C:\Users\syen01\AppData\LocalLow\baidu
Folder Deleted : C:\Users\syen01\AppData\Roaming\IQIYI Video

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E6F928E4-B672-4F3A-8CA2-53C4259235DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB4F6285-4C32-49F2-950F-A5998F9CEC6C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D96C1D26-5CDF-4506-9244-57233C3984DF}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E6A8DA1-1731-465B-B036-B9E16EF26CAC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2E6A8DA1-2731-465B-B036-B9E16EF26CAC}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v31.0 (x86 en-US)


-\\ Google Chrome v


-\\ Chromium v44.0.2386.0


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R0].txt - [8817 bytes] - [01/09/2014 20:24:31]
AdwCleaner[R1].txt - [13512 bytes] - [22/01/2015 15:46:35]
AdwCleaner[R2].txt - [7396 bytes] - [12/05/2015 20:37:42]
AdwCleaner[R3].txt - [3299 bytes] - [13/05/2015 04:33:30]
AdwCleaner[R4].txt - [3087 bytes] - [18/05/2015 22:37:38]
AdwCleaner[S0].txt - [8089 bytes] - [01/09/2014 20:25:47]
AdwCleaner[S1].txt - [12673 bytes] - [22/01/2015 15:49:07]
AdwCleaner[S2].txt - [7419 bytes] - [12/05/2015 20:39:46]
AdwCleaner[S3].txt - [3399 bytes] - [13/05/2015 04:35:43]
AdwCleaner[S4].txt - [2978 bytes] - [18/05/2015 22:40:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [3037  bytes] ##########


File: JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.3 (05.18.2015:1)
OS: Windows 8.1 x64
Ran by syen01 on Mon 05/18/2015 at 22:51:49.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] omaha
Successfully deleted: [Service] omaha
Successfully stopped: [Service] omaham
Successfully deleted: [Service] omaham



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2310646588-1305869816-1876807301-1002
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\WandoujiaUpdateTaskMachineCore
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\WandoujiaUpdateTaskMachineUA
Successfully deleted: [Task] C:\WINDOWS\tasks\WandoujiaUpdateTaskMachineCore.job
Successfully deleted: [Task] C:\WINDOWS\tasks\WandoujiaUpdateTaskMachineUA.job



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\bfcmpasrv
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\frmplayer
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2310646588-1305869816-1876807301-1002\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\syen01\appdata\local\bfcloud
Successfully deleted: [Folder] C:\Users\syen01\appdata\local\wandoujia
Successfully deleted: [Folder] C:\Users\syen01\appdata\local\wandoujia2
Successfully deleted: [Folder] C:\Users\syen01\AppData\Roaming\pushapp
Successfully deleted: [Folder] C:\Users\syen01\AppData\Roaming\wandoujia2



~~~ FireFox

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@sohu.com/npifox





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/18/2015 at 23:06:58.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:21 PM

Posted 19 May 2015 - 05:05 PM

Looks like those two removed alot of items. See if you can find IE in its location here:

 

C:\Program Files\Internet Explorer\iexplore.exe

 

You can probably find it using the search window also. If you can find it just double click the IE icon and see if it launches ok like that. Maybe the icon your clicking as lost its locaton.

You might also be able to get to it if you start typing Internet Explorer in the Control/Settings panel. You might see options to change things that would launch IE, then just go to the Advanced tab>Reset.

Sorry not very familiar with W8.


How Can I Reduce My Risk to Malware?


#7 syen

syen
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Knoxville, Tennessee
  • Local time:10:21 PM

Posted 19 May 2015 - 08:40 PM

Thanks. I found both

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

Neither one is active (clicking it does not run i.e.)

I also turn the Internet Explorer Feature off (restart) and then back on (restart).

That did not wake it up either.

Thanks.



#8 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:21 PM

Posted 20 May 2015 - 04:30 PM

no luck. Click the Windows key + R. The windows key is the one that has the windows looking icon.

In the window type in:   inetcpl.cpl   click enter and see if IE launches the properties windows.


How Can I Reduce My Risk to Malware?


#9 syen

syen
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Knoxville, Tennessee
  • Local time:10:21 PM

Posted 20 May 2015 - 11:30 PM

Running "inetcpl.cpl" did open up did launch the i.e. properties windows. I click Advanced as suggested and clicked "reset". Did not work. After restart, I repeat and also ticked the "delete personal setting" checkbox. Still did not wake up i.e.

Thanks.



#10 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:21 PM

Posted 21 May 2015 - 04:49 PM

ok. No luck there either. Follow the link below to see if Windows built in troubleshooter can fix it:

 

http://winaero.com/blog/internet-explorer-11-does-not-open-in-windows-8-1/


How Can I Reduce My Risk to Malware?


#11 syen

syen
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Knoxville, Tennessee
  • Local time:10:21 PM

Posted 22 May 2015 - 01:21 AM

No. Running msdt.exe -id IEBrowseWebDiagnostic

did not fix it.

