Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[HELP] Desktop no icon but cursor and fail to start Explorer.exe


  • This topic is locked This topic is locked
13 replies to this topic

#1 ftk

ftk

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 01 July 2015 - 01:13 AM

Dear gentleman, 

 

I encounter following issue:

 

I keep my PC open in my workspace.  One day last week, I restart my PC, I found there is nothing on my desktop, all black except the cursor.  I tried Ctrl+Alt+Del and start the Task Manager, and I found I cannot start the explorer.exe (other program can be started from new task)

 

p.s. I can perform normally in Safe Mode, everything on my desktop and seems no problem.

 

I search BleepingComputer and notice explorer.exe may be infected by virus, so I download the ComboFix in C drive and try to run, (given Antivirus not yet stopped warning)

 

In the first time, it failed to resume my desktop, so I tried to copy ComboFix on my desktop and run again.  This time, my desktop icon and explorer resumed.

 

By after some time (may be one day), when I restart / remote my PC, the issue happened again!  So I have to run ComboFix from my desktop again.

 

Question : 

1) Am I doing the right thing to clean the virus?

2) Can anybody help to remove the issue permanently? 

 

Many thanks.

 

p.s. I have installed AVG anti-virus, and Malwarebytes anti-malware free and scanned no problem found T-T  (installed long time ago before it happened)

 

 

Attached File  ComboFix_3006.txt   45.69KB   4 downloads

Attached Files


Edited by hamluis, 01 July 2015 - 09:05 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 ftk

ftk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 01 July 2015 - 11:35 PM

Is there anyone can help?  Thank you.


Edited by ftk, 02 July 2015 - 09:27 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:21 AM

Posted 02 July 2015 - 10:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running?

#4 ftk

ftk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 06 July 2015 - 01:42 AM

Dear nasdaq, 

 

Thank you very much for your reply.

 

1) attached the log file;

2) the computer behavour the same (black desktop with cursor only), and cannot start Explorer.exe in Task Manager > New Task

3) below is the FRST.txt

4) attached Addtion.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015

Ran by Tanky (administrator) on TANKY-PC on 06-07-2015 14:39:24
Running from C:\Users\Tanky\Desktop
Loaded Profiles: Tanky (Available Profiles: Tanky)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: 中文 (繁體,台灣)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Fortinet Inc.) C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Bitsum LLC) C:\Program Files\Process Lasso\ProcessLasso.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Tanky\Desktop\explorer++_1.3.5_x64\Explorer++.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mythicsoft Ltd) C:\Program Files\Mythicsoft\Agent Ransack\AgentRansack.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-02-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-06-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-04-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-04-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-277022652-3544325335-1516805295-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-277022652-3544325335-1516805295-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-02] (Piriform Ltd)
HKU\S-1-5-21-277022652-3544325335-1516805295-1000\...\Run: [Dropbox Update] => C:\Users\Tanky\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-11] (Dropbox, Inc.)
HKU\S-1-5-21-277022652-3544325335-1516805295-1000\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-277022652-3544325335-1516805295-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\Tanky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-06-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Tanky\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [      .netdiskExt0] -> {8A8BC1BD-D897-4CE7-9F60-F93990548F3D} =>  No File
ShellIconOverlayIdentifiers: [      .netdiskExt1] -> {6E2D25A2-5272-4B77-9A1E-6BE1AA5CFCEE} =>  No File
ShellIconOverlayIdentifiers: [      .netdiskExt2] -> {24606D69-91E1-4370-BA41-53174339C1C3} =>  No File
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tanky\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-11] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-277022652-3544325335-1516805295-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-277022652-3544325335-1516805295-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {DAFC3089-C966-4796-BF72-E6BB9C4BB8E5} URL = 
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-277022652-3544325335-1516805295-1000 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-277022652-3544325335-1516805295-1000 -> Backup.Old.DefaultScope {7E538697-251B-4E78-AE0E-7AADD8D4D844}
SearchScopes: HKU\S-1-5-21-277022652-3544325335-1516805295-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-277022652-3544325335-1516805295-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-277022652-3544325335-1516805295-1000 -> {1FF7973D-AB0A-496d-82C1-4EADBBA11E7B} URL = 
SearchScopes: HKU\S-1-5-21-277022652-3544325335-1516805295-1000 -> {24588FA4-10F1-41D7-B19D-6E22361E47FA} URL = 
SearchScopes: HKU\S-1-5-21-277022652-3544325335-1516805295-1000 -> {44177982-996D-4b79-B29F-5B60E13A5169} URL = http://www.baidu.com/s?wd={searchTerms}&tn=98012088_cb&ch=1&ie=utf-8
SearchScopes: HKU\S-1-5-21-277022652-3544325335-1516805295-1000 -> {4F9E9918-CBA2-5A93-4A84-339F4256D611} URL = 
SearchScopes: HKU\S-1-5-21-277022652-3544325335-1516805295-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_oem_dg&ch=33
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-02] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: No Name -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} ->  No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-02] (Oracle Corporation)
BHO-x32: No Name -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} ->  No File
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2012-10-30] ()
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2012-10-30] ()
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-277022652-3544325335-1516805295-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2015-05-29] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-05-29] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2015-05-29] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-05-29] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7C557A06-8894-4333-AA25-3C69617CFC3A}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Tanky\AppData\Roaming\Mozilla\Firefox\Profiles\bpdgihe8.default
FF NewTab: about:blank
FF DefaultSearchEngine: Google Default
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:blank
FF Keyword.URL: 
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-02] ()
FF Plugin: @alipay.com/npAliSecCtrl -> C:\Windows\SysWOW64\aliedit\3.7.0.0\npAliSecCtrl64.dll [2013-10-28] (Alipay.com Inc. )
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-02] ()
FF Plugin-x32: @alipay.com/npalidcp -> C:\Windows\system32\aliedit\3.7.0.0\npalidcp.dll No File
FF Plugin-x32: @alipay.com/npaliedit -> C:\Windows\system32\aliedit\3.7.0.0\npaliedit.dll No File
FF Plugin-x32: @alipay.com/npAliSecCtrl -> C:\Windows\system32\aliedit\3.7.0.0\npAliSecCtrl.dll No File
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll [2012-12-17] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll [2012-12-17] (Fortinet Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-02] (Oracle Corporation)
FF Plugin-x32: @kingsfot.com/npkws -> D:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-06] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/npQQPhoneManager -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\1.0.301.1305\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll No File
FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\49\Browser\npXFMiniDLPlugin.dll No File
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll No File
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll No File
FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent)
FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-277022652-3544325335-1516805295-1000: @acestream.net/acestreamplugin,version=3.0.2 -> C:\Users\Tanky\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-07] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-277022652-3544325335-1516805295-1000: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Tanky\AppData\Roaming\Mozilla\Firefox\Profiles\bpdgihe8.default\searchplugins\firefox-add-ons.xml [2013-11-14]
FF SearchPlugin: C:\Users\Tanky\AppData\Roaming\Mozilla\Firefox\Profiles\bpdgihe8.default\searchplugins\google-default.xml [2015-05-20]
FF SearchPlugin: C:\Users\Tanky\AppData\Roaming\Mozilla\Firefox\Profiles\bpdgihe8.default\searchplugins\googletranslate.xml [2015-05-20]
FF SearchPlugin: C:\Users\Tanky\AppData\Roaming\Mozilla\Firefox\Profiles\bpdgihe8.default\searchplugins\youtube.xml [2015-05-20]
FF Extension: LastPass - C:\Users\Tanky\AppData\Roaming\Mozilla\Firefox\Profiles\bpdgihe8.default\Extensions\support@lastpass.com [2015-04-28]
FF Extension: Firebug - C:\Users\Tanky\AppData\Roaming\Mozilla\Firefox\Profiles\bpdgihe8.default\Extensions\firebug@software.joehewitt.com.xpi [2012-03-20]
FF Extension: Multi Links - C:\Users\Tanky\AppData\Roaming\Mozilla\Firefox\Profiles\bpdgihe8.default\Extensions\multilinks@plugin.xpi [2013-03-08]
FF Extension: Firesizer - C:\Users\Tanky\AppData\Roaming\Mozilla\Firefox\Profiles\bpdgihe8.default\Extensions\{04426594-bce6-4705-b811-bcdba2fd9c7b}.xpi [2012-07-20]
FF Extension: Download Status Bar - C:\Users\Tanky\AppData\Roaming\Mozilla\Firefox\Profiles\bpdgihe8.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-01-13]
FF Extension: FXChrome - C:\Users\Tanky\AppData\Roaming\Mozilla\Firefox\Profiles\bpdgihe8.default\Extensions\{c0c588b6-b11d-4898-af00-079fed05aa32}.xpi [2012-08-06]
FF Extension: Fasterfox - C:\Users\Tanky\AppData\Roaming\Mozilla\Firefox\Profiles\bpdgihe8.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2012-07-20]
FF Extension: Search By Image (by Google) - C:\Users\Tanky\AppData\Roaming\Mozilla\Firefox\Profiles\bpdgihe8.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi [2013-11-14]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-02-21]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-04-26]
 
