Jump to content

Recommended Posts

Hi my chrome default searching engine is google but recently it automatically change to baidu whenever i close my chrome even after i change back to google.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428
Run by Owner at 15:15:53 on 2013-12-11
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.60.1033.18.3784.1534 [GMT 8:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Users\Owner\Desktop\Garena Plus\ggdllhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Owner\Desktop\Garena Plus\GarenaMessenger.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [GarenaPlus] "C:\Users\Owner\Desktop\Garena Plus\GarenaMessenger.exe" -autolaunch
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{68DCCC17-E19D-4AAC-8DDA-ACCA0D306FE5} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{68DCCC17-E19D-4AAC-8DDA-ACCA0D306FE5} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E8862F50-D661-4558-956D-B5E2A8D58BD4} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{F5CDF32A-24EB-4A06-8172-F98A81AD27A5} : DHCPNameServer = 10.0.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - 
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-10-5 14456]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-11-9 283200]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-10-3 166720]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [2013-10-18 517344]
R2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-12-8 2151200]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-10-3 365376]
R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2013-10-5 1918976]
R3 gzflt;gzflt;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [2013-7-17 138232]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-10-3 805088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-11 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-11 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-28 111616]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-11 25928]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
.
=============== Created Last 30 ================
.
2013-12-11 05:04:31 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-12-11 05:02:08 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-11 05:02:07 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-11 05:02:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-11 00:32:19 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2013-12-10 14:46:05 -------- d-----w- C:\Users\Owner\AppData\Roaming\Tencent
2013-12-10 11:45:31 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9606B562-D8C7-4C65-A9ED-D39C3645A130}\mpengine.dll
2013-12-09 14:02:49 -------- d-----w- C:\Program Files\Lavasoft
2013-12-09 06:39:42 -------- d-----w- C:\Program Files\Common Files\Lavasoft
2013-12-08 01:43:39 -------- d-----w- C:\Program Files\CCleaner
2013-12-08 01:41:37 -------- d-----w- C:\ProgramData\ProductData
2013-12-08 01:40:19 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-13 09:48:07 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-13 09:48:07 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-12 16:48:09 -------- d-----w- C:\Program Files (x86)\GarenaPoE
2013-11-12 12:38:53 -------- d-----w- C:\GarenaDownload
.
==================== Find3M  ====================
.
2013-12-11 05:25:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 05:25:09 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-18 19:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-09 06:46:37 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 09:55:45 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 09:27:00 16896 ----a-w- C:\Windows\AsTaskSched.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH: 15:16:00.27 ===============


==== Installed Programs ======================
.
Ad-Aware Antivirus
AdAwareInstaller
AdAwareUpdater
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.05)  MUI
Advertising Center
AntimalwareEngine
CCleaner
DAEMON Tools Pro
Garena - Path of Exile
Google Chrome
Google Update Helper
ImagXpress
Intel® Management Engine Components
Intel® Processor Graphics
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Kingsoft Office 2013 (9.1.0.4246)
Malwarebytes Anti-Malware version 1.75.0.1300
Menu Templates - Starter Kit
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Nero 9 Essentials
Nero ControlCenter
Nero Express Help
Nero Installer
Nero Online Upgrade
Nero StartSmart OEM
NeroExpress
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Skype™ 6.11
TL-WN822N Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
WinRAR 5.00 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
8/12/2013 9:40:29 AM, Error: Service Control Manager [7030]  - The Advanced SystemCare Service 7 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
8/12/2013 9:39:12 AM, Error: Service Control Manager [7034]  - The Advanced SystemCare Service 6 service terminated unexpectedly.  It has done this 1 time(s).
6/12/2013 8:48:00 PM, Error: Microsoft Antimalware [2001]  - 
6/12/2013 8:43:56 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume L:.
6/12/2013 8:43:45 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/12/2013 8:43:15 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
6/12/2013 8:42:45 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
11/12/2013 8:31:23 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/12/2013 8:31:23 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
11/12/2013 8:31:23 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/12/2013 2:39:25 PM, Error: Service Control Manager [7034]  - The Advanced SystemCare Service 7 service terminated unexpectedly.  It has done this 1 time(s).
11/12/2013 2:24:26 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/12/2013 2:24:26 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
11/12/2013 2:22:33 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126
11/12/2013 10:37:37 AM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

  • Root Admin

I see from an error in the Event Logs you're running a product from the Chinese company iObit

 

==== Event Viewer Messages From Past Week ========
.
8/12/2013 9:40:29 AM, Error: Service Control Manager [7030]  - The Advanced SystemCare Service 7 service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
The company behind this product was found to be stealing our database.
Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.
Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

 
Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera
 
 

Then reboot your computer and run MBAM and check for updates and run a Quick Scan and post back the log please.
 