Running i.e. without add-on, I could not start i.e. at all.

Finally, Miscrsoft's Fix It, message says Microsoft fix it does not apply to your operating system or application version.



#12 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:21 PM

Posted 22 May 2015 - 07:34 AM

Just to see if anything has changed, run FRST again like you did the very first time to get a new log. Post the log.

Try turning IE off, then back "on". Its easy to do so may as well try it.  Its method 5 of 6, near the bottom of this web page:

 

http://www.wikihow.com/Repair-Internet-Explorer#Disabling_Internet_Explorer_.28Windows_8.29_sub


How Can I Reduce My Risk to Malware?


#13 syen

syen
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Knoxville, Tennessee
  • Local time:10:21 PM

Posted 22 May 2015 - 08:53 AM

Good Morning. I must have turned IE off and on 4-5 times now but this time it works! IE is now back on. Thanks.

Firefox continues to start the page with sogou.com so let's continue to see if this gets resolved.  FRST log is paste below:

---

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015
Ran by syen01 (administrator) on STY1 on 22-05-2015 09:47:19
Running from C:\Users\syen01\Desktop
Loaded Profiles: syen01 (Available profiles: syen01 & abc)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\CAAMSvc.exe
(Computer Associates International, Inc.) C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\isafe.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PC Pitstop LLC) C:\Program Files (x86)\Total Defense\PCPitstopScheduleService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(CA) C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Total Defense, Inc.) C:\Program Files\Total Defense\Internet Security Suite\ccEvtMgr.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Dropbox, Inc.) C:\Users\syen01\AppData\Roaming\Dropbox\bin\Dropbox.exe
(QUALCOMM Incorporated) C:\Program Files (x86)\Qualcomm\Eudora\Eudora.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Karen Kenworthy) C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-04] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM-x32\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [cctray] => C:\Program Files\Total Defense\Internet Security Suite\casc.exe [2733576 2013-09-21] (Total Defense, Inc.)
HKLM-x32\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [391128 2013-11-04] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe [771032 2013-11-04] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe [770008 2013-11-04] (Intel Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-04-19] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-08-05] (Wondershare)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-10-15] (Hewlett-Packard Company)
HKLM-x32\...\Run: [PowerDVD13Agent] => C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [517144 2013-09-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Total Defense PC Tuneup Reminder] => C:\Program Files (x86)\Total Defense\PC Tune-Up\Reminder-PCTuneup.exe [325288 2011-12-16] (PC Pitstop LLC)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2015-01-31] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4923832 2015-05-10] (Emsisoft Ltd)
HKLM-x32\...\Run: [MTview] => C:\Program Files (x86)\MTV20150510\MTView.exe -mini
HKLM-x32\...\Run: [LOLAlbum] => C:\Users\syen01\AppData\Roaming\LOLAlbum\LOLAlbum.exe /start
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\PFW-x32: UmxWnp.Dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-11-02] (Google Inc.)
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-14] (SUPERAntiSpyware)
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\...\Run: [OneDrive] => C:\Users\syen01\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-13] (Microsoft Corporation)
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\...\MountPoints2: {889802b8-58d9-11e3-be9f-48d224606871} - "J:\SISetup.exe"
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156256 2013-12-23] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2015-01-31]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk [2014-03-31]
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\(749)X_mp4_Downloader.lnk [2015-04-17]
ShortcutTarget: (749)X_mp4_Downloader.lnk -> C:\ProgramData\{ee518c91-123f-fe25-ee51-18c911233244}\(749)X_mp4_Downloader.exe (No File)
Startup: C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\syen01\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eudora.lnk [2013-11-03]
ShortcutTarget: Eudora.lnk -> C:\Program Files (x86)\Qualcomm\Eudora\Eudora.exe (QUALCOMM Incorporated)
Startup: C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Replicator.lnk [2013-11-22]
ShortcutTarget: Replicator.lnk -> C:\Program Files (x86)\Karen's Power Tools\Replicator\PTReplicator.exe (Karen Kenworthy)
Startup: C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-06-28]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk [2014-06-29]
ShortcutTarget: Skype.lnk -> C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe ()
Startup: C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk [2014-02-18]
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Total Defense Security Center.lnk [2013-11-22]
ShortcutTarget: Total Defense Security Center.lnk -> C:\Program Files\Total Defense\Internet Security Suite\casc.exe (Total Defense, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\syen01\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\syen01\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\syen01\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\syen01\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\syen01\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\syen01\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\syen01\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\syen01\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.toshiba.com?cid=J13
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKU\S-1-5-21-2310646588-1305869816-1876807301-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2310646588-1305869816-1876807301-1002 -> {0C4B3353-D1AD-465A-949C-B38FE17F011B} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Total Defense Anti-Phishing Toolbar Helper -> {45011CF5-E4A9-4F13-9093-F30A784EB9B2} -> C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\toolbar\caIEToolbar.dll [2013-09-21] (Total Defense, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-12] (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Í㶹¼Ô apk °²×°Æ÷ -> {000DA090-57AA-424B-A8F0-621B7C08B8F4} -> C:\Program Files (x86)\WandouLabs\wandoujia_bho32.dll No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO-x32: Total Defense Anti-Phishing Toolbar Helper -> {45011CF5-E4A9-4F13-9093-F30A784EB9B2} -> C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\toolbar\caIEToolbar.dll [2013-09-21] (Total Defense, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-09] (Oracle Corporation)
BHO-x32: Qualys BrowserCheck IE Helper -> {7D2FB79E-E58C-4DB5-A36F-AC1C73967FA5} -> C:\Windows\Downloaded Program Files\qbc_bho.dll [2013-12-03] (Qualys, Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-12] (Google Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-09] (Oracle Corporation)
Toolbar: HKLM - Total Defense Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\toolbar\caIEToolbar.dll [2013-09-21] (Total Defense, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-12] (Google Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKLM-x32 - Total Defense Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\toolbar\caIEToolbar.dll [2013-09-21] (Total Defense, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-12-12] (Google Inc.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2310646588-1305869816-1876807301-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2013-12-12] (Google Inc.)