Chrome: 
=======
CHR Profile: C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Envelopes for Google Docs) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaclkeicedlkpjgnnfkedjomkkhmgcod [2014-11-06]
CHR Extension: (Whatsapp) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahpopebapelhlnhodlakpeknbchbgcho [2015-04-14]
CHR Extension: (Google Drive) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-18]
CHR Extension: (Session Manager) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2012-02-17]
CHR Extension: (YouTube) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-04]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2013-11-15]
CHR Extension: (Adblock Plus) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2012-11-13]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-05-28]
CHR Extension: (FTP Free) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdgcfaoankkonoiichmblcfijkomfbn [2015-06-14]
CHR Extension: (Gmail Offline) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-02-27]
CHR Extension: (Google Calendar) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-12-04]
CHR Extension: (Word Online) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2014-11-28]
CHR Extension: (Bulk Download Images(ZIG)) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfjhimhkjmipphnaminnnnjpnlneeplk [2014-02-16]
CHR Extension: (Hola Better Internet) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-05-26]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2012-02-17]
CHR Extension: (Dropbox) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-07-18]
CHR Extension: (Google Play) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-09-05]
CHR Extension: (Bookmark Checker) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnboppjpcdnckcklbmjmdahfkpmgglec [2015-04-14]
CHR Extension: (Google Maps) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-09-05]
CHR Extension: (Sunrise Calendar) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2014-10-16]
CHR Extension: (Drive) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2013-12-11]
CHR Extension: (Google Wallet) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR Extension: (Hover Zoom) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2013-03-19]
CHR Extension: (Fluid UI) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\obgmmkbgpilmggfkhganmcmpemnhimgg [2014-10-27]
CHR Extension: (Unblock Youku) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2013-04-03]
CHR Extension: (Gmail) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-04]
CHR Extension: (draw.io (Legacy)) - C:\Users\Tanky\AppData\Local\Google\Chrome\User Data\Default\Extensions\plgmlhohecdddhbmmkncjdmlhcmaachm [2014-11-06]
CHR HKU\S-1-5-21-277022652-3544325335-1516805295-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2012-10-30]
CHR HKLM-x32\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - No Path Or update_url value
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AlipaySecSvc; C:\Program Files (x86)\alipay\alieditplus\AlipaySecSvc.exe [540032 2014-03-07] (Alipay Inc. )
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-06-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-06-30] (AVG Technologies CZ, s.r.o.)
R2 FortiSslvpnDaemon; C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe [946040 2012-12-17] (Fortinet Inc.)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 omaha; C:\Program Files (x86)\Wandoujia\Update\wandoujia_update.exe [80760 2014-06-28] (Wandoujia Inc.)
S3 omaham; C:\Program Files (x86)\Wandoujia\Update\wandoujia_update.exe [80760 2014-06-28] (Wandoujia Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 QQPMAndroidServer; "C:\Users\Tanky\AppData\Roaming\Tencent\AndroidServer\1.0.0.107\AndroidDaemon.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-07] (Disc Soft Ltd)
R2 Freedom Scientific Kernel Manager; C:\Windows\System32\fsKMgr.dll [29200 2013-02-12] (Freedom Scientific, Inc.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
R3 fsvidmir_service; C:\Windows\System32\DRIVERS\fsvidmir.sys [15856 2013-02-12] (Freedom Scientific, Inc.)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R3 IPvE; C:\Windows\System32\DRIVERS\IPvEx64.sys [32240 2011-04-18] (IPVE)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2014-05-05] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 PowerBrl; C:\Windows\system32\Drivers\powerbrl.sys [18208 2013-05-10] (Freedom Scientific BLV Group, LLC.)
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2009-07-21] (Fortinet Inc.)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113936 2013-12-18] (Oracle Corporation)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [35344 2013-12-03] ()
S0 bootsafe; system32\Drivers\bootsafe64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Users\Tanky\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 HWCore; \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys [X]
S3 ksapi64; \??\C:\Windows\system32\drivers\ksapi64.sys [X]
S3 ksfmonsys; \??\c:\program files (x86)\ksafe\ksfmonsys64.sys [X]
S1 regmon; \??\C:\Program Files (x86)\DriveTheLife2012\regmon64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-06 14:39 - 2015-07-06 14:39 - 00035029 _____ C:\Users\Tanky\Desktop\FRST.txt
2015-07-06 14:39 - 2015-07-06 14:39 - 00000000 ____D C:\FRST
2015-07-06 14:38 - 2015-07-06 14:39 - 02112512 _____ (Farbar) C:\Users\Tanky\Desktop\FRST64.exe
2015-07-06 10:57 - 2015-07-06 10:57 - 00000000 ____D C:\ProgramData\ProcessLasso
2015-07-06 10:53 - 2015-07-06 09:57 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-07-06 10:33 - 2015-07-06 14:20 - 00018407 _____ C:\zoek-results.log
2015-07-06 10:32 - 2015-07-06 10:32 - 00000136 _____ C:\Users\Tanky\Desktop\[HELP] Desktop no icon but cursor and fail to start Explorer.exe - Virus, Trojan, Spyware, and Malware Removal Logs.url
2015-07-06 09:57 - 2015-07-06 10:48 - 00000000 ____D C:\zoek_backup
2015-07-06 09:50 - 2015-07-06 09:51 - 01308672 _____ C:\Users\Tanky\Desktop\zoek.exe
2015-07-06 09:29 - 2015-07-06 10:56 - 00002788 _____ C:\Windows\PFRO.log
2015-07-06 01:43 - 2015-07-06 01:43 - 00046108 _____ C:\ComboFix.txt
2015-07-06 01:05 - 2015-07-06 01:05 - 00000000 ____D C:\Users\Tanky\AppData\Local\NVIDIA