Link to post
Share on other sites

First of all, thanks for the help so far! So far the search engine stop changing to baidu after i closed my chrome. I would also like to ask for help to remove the product from iObit. 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.11.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Owner :: SIEG [administrator]
 
Protection: Enabled
 
11/12/2013 9:22:14 PM
mbam-log-2013-12-11 (21-22-14).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202286
Time elapsed: 4 minute(s), 1 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

  • Root Admin

You should be able to go into your Control Panel, Add/Remove and then find Advanced System Care and select it to uninstall.

Once done then reboot the computer and run the following scanner for me.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Link to post
Share on other sites

Advance System Care is removed however there is still a IObit softare call liveupdate is not found in the Add/Remove and thus cannot be remove. 
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2013
Ran by Owner (administrator) on SIEG on 12-12-2013 08:22:24
Running from C:\Users\Owner\Desktop
Windows 7 Home Basic Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Users\Owner\Desktop\Garena Plus\ggdllhost.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\Owner\Desktop\Garena Plus\GarenaMessenger.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6843024 2012-10-29] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [] - [x]
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareTray.exe [2493272 2013-10-18] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [GarenaPlus] - C:\Users\Owner\Desktop\Garena Plus\GarenaMessenger.exe [9890608 2013-11-21] ()
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
MountPoints2: {3bb67d7c-2dc1-11e3-853d-74d02bc62f58} - J:\setup.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD5885CCC73F6CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-MY
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{68DCCC17-E19D-4AAC-8DDA-ACCA0D306FE5}: [NameServer]8.8.8.8,8.8.4.4
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (\u4F18\u9177\u571F\u8C46\u6D77\u5916\u7248) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfdgnnclfnickpplhpeaeeaphlbplnmj\2013.12.6_0
CHR Extension: (Tampermonkey) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\3.5.3630.77_0
CHR Extension: (MouseHunt AutoBot) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgifpdckjdccaagjmjnbggkicanonngc\1.28_0
CHR Extension: (Domain Error Assistant) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.2_0
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx
 