DPF: HKLM-x32 {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck.qualys.com/qbc_ax.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()
Handler: WSWSVCUchrome - No CLSID Value
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\syen01\AppData\Roaming\Mozilla\Firefox\Profiles\dwzaj1yw.default
FF NewTab: https://us.search.yahoo.com/yhs/web?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_NT,205,0_0,NewTab,20141146,20031,0,IE11,6944
FF SearchEngineOrder.3: Bing
FF Homepage: 123.sogou.com/?21676
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @iqiyi.com/npWebPlayer -> D:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @iqiyi.com/npWebPlayer -> D:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-09] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll No File
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll No File
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-01-31] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-01-31] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2310646588-1305869816-1876807301-1002: @iqiyi.com/npWebPlayer -> D:\IQIYI Video\LStyle\npWebPlayer.dll No File
FF Plugin HKU\S-1-5-21-2310646588-1305869816-1876807301-1002: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File
FF SearchPlugin: C:\Users\syen01\AppData\Roaming\Mozilla\Firefox\Profiles\dwzaj1yw.default\searchplugins\Search Provided by Yahoo.xml [2015-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-22]
FF HKLM-x32\...\Firefox\Extensions: [caaphishtoolbar@ca.com] - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\Firefox
FF Extension: Total Defense Anti-Phishing Toolbar - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\Firefox [2013-11-03]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_3.0.0.52\coFFFw
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn [2015-05-22]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\syen01\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]
CHR HKLM-x32\...\Chrome\Extension: [hpdpkkpdlooddakbebmkeeegehfjdnih] - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\GoogleChrome\td_aphish_toolbar.crx [2013-11-03]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5164328 2015-05-10] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-10-01] (Windows ® Win 7 DDK provider) []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 CAAMSvc; C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\caamsvc.exe [313040 2013-11-03] (Total Defense, Inc.)
R3 CaCCProvSP; C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe [367112 2013-09-21] (Total Defense, Inc.)
R2 CAISafe; C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\isafe.exe [314888 2013-09-21] (Computer Associates International, Inc.)
R2 ccSchedulerSVC; C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe [288776 2013-09-21] (Total Defense, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S3 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-09-13] (CyberLink)
S3 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [327432 2013-09-13] (CyberLink)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1429504 2015-03-04] (Microsoft Corporation)
S3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-12-03] (Freemake) []
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
S3 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
S3 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-10-15] (HP) []
S3 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [361888 2012-07-25] (HP)
S3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) []
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
S3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2152736 2014-05-04] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 PCPitstop Scheduling; C:\Program Files (x86)\Total Defense\PCPitstopScheduleService.exe [91816 2011-12-16] (PC Pitstop LLC)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2015-01-31] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) []
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit)
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-10-17] (TOSHIBA CORPORATION)
R2 UmxEngine; C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe [920656 2011-04-04] (CA)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-05-22] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2015-05-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WebUpdate4; C:\windows\SysWOW64\WebUpdateSvc4.exe [229592 2007-06-25] (Data Perceptions / PowerProgrammer)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S3 WinSvchostManagerSrv; C:\windows\SysWOW64\cfgmig32.exe [265736 2013-09-21] ()
S3 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4226560 2014-10-27] (Qualcomm Atheros Communications, Inc.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-12] ()
S3 GENERICDRV; C:\Program Files (x86)\UEFI WinFlash\amifldrv64.sys [15640 2012-07-27] ()
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16896 2012-11-07] ()
R1 KmxAgent; C:\Windows\System32\DRIVERS\kmxagent.sys [113744 2011-10-26] (CA)
R0 KmxAMRT; C:\Windows\System32\DRIVERS\KmxAMRT.sys [182352 2011-10-27] (Total Defense)
R2 KmxCF; C:\Windows\System32\DRIVERS\KmxCF.sys [201936 2011-09-07] (CA)
R1 KmxCfg; C:\Windows\System32\DRIVERS\kmxcfg.sys [365136 2011-09-07] (CA)
R1 KmxFile; C:\Windows\System32\DRIVERS\KmxFile.sys [87120 2011-09-07] (CA)
R1 KmxFilter; C:\Windows\system32\DRIVERS\KmxFilter.sys [99024 2011-09-07] (CA)
R0 KmxFw; C:\Windows\System32\DRIVERS\kmxfw.sys [143824 2011-09-07] (CA)
R2 KmxSbx; C:\Windows\System32\DRIVERS\KmxSbx.sys [81488 2011-09-07] (CA)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16152 2015-05-12] ()
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R1 usbcomp; C:\Windows\System32\Drivers\usbcomp.sys [409424 2015-05-05] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-09-13] (CyberLink Corp.)