2015-07-06 00:57 - 2015-02-06 01:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-07-06 00:53 - 2015-05-09 11:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-06 00:53 - 2015-05-09 11:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-06 00:53 - 2015-05-09 11:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-06 00:53 - 2015-05-09 11:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-06 00:53 - 2015-05-09 11:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-06 00:53 - 2015-05-09 11:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-06 00:53 - 2015-05-09 11:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-06 00:53 - 2015-05-09 11:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-06 00:53 - 2015-05-09 11:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-06 00:53 - 2015-05-09 11:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-06 00:53 - 2015-05-09 11:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-06 00:53 - 2015-05-09 11:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-06 00:53 - 2015-05-09 11:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-06 00:53 - 2015-05-09 11:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-06 00:53 - 2015-05-09 11:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-06 00:53 - 2015-05-09 11:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-06 00:53 - 2015-04-28 03:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-06 00:53 - 2015-04-28 03:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-06 00:53 - 2015-04-28 03:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-06 00:53 - 2015-04-28 03:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-06 00:53 - 2015-04-28 03:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-06 00:53 - 2015-04-28 03:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-06 00:53 - 2015-04-28 03:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-06 00:53 - 2015-04-28 03:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-06 00:52 - 2015-05-10 02:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-07-06 00:30 - 2015-07-06 00:30 - 00000000 ____D C:\Program Files (x86)\Windows Loader
2015-07-06 00:23 - 2015-07-06 14:16 - 00000804 _____ C:\Windows\setupact.log
2015-07-06 00:23 - 2015-07-06 00:23 - 00000000 _____ C:\Windows\setuperr.log
2015-07-05 22:48 - 2015-07-05 23:02 - 00000000 ____D C:\Users\TEMP
2015-07-05 22:48 - 2013-01-31 08:07 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\TuneUp Software
2015-07-05 22:48 - 2012-05-07 00:35 - 00000000 ____D C:\Users\TEMP\AppData\LocalGoogle
2015-07-05 22:48 - 2012-05-07 00:35 - 00000000 ____D C:\Users\TEMP\AppData\Local\Google
2015-07-05 22:48 - 2012-02-29 17:35 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Macromedia
2015-07-05 22:48 - 2012-02-21 03:03 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2015-07-05 22:48 - 2009-07-14 12:54 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-05 22:48 - 2009-07-14 12:49 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-04 17:03 - 2015-07-04 17:03 - 00000000 ____D C:\Users\Tanky\AppData\Local\Avg
2015-07-02 18:23 - 2015-02-20 01:18 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-07-02 18:23 - 2015-02-04 11:56 - 01907400 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434144.dll
2015-07-02 18:23 - 2015-02-04 11:56 - 01555656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434144.dll
2015-07-02 18:18 - 2015-07-02 18:18 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-02 18:18 - 2015-06-17 17:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-07-02 18:18 - 2015-06-17 17:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-07-02 18:18 - 2015-02-20 01:18 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-07-02 15:13 - 2015-07-02 15:13 - 00000000 ____D C:\Device
2015-07-02 13:59 - 2015-07-02 13:59 - 00852662 _____ C:\Users\Tanky\Desktop\SecurityCheck.exe
2015-07-02 13:47 - 2015-07-02 15:13 - 00000000 ____D C:\Users\Tanky\Doctor Web
2015-07-02 13:36 - 2015-07-02 13:40 - 165675304 _____ C:\Users\Tanky\Desktop\ov1m549i.exe
2015-07-02 13:16 - 2015-07-02 13:16 - 00000000 ____D C:\Users\Tanky\Desktop\explorer++_1.3.5_x64
2015-07-02 12:57 - 2015-07-02 12:57 - 00278382 _____ C:\Users\Tanky\Desktop\logonfix_1.1.exe
2015-07-02 12:55 - 2015-07-02 13:07 - 00000000 ____D C:\AdwCleaner
2015-07-02 12:53 - 2015-07-02 12:53 - 02244096 _____ C:\Users\Tanky\Desktop\adwcleaner_4.207.exe
2015-07-02 12:53 - 2015-07-02 12:53 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-30 23:07 - 2015-06-30 23:07 - 00046786 _____ C:\ComboFix_3006.txt
2015-06-30 22:30 - 2015-07-06 14:20 - 00563733 _____ C:\Windows\WindowsUpdate.log
2015-06-30 22:20 - 2015-06-30 22:20 - 00001064 _____ C:\Users\Tanky\Desktop\mbm_result.txt
2015-06-26 09:49 - 2015-06-26 09:49 - 00293296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-06-24 18:26 - 2015-06-24 18:26 - 00000000 ____D C:\Users\Tanky\AppData\Roaming\AVG2015
2015-06-24 18:25 - 2015-06-24 18:25 - 00000000 ____D C:\Program Files\Common Files\AV
2015-06-24 18:23 - 2015-06-24 18:25 - 00000000 ____D C:\ProgramData\AVG2015
2015-06-24 13:31 - 2015-06-24 13:31 - 00052571 _____ C:\combofix_2406.txt
2015-06-24 13:21 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-24 13:21 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-24 13:21 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-24 13:21 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-24 13:21 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-24 13:21 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-24 13:21 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-24 13:21 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-24 13:19 - 2015-07-06 01:43 - 00000000 ____D C:\Qoobox
2015-06-24 13:19 - 2015-07-02 13:14 - 00000228 _____ C:\Users\Tanky\Desktop\Win32kDiag.txt
2015-06-24 13:18 - 2015-07-06 01:25 - 05631375 ____R (Swearware) C:\Users\Tanky\Desktop\ComboFix.exe
2015-06-24 13:18 - 2015-06-24 13:29 - 00000000 ____D C:\Windows\erdnt
2015-06-24 13:18 - 2015-06-24 13:13 - 00047616 _____ C:\Users\Tanky\Desktop\Win32kDiag.exe
2015-06-24 13:18 - 2015-06-24 13:11 - 00085504 _____ C:\Users\Tanky\Desktop\Inherit.exe
2015-06-17 13:11 - 2015-06-17 13:11 - 00000000 ____D C:\Users\Tanky\AppData\Roaming\YCanPDF
2015-06-17 13:11 - 2015-06-17 13:11 - 00000000 ____D C:\CompressedPDF
2015-06-17 12:58 - 2015-06-17 12:58 - 00000000 ____D C:\Users\Tanky\Documents\PDF Compressor Output
2015-06-16 15:55 - 2015-06-16 15:55 - 00259040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2015-06-12 20:31 - 2015-05-29 02:25 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 12303872 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 09067520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 02470912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-06-12 20:31 - 2015-05-29 02:24 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-06-12 20:31 - 2015-05-29 02:23 - 01538048 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-12 20:31 - 2015-05-29 02:23 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-12 20:31 - 2015-05-29 02:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-12 20:31 - 2015-05-29 02:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-12 20:31 - 2015-05-29 02:07 - 11030016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 06032896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 02088448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 01267712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00389632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-06-12 20:31 - 2015-05-29 02:07 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2015-06-12 20:31 - 2015-05-29 02:06 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-12 20:31 - 2015-05-29 02:06 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-12 20:31 - 2015-05-29 02:06 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-12 20:31 - 2015-05-29 02:05 - 01466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-12 20:31 - 2015-05-29 01:46 - 00483328 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-12 20:31 - 2015-05-29 01:35 - 00386560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-12 20:31 - 2015-05-29 01:21 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-12 20:31 - 2015-05-29 01:13 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-11 13:52 - 2015-05-26 02:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-11 13:52 - 2015-05-26 02:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-11 13:52 - 2015-05-26 02:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-11 13:51 - 2015-05-26 02:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-11 13:51 - 2015-05-26 02:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-11 13:51 - 2015-05-26 02:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-11 13:51 - 2015-05-26 02:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-11 13:51 - 2015-05-26 02:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-11 13:51 - 2015-05-26 02:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-11 13:51 - 2015-05-26 02:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-11 13:51 - 2015-05-26 02:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-11 13:51 - 2015-05-26 02:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-11 13:51 - 2015-05-26 02:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-11 13:51 - 2015-05-26 02:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-11 13:51 - 2015-05-26 02:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-11 13:51 - 2015-05-26 02:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-11 13:51 - 2015-05-26 02:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-11 13:51 - 2015-05-26 02:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-11 13:51 - 2015-05-26 02:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-11 13:51 - 2015-05-26 02:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-11 13:51 - 2015-05-26 02:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-11 13:51 - 2015-05-26 02:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-11 13:51 - 2015-05-26 02:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 02:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-11 13:51 - 2015-05-26 02:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-11 13:51 - 2015-05-26 02:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-11 13:51 - 2015-05-26 02:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-11 13:51 - 2015-05-26 02:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-11 13:51 - 2015-05-26 02:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-11 13:51 - 2015-05-26 02:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-11 13:51 - 2015-05-26 02:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-11 13:51 - 2015-05-26 02:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-11 13:51 - 2015-05-26 02:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-11 13:51 - 2015-05-26 02:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-11 13:51 - 2015-05-26 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-11 13:51 - 2015-05-26 02:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-11 13:51 - 2015-05-26 02:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-11 13:51 - 2015-05-26 02:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-11 13:51 - 2015-05-26 02:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-11 13:51 - 2015-05-26 02:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-11 13:51 - 2015-05-26 02:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-11 13:51 - 2015-05-26 02:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-11 13:51 - 2015-05-26 02:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-11 13:51 - 2015-05-26 02:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-11 13:51 - 2015-05-26 02:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-11 13:51 - 2015-05-26 02:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-11 13:51 - 2015-05-26 01:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-11 13:51 - 2015-05-26 01:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-11 13:51 - 2015-05-26 01:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-11 13:51 - 2015-05-26 01:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-11 13:51 - 2015-05-26 01:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-11 13:51 - 2015-05-26 01:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 01:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-11 13:51 - 2015-05-26 00:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-11 13:51 - 2015-05-26 00:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-11 13:51 - 2015-05-26 00:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 00:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 00:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-11 13:51 - 2015-05-26 00:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-11 13:51 - 2015-04-30 02:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-11 13:51 - 2015-04-30 02:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-11 13:51 - 2015-04-30 02:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-11 13:51 - 2015-04-30 02:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-11 13:51 - 2015-04-30 02:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-11 13:51 - 2015-04-30 02:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-11 13:51 - 2015-04-30 02:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-11 13:51 - 2015-04-30 02:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-11 13:51 - 2015-04-30 02:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-11 13:51 - 2015-04-30 02:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-11 13:27 - 2015-06-11 13:27 - 00000000 ____D C:\Users\Tanky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-11 13:26 - 2015-07-06 14:31 - 00000564 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-277022652-3544325335-1516805295-1000UA.job
2015-06-11 13:26 - 2015-07-04 13:31 - 00000512 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-277022652-3544325335-1516805295-1000Core.job
2015-06-11 13:26 - 2015-06-11 13:26 - 00003538 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-277022652-3544325335-1516805295-1000UA
2015-06-11 13:26 - 2015-06-11 13:26 - 00003142 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-277022652-3544325335-1516805295-1000Core
2015-06-11 13:26 - 2015-06-11 13:26 - 00000000 ____D C:\Users\Tanky\AppData\Local\Dropbox