S3 TS888x64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16345.222\TS888x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-07 00:07 - 2016-01-06 08:22 - 00000176 _____ () C:\Users\syen01\Desktop\cleanup.bat
2015-05-22 09:47 - 2015-05-22 09:47 - 00000000 ____D () C:\Users\syen01\Desktop\FRST-OlderVersion
2015-05-22 09:41 - 2015-05-22 09:41 - 00003356 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2310646588-1305869816-1876807301-1002
2015-05-22 09:39 - 2015-05-22 09:39 - 00001417 _____ () C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-22 09:38 - 2015-05-22 09:38 - 00031906 _____ () C:\WINDOWS\iis.log
2015-05-22 09:33 - 2015-05-22 09:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS
2015-05-22 09:33 - 2015-05-22 09:33 - 00000000 ____D () C:\WINDOWS\SysWOW64\BestPractices
2015-05-22 09:33 - 2015-05-22 09:33 - 00000000 ____D () C:\WINDOWS\system32\BestPractices
2015-05-22 09:33 - 2015-05-22 09:33 - 00000000 ____D () C:\inetpub
2015-05-22 00:22 - 2015-05-22 00:22 - 00000142 _____ () C:\WINDOWS\SysWOW64\InstallEnv.xml
2015-05-22 00:22 - 2015-05-22 00:22 - 00000018 _____ () C:\WINDOWS\SysWOW64\Local.pak
2015-05-22 00:22 - 2015-05-22 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ѹ½ÝÎļþ¹Ü¼Ò
2015-05-22 00:22 - 2015-05-22 00:22 - 00000000 ____D () C:\Program Files (x86)\Xuntec
2015-05-19 21:18 - 2015-05-22 09:44 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2310646588-1305869816-1876807301-1002
2015-05-19 20:59 - 2015-05-19 20:59 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\diantaih
2015-05-19 20:59 - 2015-05-19 20:59 - 00000000 ____D () C:\Users\syen01\AppData\Local\diantai
2015-05-18 23:06 - 2015-05-18 23:06 - 00002670 _____ () C:\Users\syen01\Desktop\JRT.txt
2015-05-18 22:17 - 2015-05-18 22:17 - 02209792 _____ () C:\Users\syen01\Desktop\AdwCleaner.exe
2015-05-18 15:52 - 2015-05-18 15:52 - 00000000 ____D () C:\ProgramData\kaixintool
2015-05-18 11:46 - 2015-05-18 11:46 - 00000000 ____D () C:\SUPERDelete
2015-05-17 19:49 - 2015-05-17 19:49 - 00001246 _____ () C:\Users\Public\Desktop\Performance Center.lnk
2015-05-15 22:40 - 2015-05-15 22:40 - 00000920 _____ () C:\Users\Public\Desktop\LOL×îÇ¿ÍõÕß.lnk
2015-05-15 22:40 - 2015-05-15 22:40 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\³ÌÐò
2015-05-15 22:40 - 2015-05-15 22:40 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\LvcEye
2015-05-15 22:40 - 2015-05-15 22:40 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\LOLAlbum
2015-05-15 22:40 - 2015-05-15 22:40 - 00000000 ____D () C:\Users\syen01\AppData\Local\LOLAlbum
2015-05-15 22:40 - 2015-05-15 22:40 - 00000000 ____D () C:\ProgramData\sppy
2015-05-15 22:40 - 2015-05-15 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\¿ªÐÄС¹¤¾ß
2015-05-14 22:34 - 2015-05-14 22:35 - 00000000 ____D () C:\ProgramData\LocalStorage
2015-05-14 22:32 - 2015-05-14 22:32 - 00000000 ____D () C:\Users\syen01\.android
2015-05-14 22:31 - 2015-05-14 22:31 - 00000000 ____D () C:\Users\syen01\AppData\Local\SysassistByHotWheel
2015-05-14 22:30 - 2015-05-17 14:07 - 00000000 ____D () C:\Users\syen01\AppData\Local\Unity
2015-05-14 22:30 - 2015-05-16 08:55 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\ppslog
2015-05-14 22:29 - 2015-05-14 22:29 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\GreenEye
2015-05-14 22:29 - 2015-05-14 22:29 - 00000000 ____D () C:\Users\Public\QiYi
2015-05-14 22:28 - 2015-05-14 22:28 - 00000017 _____ () C:\config.ini
2015-05-14 22:27 - 2015-03-02 22:41 - 00504088 _____ (Baidu, Inc.) C:\WINDOWS\system32\baiducn.ime
2015-05-14 03:22 - 2015-05-14 03:22 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-05-14 03:20 - 2015-05-14 03:20 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-14 03:20 - 2015-05-14 03:20 - 00002078 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-05-14 03:17 - 2015-05-14 03:17 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-13 20:25 - 2015-05-13 20:28 - 00517776 _____ () C:\Users\syen01\Desktop\Addition.txt
2015-05-13 20:14 - 2015-05-22 09:47 - 00038941 _____ () C:\Users\syen01\Desktop\FRST.txt
2015-05-13 18:56 - 2015-05-22 09:47 - 00000000 ____D () C:\FRST
2015-05-13 18:16 - 2015-05-13 18:16 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-STY1-Windows-8.1-(64-bit).dat
2015-05-13 18:16 - 2015-05-13 18:16 - 00000000 ____D () C:\RegBackup
2015-05-13 18:12 - 2015-05-13 18:14 - 00003664 _____ () C:\Users\syen01\Desktop\Rkill.txt
2015-05-13 18:09 - 2015-05-18 22:50 - 02720186 _____ (Thisisu) C:\Users\syen01\Desktop\JRT.exe
2015-05-13 18:09 - 2015-05-13 18:09 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\syen01\Desktop\rkill.exe
2015-05-13 18:06 - 2015-05-22 09:47 - 02108416 _____ (Farbar) C:\Users\syen01\Desktop\FRST64.exe
2015-05-13 16:47 - 2015-05-17 19:49 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\frmdata
2015-05-13 16:46 - 2015-05-13 16:46 - 00001043 _____ () C:\Users\Public\Desktop\ÃÀͼä¯ÀÀ.lnk
2015-05-13 16:46 - 2015-05-13 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÃÀͼä¯ÀÀ
2015-05-13 05:41 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 05:41 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:36 - 2015-05-13 04:38 - 00001628 _____ () C:\EamClean.log