2015-06-11 13:26 - 2015-06-11 13:26 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-10 16:38 - 2015-06-10 16:38 - 00226784 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2015-06-10 11:16 - 2015-05-26 01:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 11:16 - 2015-04-25 02:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-10 11:16 - 2015-04-25 01:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-10 11:16 - 2015-04-11 11:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-08 20:42 - 2015-06-08 20:42 - 00000000 ____D C:\Users\Tanky\Desktop\PAC_EN
2015-06-08 18:08 - 2015-06-08 18:08 - 00000000 ____D C:\Users\Tanky\Desktop\spsetup128
2015-06-08 16:47 - 2015-06-08 16:47 - 00000000 ____D C:\Users\Tanky\Desktop\portecle-1.7
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-06 14:36 - 2014-06-06 19:21 - 00000384 _____ C:\Windows\Tasks\WandoujiaUpdateTaskMachineUA.job
2015-07-06 14:36 - 2014-06-06 19:21 - 00000380 _____ C:\Windows\Tasks\WandoujiaUpdateTaskMachineCore.job
2015-07-06 14:25 - 2009-07-14 12:45 - 00021024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-06 14:25 - 2009-07-14 12:45 - 00021024 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-06 14:17 - 2014-07-28 13:19 - 00000538 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-06 14:16 - 2012-04-09 19:48 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-06 14:16 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-06 11:48 - 2014-07-28 13:19 - 00000542 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-06 10:57 - 2012-08-14 13:59 - 00000008 __RSH C:\Users\Tanky\ntuser.pol
2015-07-06 10:57 - 2012-02-04 15:00 - 00000000 ____D C:\Users\Tanky
2015-07-06 10:49 - 2009-07-14 11:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-07-06 09:34 - 2012-02-04 15:29 - 00000000 ____D C:\ProgramData\MFAData
2015-07-06 01:44 - 2013-01-23 15:32 - 00000000 ____D C:\Users\Tanky\AppData\Roaming\Dropbox
2015-07-06 01:40 - 2009-07-14 10:34 - 00000215 _____ C:\Windows\system.ini
2015-07-06 01:02 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2015-07-06 01:02 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\zh-HK
2015-07-06 01:02 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-06 00:57 - 2012-04-09 19:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-06 00:57 - 2012-04-09 19:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-07-06 00:57 - 2012-04-09 19:45 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-07-05 18:08 - 2014-03-19 12:21 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-04 17:05 - 2014-04-01 08:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-04 17:04 - 2012-02-04 16:35 - 00000000 ____D C:\$AVG
2015-07-04 14:09 - 2013-02-28 15:42 - 00000000 ____D C:\Users\Tanky\AppData\Local\Captcha_Brotherhood
2015-07-02 23:23 - 2015-05-19 22:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-02 23:23 - 2014-07-25 13:26 - 00000526 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-02 23:23 - 2012-04-27 02:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-02 23:22 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\DigitalLocker
2015-07-02 21:40 - 2013-11-25 20:21 - 00000000 ____D C:\Users\Tanky\AppData\Local\Adobe
2015-07-02 21:38 - 2013-04-11 21:20 - 00003466 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-02 21:38 - 2012-04-09 19:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-02 21:38 - 2012-02-21 14:23 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-02 20:14 - 2014-06-26 15:00 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-02 15:39 - 2014-10-20 12:42 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-02 15:38 - 2014-10-20 12:42 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-02 13:27 - 2013-08-23 18:07 - 00002562 _____ C:\Windows\diagwrn.xml
2015-07-02 13:27 - 2013-08-23 18:07 - 00001908 _____ C:\Windows\diagerr.xml
2015-07-02 13:22 - 2013-03-28 13:30 - 00000000 ____D C:\Users\Tanky\Documents\ccleaner
2015-07-02 13:07 - 2014-06-26 15:35 - 00000000 ____D C:\Windows\system32\log
2015-07-02 13:00 - 2012-02-21 23:34 - 00000000 ____D C:\Users\Tanky\AppData\Roaming\ProcessLasso
2015-07-02 12:59 - 2014-06-26 14:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-02 12:49 - 2015-04-23 11:48 - 00000000 ____D C:\Users\Tanky\AppData\Local\Avg2015
2015-07-01 13:35 - 2014-09-15 21:55 - 00001497 _____ C:\Users\Tanky\Desktop\Google 雲端硬碟.lnk
2015-06-30 22:01 - 2012-02-19 18:12 - 00000000 ____D C:\Program Files\CCleaner
2015-06-28 00:02 - 2014-08-18 15:13 - 00000406 _____ C:\Windows\Tasks\Defraggler Volume D Task.job
2015-06-24 20:23 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-24 19:05 - 2012-03-02 16:42 - 00000000 ____D C:\Users\Tanky\AppData\Roaming\FileZilla
2015-06-24 18:26 - 2012-02-04 15:43 - 00000000 ____D C:\Program Files (x86)\AVG
2015-06-24 15:12 - 2009-07-14 17:47 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2015-06-24 03:34 - 2014-07-28 18:00 - 00004958 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Tanky-PC-Tanky Tanky-PC
2015-06-23 11:23 - 2012-08-28 15:05 - 00000600 _____ C:\Users\Tanky\AppData\Local\PUTTY.RND
2015-06-18 08:41 - 2014-06-26 14:59 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-06-26 14:59 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2012-02-21 23:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-17 13:09 - 2013-07-03 23:09 - 00000000 ____D C:\Program Files (x86)\PDF Compressor
2015-06-17 07:49 - 2012-02-21 23:34 - 00000000 ____D C:\Program Files\Process Lasso
2015-06-13 20:49 - 2015-01-15 02:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-13 01:35 - 2015-05-09 12:10 - 00000000 ____D C:\Windows\rescache
2015-06-12 21:00 - 2012-02-17 03:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-12 21:00 - 2009-07-14 10:34 - 00000513 _____ C:\Windows\win.ini
2015-06-12 20:58 - 2014-07-23 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-06-12 19:38 - 2009-07-14 12:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-10 13:04 - 2015-02-06 14:45 - 00000000 ____D C:\Users\Tanky\Desktop\Office Admin
2015-06-10 12:01 - 2012-03-09 03:18 - 00791464 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 11:28 - 2013-08-14 03:01 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 11:18 - 2012-02-04 16:08 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 17:10 - 2012-02-17 04:54 - 00000000 ____D C:\Program Files (x86)\Everything
2015-06-09 00:17 - 2015-05-08 23:32 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-09 00:16 - 2015-05-08 23:32 - 00001050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-09 00:10 - 2014-08-18 15:13 - 00003206 _____ C:\Windows\System32\Tasks\Defraggler Volume D Task
2015-06-09 00:10 - 2014-08-18 15:12 - 00002560 _____ C:\Windows\System32\Tasks\Defraggler Volume C Task
2015-06-09 00:10 - 2014-08-18 15:12 - 00000406 _____ C:\Windows\Tasks\Defraggler Volume C Task.job
2015-06-09 00:06 - 2015-05-08 22:58 - 00000000 ____D C:\Users\Tanky\AppData\Roaming\TeamViewer
 
==================== Files in the root of some directories =======
 
2012-10-30 12:25 - 2012-10-30 12:25 - 14825544 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-01-04 21:32 - 2014-03-10 23:58 - 0001078 _____ () C:\Users\Tanky\AppData\Roaming\base64.cer
2014-07-31 01:32 - 2014-07-31 01:32 - 0000098 _____ () C:\Users\Tanky\AppData\Roaming\CamStudio.Producer.command
2012-11-15 11:13 - 2013-04-22 18:50 - 0002096 _____ () C:\Users\Tanky\AppData\Roaming\Main_state.xml
2012-03-29 00:21 - 2012-03-29 00:21 - 0051270 _____ () C:\Users\Tanky\AppData\Roaming\room_v3.dat
2014-05-05 18:33 - 2014-05-05 18:33 - 0003584 _____ () C:\Users\Tanky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-28 15:05 - 2015-06-23 11:23 - 0000600 _____ () C:\Users\Tanky\AppData\Local\PUTTY.RND
2012-04-23 03:29 - 2012-04-23 03:29 - 0000218 _____ () C:\Users\Tanky\AppData\Local\recently-used.xbel
2013-03-31 17:35 - 2015-05-22 14:55 - 0007646 _____ () C:\Users\Tanky\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-03 00:22
 
==================== End of log ============================

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:21 AM

Posted 06 July 2015 - 08:37 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [      .netdiskExt0] -> {8A8BC1BD-D897-4CE7-9F60-F93990548F3D} =>  No File
ShellIconOverlayIdentifiers: [      .netdiskExt1] -> {6E2D25A2-5272-4B77-9A1E-6BE1AA5CFCEE} =>  No File
ShellIconOverlayIdentifiers: [      .netdiskExt2] -> {24606D69-91E1-4370-BA41-53174339C1C3} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-277022652-3544325335-1516805295-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-277022652-3544325335-1516805295-1000 -> {44177982-996D-4b79-B29F-5B60E13A5169} URL = http://www.baidu.com/s?wd={searchTerms}&tn=98012088_cb&ch=1&ie=utf-8
SearchScopes: HKU\S-1-5-21-277022652-3544325335-1516805295-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_oem_dg&ch=33
BHO-x32: No Name -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} ->  No File
BHO-x32: No Name -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} ->  No File
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-277022652-3544325335-1516805295-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
FF Plugin-x32: @alipay.com/npalidcp -> C:\Windows\system32\aliedit\3.7.0.0\npalidcp.dll No File
FF Plugin-x32: @alipay.com/npaliedit -> C:\Windows\system32\aliedit\3.7.0.0\npaliedit.dll No File
FF Plugin-x32: @alipay.com/npAliSecCtrl -> C:\Windows\system32\aliedit\3.7.0.0\npAliSecCtrl.dll No File
FF Plugin-x32: @kingsfot.com/npkws -> D:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/npQQPhoneManager -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\1.0.301.1305\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll No File
FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\49\Browser\npXFMiniDLPlugin.dll No File
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll No File
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll No File
FF Plugin HKU\S-1-5-21-277022652-3544325335-1516805295-1000: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll No File
CHR HKU\S-1-5-21-277022652-3544325335-1516805295-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - No Path Or update_url value
S3 QQPMAndroidServer; "C:\Users\Tanky\AppData\Roaming\Tencent\AndroidServer\1.0.0.107\AndroidDaemon.exe" [X]
S0 bootsafe; system32\Drivers\bootsafe64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Users\Tanky\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 HWCore; \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys [X]
S3 ksapi64; \??\C:\Windows\system32\drivers\ksapi64.sys [X]
S3 ksfmonsys; \??\c:\program files (x86)\ksafe\ksfmonsys64.sys [X]
S1 regmon; \??\C:\Program Files (x86)\DriveTheLife2012\regmon64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {37E09732-1CEB-403F-9A71-DED4584E1DBB} - \Launch HTC Sync Loader No Task File <==== ATTENTION
Task: {3B066327-3417-4D18-B266-8C3CFC3CA7EE} - \AVG_SYS_TASK_0814av No Task File <==== ATTENTION
Task: {7A4DE787-5028-499C-862F-3AF6CB4355B6} - \GlaryInitialize No Task File <==== ATTENTION
Task: {87A29443-7E52-422C-9113-D87F6BFF927D} - \{B27307DB-B646-4294-94AA-6937067747B8} No Task File <==== ATTENTION
Task: {8D3445E8-935A-4C66-95B5-688476663F19} - \{D274D198-4439-4AFF-B7B9-755A8293C7B8} No Task File <==== ATTENTION
Task: {DBEDCBCD-6D0B-4088-8A38-C7165ED68CAD} - \魔方守护 No Task File <==== ATTENTION
Task: {ECB5A187-51C9-4815-A380-C86B7DAA240A} - \魔方3 No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D
AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