2015-05-13 01:23 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-13 01:23 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-13 01:23 - 2015-04-24 17:32 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-05-13 01:23 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-13 01:23 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-13 01:23 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-13 01:23 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-13 01:23 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-13 01:23 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-13 01:23 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-13 01:23 - 2015-03-17 13:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-13 01:23 - 2015-03-12 20:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-13 01:23 - 2015-03-08 22:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-13 01:23 - 2015-03-04 19:09 - 01429504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-05-13 01:23 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-13 01:23 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-13 01:23 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-13 01:22 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-13 01:22 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-13 01:22 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-13 01:22 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-13 01:22 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-13 01:22 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-13 01:22 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-13 01:22 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-13 01:22 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-13 01:22 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-13 01:22 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-13 01:22 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-13 01:22 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-13 01:22 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-13 01:22 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-13 01:22 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-13 01:22 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-13 01:22 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-13 01:22 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-13 01:22 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-13 01:22 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-13 01:22 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-13 01:22 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-13 01:22 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-13 01:22 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-13 01:22 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-13 01:22 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-13 01:22 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-13 01:22 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-13 01:22 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-13 01:22 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-13 01:22 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-13 01:22 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-13 01:22 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-13 01:22 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-13 01:22 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-13 01:22 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-13 01:22 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-13 01:22 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-13 01:22 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-13 01:22 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-13 01:22 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-13 01:22 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-13 01:22 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-13 01:22 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-13 01:22 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-13 01:22 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-13 01:22 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-13 01:22 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-13 01:22 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-13 01:22 - 2015-03-13 00:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-13 01:22 - 2015-03-13 00:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-13 01:22 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-13 01:22 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-13 01:22 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-13 01:22 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-13 01:22 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-13 01:22 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-13 01:22 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-13 01:22 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-13 01:22 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-13 00:39 - 2015-05-13 00:39 - 00028984 _____ (Tencent) C:\WINDOWS\SysWOW64\Drivers\TS888x64.sys