When did you install this Open Source explorer++?
() C:\Users\Tanky\Desktop\explorer++_1.3.5_x64\Explorer++.exe

Open souce programs can be corrupted if not downloaded from the main source.
===

From the Start/run box execute MSCONFIG
Disable the application.
Click ok or the apply button.
Restart the computer normally.

Any progress?

#6 ftk

ftk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 06 July 2015 - 09:52 PM

Dear nasdaq, 

 

Thank you very much for your kindly reply. 

 

1) I press "Fix" in Farbar which is stored in my desktop, it run and restart afterward, problem still exists.

Please see below fixlog.txt

 

2) I download Explorer++ from developer site (https://explorerplusplus.com/)

 

3) I disable all application and some non-Mirosoft service under MsConfig.  The problem still exists.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-07-2015

Ran by Tanky at 2015-07-07 10:23:08 Run:1
Running from C:\Users\Tanky\Desktop
Loaded Profiles: Tanky (Available Profiles: Tanky)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [      .netdiskExt0] -> {8A8BC1BD-D897-4CE7-9F60-F93990548F3D} =>  No File
ShellIconOverlayIdentifiers: [      .netdiskExt1] -> {6E2D25A2-5272-4B77-9A1E-6BE1AA5CFCEE} =>  No File
ShellIconOverlayIdentifiers: [      .netdiskExt2] -> {24606D69-91E1-4370-BA41-53174339C1C3} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-277022652-3544325335-1516805295-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-277022652-3544325335-1516805295-1000 -> {44177982-996D-4b79-B29F-5B60E13A5169} URL = http://www.baidu.com/s?wd={searchTerms}&tn=98012088_cb&ch=1&ie=utf-8
SearchScopes: HKU\S-1-5-21-277022652-3544325335-1516805295-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_oem_dg&ch=33
BHO-x32: No Name -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} ->  No File
BHO-x32: No Name -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} ->  No File
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-277022652-3544325335-1516805295-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll No File
FF Plugin-x32: @alipay.com/npalidcp -> C:\Windows\system32\aliedit\3.7.0.0\npalidcp.dll No File
FF Plugin-x32: @alipay.com/npaliedit -> C:\Windows\system32\aliedit\3.7.0.0\npaliedit.dll No File
FF Plugin-x32: @alipay.com/npAliSecCtrl -> C:\Windows\system32\aliedit\3.7.0.0\npAliSecCtrl.dll No File
FF Plugin-x32: @kingsfot.com/npkws -> D:\program files (x86)\kingsoft\kingsoft antivirus\npkws.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/npQQPhoneManager -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\1.0.301.1305\npQQPhoneManagerExt.dll No File
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll No File
FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\49\Browser\npXFMiniDLPlugin.dll No File
FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll No File
FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll No File
FF Plugin HKU\S-1-5-21-277022652-3544325335-1516805295-1000: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll No File
CHR HKU\S-1-5-21-277022652-3544325335-1516805295-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - No Path Or update_url value
S3 QQPMAndroidServer; "C:\Users\Tanky\AppData\Roaming\Tencent\AndroidServer\1.0.0.107\AndroidDaemon.exe" [X]
S0 bootsafe; system32\Drivers\bootsafe64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Users\Tanky\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 HWCore; \??\C:\Program Files (x86)\DriveTheLife2012\hwcore.sys [X]
S3 ksapi64; \??\C:\Windows\system32\drivers\ksapi64.sys [X]
S3 ksfmonsys; \??\c:\program files (x86)\ksafe\ksfmonsys64.sys [X]
S1 regmon; \??\C:\Program Files (x86)\DriveTheLife2012\regmon64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {37E09732-1CEB-403F-9A71-DED4584E1DBB} - \Launch HTC Sync Loader No Task File <==== ATTENTION
Task: {3B066327-3417-4D18-B266-8C3CFC3CA7EE} - \AVG_SYS_TASK_0814av No Task File <==== ATTENTION
Task: {7A4DE787-5028-499C-862F-3AF6CB4355B6} - \GlaryInitialize No Task File <==== ATTENTION
Task: {87A29443-7E52-422C-9113-D87F6BFF927D} - \{B27307DB-B646-4294-94AA-6937067747B8} No Task File <==== ATTENTION
Task: {8D3445E8-935A-4C66-95B5-688476663F19} - \{D274D198-4439-4AFF-B7B9-755A8293C7B8} No Task File <==== ATTENTION
Task: {DBEDCBCD-6D0B-4088-8A38-C7165ED68CAD} - \魔方守护 No Task File <==== ATTENTION
Task: {ECB5A187-51C9-4815-A380-C86B7DAA240A} - \魔方3 No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D
AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\      .netdiskExt0" => key removed successfully
HKCR\CLSID\{8A8BC1BD-D897-4CE7-9F60-F93990548F3D} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\      .netdiskExt1" => key removed successfully
HKCR\CLSID\{6E2D25A2-5272-4B77-9A1E-6BE1AA5CFCEE} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\      .netdiskExt2" => key removed successfully
HKCR\CLSID\{24606D69-91E1-4370-BA41-53174339C1C3} => key not found. 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-277022652-3544325335-1516805295-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-277022652-3544325335-1516805295-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44177982-996D-4b79-B29F-5B60E13A5169}" => key removed successfully
HKCR\CLSID\{44177982-996D-4b79-B29F-5B60E13A5169} => key not found. 
"HKU\S-1-5-21-277022652-3544325335-1516805295-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}" => key removed successfully
HKCR\CLSID\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C7334B-5657-41e1-8F79-F6AACECA05F4}" => key removed successfully
HKCR\Wow6432Node\CLSID\{C9C7334B-5657-41e1-8F79-F6AACECA05F4} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDD362CF-523B-4BC9-8FDC-58F93B6BC945}" => key removed successfully
HKCR\Wow6432Node\CLSID\{DDD362CF-523B-4BC9-8FDC-58F93B6BC945} => key not found. 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
HKU\S-1-5-21-277022652-3544325335-1516805295-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found. 
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
"HKLM\Software\MozillaPlugins\@itools.hk/npiTools, version=1.0.0" => key removed successfully
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\MozillaPlugins\@qvod.com/QvodShare" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@alipay.com/npalidcp" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@alipay.com/npaliedit" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@alipay.com/npAliSecCtrl" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@kingsfot.com/npkws" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npAndroidAssistant" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npQQPhoneManager" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/npqscall" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQMiniDLPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QQPhotoDrawEx" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@qq.com/QzoneMusic" => key removed successfully
"HKU\S-1-5-21-277022652-3544325335-1516805295-1000\Software\MozillaPlugins\@qvod.com/QvodInsert" => key removed successfully
C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll not found.
"HKU\S-1-5-21-277022652-3544325335-1516805295-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ochbjojkpcmlfeagbaahkofepalngihg" => key removed successfully
QQPMAndroidServer => Service removed successfully
bootsafe => Service removed successfully
catchme => Service removed successfully
cpuz135 => Service removed successfully
dgderdrv => Service removed successfully
GGSAFERDriver => Service removed successfully
HWCore => Service removed successfully
ksapi64 => Service removed successfully
ksfmonsys => Service removed successfully
regmon => Service removed successfully
Synth3dVsc => Service removed successfully
tsusbhub => Service removed successfully
VBoxNetFlt => Service removed successfully
VGPU => Service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37E09732-1CEB-403F-9A71-DED4584E1DBB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37E09732-1CEB-403F-9A71-DED4584E1DBB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Launch HTC Sync Loader" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B066327-3417-4D18-B266-8C3CFC3CA7EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B066327-3417-4D18-B266-8C3CFC3CA7EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG_SYS_TASK_0814av" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A4DE787-5028-499C-862F-3AF6CB4355B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A4DE787-5028-499C-862F-3AF6CB4355B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlaryInitialize" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87A29443-7E52-422C-9113-D87F6BFF927D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87A29443-7E52-422C-9113-D87F6BFF927D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B27307DB-B646-4294-94AA-6937067747B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D3445E8-935A-4C66-95B5-688476663F19}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D3445E8-935A-4C66-95B5-688476663F19}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D274D198-4439-4AFF-B7B9-755A8293C7B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DBEDCBCD-6D0B-4088-8A38-C7165ED68CAD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBEDCBCD-6D0B-4088-8A38-C7165ED68CAD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\魔方守护" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ECB5A187-51C9-4815-A380-C86B7DAA240A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECB5A187-51C9-4815-A380-C86B7DAA240A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\魔方3" => key removed successfully
C:\ProgramData\TEMP => ":58A5270D" ADS removed successfully.
C:\ProgramData\TEMP => ":9A870F8B" ADS removed successfully.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 10:23:35 ====