2015-05-13 00:26 - 2015-05-13 03:52 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-05-13 00:26 - 2015-05-13 00:26 - 00087864 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
2015-05-13 00:23 - 2015-05-13 00:28 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\ÓÎÏ·
2015-05-13 00:23 - 2015-05-13 00:28 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÍøÂçÓÎÏ·ÖÐÐÄ
2015-05-13 00:23 - 2015-05-13 00:23 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\游戏
2015-05-12 21:51 - 2015-05-12 21:51 - 00003322 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-05-12 21:50 - 2015-05-12 21:50 - 00000000 ____D () C:\sh4ldr
2015-05-12 21:49 - 2015-05-12 21:49 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-05-12 21:49 - 2015-05-12 21:49 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-05-12 21:25 - 2015-05-12 21:25 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-05-12 21:07 - 2015-05-12 21:07 - 00001118 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-05-12 21:07 - 2015-05-12 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-05-12 21:07 - 2015-03-24 00:17 - 00135800 _____ (Emsisoft GmbH) C:\WINDOWS\system32\Drivers\epp64.sys
2015-05-12 20:52 - 2015-05-22 09:40 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-05-12 20:48 - 2015-05-12 20:50 - 162680144 _____ (Emsisoft Ltd. ) C:\Users\syen01\Downloads\EmsisoftAntiMalwareSetup.exe
2015-05-12 20:36 - 2015-05-12 20:36 - 02209792 _____ () C:\Users\syen01\Downloads\adwcleaner_4.204.exe
2015-05-12 19:35 - 2015-05-12 19:35 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\syen01\Downloads\tdsskiller.exe
2015-05-12 03:03 - 2015-05-22 09:41 - 00000000 ____D () C:\WINDOWS\LockIE
2015-05-12 03:03 - 2015-05-22 09:10 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\LockIE
2015-05-12 02:58 - 2015-05-22 09:41 - 00003092 _____ () C:\WINDOWS\NvConfig.dat
2015-05-12 02:51 - 2015-05-12 02:51 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\WandoujiaUsbDriver
2015-05-12 02:49 - 2015-05-12 02:49 - 00000053 _____ () C:\WINDOWS\nvse.dat
2015-05-12 02:49 - 2015-05-12 02:49 - 00000000 ____D () C:\Users\syen01\AppData\Local\MiLai
2015-05-12 02:49 - 2015-05-05 04:23 - 00409424 _____ () C:\WINDOWS\system32\Drivers\usbcomp.sys
2015-05-12 02:48 - 2015-05-12 02:54 - 00000000 ____D () C:\Users\syen01\Documents\搜狐影音
2015-05-12 02:48 - 2015-05-12 02:48 - 00000000 ____D () C:\Users\syen01\Documents\ËѺüÓ°Òô
2015-05-12 02:48 - 2015-05-12 02:48 - 00000000 ____D () C:\Users\syen01\AppData\Local\Temp尰
2015-05-10 01:58 - 2015-05-10 01:58 - 00000000 ____D () C:\ProgramData\COMODO
2015-05-10 01:57 - 2015-05-10 01:57 - 00001309 _____ () C:\Users\Public\Desktop\Free PDF Splitter.lnk
2015-05-10 01:57 - 2015-05-10 01:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF Splitter
2015-05-10 01:57 - 2015-05-10 01:57 - 00000000 ____D () C:\Program Files (x86)\Free PDF Solutions
2015-05-10 01:56 - 2015-05-22 03:56 - 00000342 _____ () C:\WINDOWS\Tasks\Chromium.job
2015-05-10 01:56 - 2015-05-10 01:56 - 00002680 _____ () C:\WINDOWS\System32\Tasks\Chromium
2015-05-10 01:56 - 2015-05-10 01:56 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\Free PDF Solutions
2015-05-10 01:55 - 2015-05-12 05:32 - 00000000 ____D () C:\Users\syen01\AppData\Local\Chromium
2015-05-10 01:53 - 2015-05-10 01:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-05-09 22:28 - 2015-05-09 22:28 - 00000000 ____D () C:\ado
2015-05-05 16:16 - 2015-05-05 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-04-24 11:41 - 2015-04-24 11:41 - 00000000 ____D () C:\Users\syen01\AppData\Local\PCTeX
2015-04-24 11:40 - 2015-04-24 11:40 - 00000000 ____D () C:\Users\syen01\Documents\My PCTeX Files

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 09:46 - 2013-11-03 10:07 - 00004962 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for STY1-syen01 STY1
2015-05-22 09:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-22 09:42 - 2013-11-02 21:28 - 00000000 ___RD () C:\Users\syen01\Dropbox
2015-05-22 09:42 - 2013-11-02 20:26 - 00000000 __RDO () C:\Users\syen01\SkyDrive
2015-05-22 09:41 - 2013-11-02 21:28 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\Dropbox
2015-05-22 09:38 - 2013-11-20 09:11 - 01218804 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-22 09:37 - 2014-08-14 00:50 - 00030518 _____ () C:\WINDOWS\setupact.log
2015-05-22 09:36 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-22 09:34 - 2013-11-03 23:14 - 08434467 _____ () C:\WINDOWS\system32\Drivers\kmxcfg.u2k0
2015-05-22 09:34 - 2013-11-03 23:14 - 00952964 _____ () C:\WINDOWS\system32\Drivers\KmxAgent.asc
2015-05-22 09:34 - 2013-11-03 23:14 - 00000471 _____ () C:\WINDOWS\system32\Drivers\kmxzone.u2k0
2015-05-22 09:34 - 2013-11-03 23:14 - 00000085 _____ () C:\WINDOWS\system32\Drivers\kmxcfg.u2k7
2015-05-22 09:34 - 2013-11-03 23:14 - 00000085 _____ () C:\WINDOWS\system32\Drivers\kmxcfg.u2k6
2015-05-22 09:34 - 2013-11-03 23:14 - 00000085 _____ () C:\WINDOWS\system32\Drivers\kmxcfg.u2k5
2015-05-22 09:34 - 2013-11-03 23:14 - 00000085 _____ () C:\WINDOWS\system32\Drivers\kmxcfg.u2k4
2015-05-22 09:34 - 2013-11-03 23:14 - 00000085 _____ () C:\WINDOWS\system32\Drivers\kmxcfg.u2k3
2015-05-22 09:34 - 2013-11-03 23:14 - 00000085 _____ () C:\WINDOWS\system32\Drivers\kmxcfg.u2k2
2015-05-22 09:34 - 2013-11-03 23:14 - 00000085 _____ () C:\WINDOWS\system32\Drivers\kmxcfg.u2k1
2015-05-22 09:34 - 2013-11-03 23:14 - 00000049 _____ () C:\WINDOWS\system32\Drivers\kmxzone.u2k7
2015-05-22 09:34 - 2013-11-03 23:14 - 00000049 _____ () C:\WINDOWS\system32\Drivers\kmxzone.u2k6
2015-05-22 09:34 - 2013-11-03 23:14 - 00000049 _____ () C:\WINDOWS\system32\Drivers\kmxzone.u2k5
2015-05-22 09:34 - 2013-11-03 23:14 - 00000049 _____ () C:\WINDOWS\system32\Drivers\kmxzone.u2k4
2015-05-22 09:34 - 2013-11-03 23:14 - 00000049 _____ () C:\WINDOWS\system32\Drivers\kmxzone.u2k3
2015-05-22 09:34 - 2013-11-03 23:14 - 00000049 _____ () C:\WINDOWS\system32\Drivers\kmxzone.u2k2
2015-05-22 09:34 - 2013-11-03 23:14 - 00000049 _____ () C:\WINDOWS\system32\Drivers\kmxzone.u2k1
2015-05-22 09:33 - 2014-08-19 01:53 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{57113DAC-B451-48EE-8D46-73F27B79F834}
2015-05-22 09:33 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\inetsrv
2015-05-22 09:33 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2015-05-22 09:32 - 2015-02-06 19:49 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-05-22 09:32 - 2015-02-06 19:49 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-05-22 09:32 - 2015-02-06 19:49 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-05-22 09:32 - 2015-02-06 19:49 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-05-22 09:32 - 2015-02-06 19:49 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-05-22 09:32 - 2015-02-06 19:49 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-05-22 09:32 - 2015-02-06 19:48 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-05-22 09:32 - 2015-02-06 19:48 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-05-22 09:32 - 2015-02-06 19:48 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-05-22 09:32 - 2015-02-06 19:48 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-05-22 09:32 - 2015-02-06 19:48 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-05-22 09:32 - 2015-02-06 19:48 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-05-22 09:29 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-22 09:21 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-22 09:07 - 2013-11-03 02:25 - 00000000 ____D () C:\ProgramData\PCPitstop
2015-05-22 04:28 - 2013-11-02 21:07 - 00000000 ____D () C:\Temp
2015-05-22 04:02 - 2013-11-03 03:09 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\Skype
2015-05-22 04:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-22 03:53 - 2014-04-01 17:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-21 14:20 - 2014-08-18 15:13 - 00000418 ____H () C:\WINDOWS\Tasks\Norton Security Scan for syen01.job
2015-05-21 00:24 - 2014-08-17 03:02 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-20 14:13 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-20 07:55 - 2013-11-02 20:46 - 00000000 ____D () C:\Users\syen01\AppData\Local\CrashDumps
2015-05-20 07:49 - 2014-08-14 01:41 - 01154686 _____ () C:\WINDOWS\PFRO.log
2015-05-19 21:43 - 2014-09-03 20:50 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-19 18:41 - 2015-04-04 00:06 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-19 18:41 - 2015-04-04 00:06 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-19 13:39 - 2013-11-02 18:41 - 00000000 ____D () C:\Users\syen01\AppData\Local\Packages
2015-05-19 09:22 - 2014-12-12 14:40 - 00000690 _____ () C:\Users\syen01\Desktop\A.lnk
2015-05-18 22:40 - 2014-09-01 20:24 - 00000000 ____D () C:\AdwCleaner
2015-05-18 22:29 - 2014-06-02 17:24 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-05-18 22:24 - 2013-08-22 11:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-05-18 22:24 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2015-05-18 14:01 - 2014-08-17 14:57 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2015-05-18 14:01 - 2013-05-06 03:05 - 00000000 ____D () C:\ProgramData\Norton
2015-05-17 20:22 - 2013-05-06 03:02 - 00000000 ____D () C:\ProgramData\Origin
2015-05-17 19:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Globalization
2015-05-17 16:02 - 2014-08-19 01:21 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-17 16:02 - 2014-08-19 01:21 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-17 16:02 - 2014-08-19 01:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-17 16:02 - 2014-08-19 01:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-17 01:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-05-14 22:32 - 2013-11-20 09:03 - 00000000 ____D () C:\Users\syen01
2015-05-14 03:39 - 2013-11-02 18:42 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\Adobe
2015-05-14 03:29 - 2013-11-03 01:38 - 00000000 ____D () C:\Users\syen01\AppData\Local\Adobe