Edited by ftk, 06 July 2015 - 10:05 PM.


#7 ftk

ftk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 07 July 2015 - 03:49 AM

Dear nasdaq, 

 
Every time I run the ComboFix.exe I can restore the Desktop for sometimes, please see the latest result log as attached.
 
See if it helps.  Million thanks.

Attached Files


Edited by ftk, 07 July 2015 - 04:14 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:21 AM

Posted 07 July 2015 - 07:41 AM

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 11 - Repair Start Menu Icons Removed by Infections
    12 - Repair Icons
    23 - Repair File Associations (12)
    .. 23.09 - Repair lnk (Shortcut) Associations
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    How is the computer running now?

    =======================


#9 ftk

ftk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 07 July 2015 - 09:44 AM

Dear nasdaq,

 

Thanks.  Please find the _Windows_Repair_Log.txt below:

 

Tweaking.com - Windows Repair v3.2.3
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Ultimate
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: TANKY-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Tanky
Current Profile SID: S-1-5-21-277022652-3544325335-1516805295-1000
Current Profile Classes: S-1-5-21-277022652-3544325335-1516805295-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Tanky\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:13:31
 
Process Count: 31
Commit Total: 1.47 GB
Commit Limit: 15.97 GB
Commit Peak: 1.58 GB
Handle Count: 8471
Kernel Total: 451.59 MB
Kernel Paged: 390.28 MB
Kernel Non Paged: 61.30 MB
System Cache: 1.36 GB
Thread Count: 362
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.98 GB
Memory Used: 1.65 GB(20.6142%)
Memory Avail.: 6.34 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.98 GB
Memory Used: 1.31 GB(16.47%)
Memory Avail.: 6.67 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (7/7/2015 22:37:04)
 
11 - Repair Start Menu Icons Removed By Infections
   Start (7/7/2015 22:37:06)
   Running Repair Under System Account
   Done (7/7/2015 22:37:07)
 
12 - Repair Icons
   Start (7/7/2015 22:37:07)
   Running Repair Under Current User Account
   Done (7/7/2015 22:37:08)
 
23.09 - Repair lnk (Shortcuts) Association
   Start (7/7/2015 22:37:08)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (7/7/2015 22:37:10)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (7/7/2015 22:37:10)
   Total Repair Time: 00:00:08
 
 
...YOU MUST RESTART YOUR SYSTEM...


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:21 AM

Posted 07 July 2015 - 12:57 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 ftk

ftk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 07 July 2015 - 08:49 PM

Dear nasdaq,

 

Nah, the problem still exists after running several tools on the above.  Please help.



#12 ftk

ftk
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 08 July 2015 - 03:46 AM

[Last Update] 

 

The final resolution is, I copied the explorer.exe from my friends PC and overwirte in C:\Windows, the problem solved. 

 

Many thanks for your replies, nasdaq, really appreciated. 


Edited by ftk, 08 July 2015 - 03:46 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:21 AM

Posted 08 July 2015 - 08:19 AM

Nice call.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:21 AM

Posted 14 July 2015 - 08:33 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users