2015-05-14 03:15 - 2013-05-06 03:00 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-13 19:56 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-05-13 19:36 - 2014-02-20 08:55 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2310646588-1305869816-1876807301-1002
2015-05-13 16:58 - 2014-08-16 19:46 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-13 10:37 - 2014-07-29 16:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 10:37 - 2014-07-29 16:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 10:37 - 2013-08-22 10:44 - 00473968 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 10:24 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-13 10:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-13 05:32 - 2013-11-03 22:14 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-13 05:32 - 2013-11-03 22:14 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-13 05:24 - 2014-07-29 16:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 05:15 - 2013-09-29 23:51 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 00:40 - 2013-11-02 18:42 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2015-05-12 21:28 - 2013-12-05 21:22 - 00000000 ____D () C:\Users\syen01\AppData\Local\SlimWare Utilities Inc
2015-05-12 19:26 - 2015-04-13 23:22 - 00000000 ____D () C:\ProgramData\pdf995
2015-05-12 18:02 - 2013-12-05 21:22 - 00016152 _____ () C:\WINDOWS\system32\Drivers\SWDUMon.sys
2015-05-11 16:36 - 2014-08-11 05:32 - 00001078 _____ () C:\Users\syen01\Desktop\Dropbox.lnk
2015-05-11 16:36 - 2014-08-11 05:31 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-10 00:22 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-09 22:07 - 2013-11-03 03:09 - 00000000 ____D () C:\ProgramData\Skype
2015-05-05 13:59 - 2015-03-12 10:40 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-05 13:59 - 2015-03-12 10:40 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-04 12:42 - 2015-04-13 22:08 - 00000000 ____D () C:\Users\syen01\AppData\Roaming\TaxCut
2015-04-27 17:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer

==================== Files in the root of some directories =======

2014-08-17 21:41 - 2014-08-17 21:42 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2014-05-01 15:43 - 2014-06-18 05:51 - 0007605 _____ () C:\Users\syen01\AppData\Local\Resmon.ResmonCfg
2013-11-03 02:20 - 2013-11-16 17:39 - 0000262 _____ () C:\ProgramData\LastUpdate.xml
2014-04-12 12:38 - 2014-04-13 00:05 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-11-02 21:17 - 2013-11-04 12:54 - 0002225 _____ () C:\ProgramData\NLOGIT 5.lnk

Some files in TEMP:
====================
C:\Users\abc\AppData\Local\Temp\wruninstall.exe
C:\Users\syen01\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqmh1sv.dll
C:\Users\syen01\AppData\Local\Temp\Quarantine.exe
C:\Users\syen01\AppData\Local\Temp\sqlite3.dll
C:\Users\syen01\AppData\Local\Temp\srxifiemvu.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-21 01:35

==================== End of log ============================



#14 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:11:21 PM

Posted 22 May 2015 - 11:27 AM

Ok great. Success on that problem.

 

Look in your add/remove programs panel and uninstall these if present:

 

MarketReseach

¿áÒô´«ËÍ 1.0.4.6 (Version: 1.0.4.6 - Kumusic.cn.Inc.) ---> Do you know what this is? If not I would remove it.

 

I dont think a FRST script will work with these characters so you can remove them manually. First to show all files in W8 see this link:

 

http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-8/

 

Next using explorer see if you can find and delete these items below

 

unless you recognize them and know what they are. something you knowingly installed. I cant read those characters and have no idea.

 

C:\Program Files (x86)\WandouLabs

 C:\Users\syen01\Documents\搜狐影音
C:\Users\syen01\Documents\ËѺüÓ°Òô

C:\Users\syen01\AppData\Local\Temp尰  ----> here you can just delete what you can out of the temp folderC:\Users\syen01\AppData\Roaming\ÓÎÏ·
 C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ÍøÂçÓÎÏ·ÖÐÐÄ

C:\Users\syen01\AppData\Roaming\游戏

C:\Users\syen01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件

 

For FireFox:

Try resetting it back to its defaults:

https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings

 

Last: chrome is compromised. Even if you dont use it you should uninstall then reinstall it:

 

https://support.google.com/chrome/answer/95319?hl=en

https://www.google.com/chrome/

 

See how all that goes.


How Can I Reduce My Risk to Malware?


#15 syen

syen
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Knoxville, Tennessee
  • Local time:10:21 PM

Posted 22 May 2015 - 01:31 PM

I did not see "MarketReseach" while doing Add/Remove in control panel.

I also did not see C:\Program Files (x86)\WandouLabs

But I went ahead and removed all that I did not recognize as well as those that you suggested.

Finally, I did not see  chrome either so could not remove.

At any rate, now Firefox is running clean without being hijacked, as does Internet Explorer. And no pop-up to bug me. Guess I am fine then. 

Thank you very much!

Steven






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users