==================== Services (Whitelisted) =================
 
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe [517344 2013-10-18] ()
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-11-09] (DT Soft Ltd)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-10-05] (GFI Software)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\2.6.0.0\gzflt.sys [138232 2013-07-17] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [329800 2013-07-17] (BitDefender S.R.L.)
S3 GGSAFERDriver; \??\C:\Users\Owner\Desktop\Garena Plus\Room\safedrv.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-12-12 08:22 - 2013-12-12 08:23 - 00007648 _____ C:\Users\Owner\Desktop\FRST.txt
2013-12-12 08:22 - 2013-12-12 08:22 - 00000000 ____D C:\FRST
2013-12-12 08:19 - 2013-12-12 08:20 - 01926944 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-12-12 00:02 - 2013-12-12 00:02 - 01205292 _____ C:\Users\Owner\Downloads\FIN3024_5(1).pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00322001 _____ C:\Users\Owner\Downloads\FIN3024_3(1).pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00256463 _____ C:\Users\Owner\Downloads\FIN3024_12(1).pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00254772 _____ C:\Users\Owner\Downloads\FIN3024_11 Revised.pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00252985 _____ C:\Users\Owner\Downloads\FIN3024_1.pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00204276 _____ C:\Users\Owner\Downloads\FIN3024_7and8(1).pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00169738 _____ C:\Users\Owner\Downloads\FIN3024_9(1).pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00135569 _____ C:\Users\Owner\Downloads\FIN3024_4(1).pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00134799 _____ C:\Users\Owner\Downloads\FIN3024_6(1).pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00129298 _____ C:\Users\Owner\Downloads\FIN3024_2(1).pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00115445 _____ C:\Users\Owner\Downloads\IM Workshop_5(1).xlsx
2013-12-12 00:02 - 2013-12-12 00:02 - 00108320 _____ C:\Users\Owner\Downloads\FIN 3024_10.pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00025418 _____ C:\Users\Owner\Downloads\Tutorials 7 and 8 Solutions(1).xlsx
2013-12-11 15:16 - 2013-12-11 15:16 - 00012109 _____ C:\Users\Owner\Desktop\dds.txt
2013-12-11 14:51 - 2013-12-11 15:16 - 00005983 _____ C:\Users\Owner\Desktop\attach.txt
2013-12-11 14:42 - 2013-12-11 14:42 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2013-12-11 14:42 - 2013-12-11 14:42 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2013-12-11 14:39 - 2013-12-11 14:39 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-11 14:39 - 2013-12-11 14:39 - 00000000 ____D C:\ProgramData\Razer
2013-12-11 14:22 - 2013-12-12 08:12 - 00003496 _____ C:\Windows\System32\Tasks\gg_uac_daemon_Owner
2013-12-11 14:22 - 2013-12-12 08:12 - 00000168 _____ C:\Windows\setupact.log
2013-12-11 14:22 - 2013-12-11 21:18 - 00002754 _____ C:\Windows\PFRO.log
2013-12-11 14:22 - 2013-12-11 14:22 - 00000000 _____ C:\Windows\setuperr.log
2013-12-11 13:04 - 2013-12-11 13:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-12-11 13:02 - 2013-12-11 13:02 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-11 13:02 - 2013-12-11 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-11 13:02 - 2013-12-11 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-11 13:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-11 13:00 - 2013-12-11 13:00 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-11 12:56 - 2013-12-11 12:56 - 00002668 _____ C:\Users\Owner\Desktop\RKreport[0]_S_12112013_125601.txt
2013-12-11 12:52 - 2013-12-11 13:04 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine
2013-12-11 12:49 - 2013-12-11 12:49 - 00891200 _____ C:\Users\Owner\Downloads\SecurityCheck.exe
2013-12-11 12:47 - 2013-12-11 12:47 - 04166144 _____ C:\Users\Owner\Downloads\RogueKillerX64.exe
2013-12-11 10:33 - 2013-12-11 10:33 - 00007605 _____ C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2013-12-10 22:46 - 2013-12-10 22:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Tencent
2013-12-10 22:32 - 2013-12-10 22:36 - 03045288 _____ C:\Users\Owner\Downloads\bns_1.72.4010.4_setup_signed_TDL_signed_New2.exe
2013-12-10 11:31 - 2013-12-10 11:31 - 00726528 _____ C:\Users\Owner\Downloads\Chap024.ppt
2013-12-10 11:24 - 2013-12-10 11:24 - 00934912 _____ C:\Users\Owner\Downloads\Chap009.ppt
2013-12-10 11:24 - 2013-12-10 11:24 - 00871424 _____ C:\Users\Owner\Downloads\Chap017.ppt
2013-12-10 11:24 - 2013-12-10 11:24 - 00815616 _____ C:\Users\Owner\Downloads\Chap016 (1).ppt
2013-12-10 11:04 - 2013-12-10 11:04 - 01093120 _____ C:\Users\Owner\Downloads\Chap018.ppt
2013-12-10 10:52 - 2013-12-10 10:52 - 00745472 _____ C:\Users\Owner\Downloads\Chap019.ppt
2013-12-10 10:51 - 2013-12-10 10:51 - 00815616 _____ C:\Users\Owner\Downloads\Chap016.ppt
2013-12-10 00:24 - 2013-12-10 00:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Lavasoft
2013-12-09 22:03 - 2013-12-09 22:03 - 00001334 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-12-09 22:02 - 2013-12-09 22:02 - 00000000 ____D C:\Program Files\Lavasoft
2013-12-09 16:23 - 2013-12-09 16:48 - 05726880 _____ C:\Users\Owner\Downloads\bns_setup_17240142_17240144_signed.exe
2013-12-09 14:40 - 2013-12-09 14:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-09 14:39 - 2013-12-09 14:39 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2013-12-09 14:38 - 2013-12-09 14:38 - 01723528 _____ C:\Users\Owner\Downloads\Adaware_Installer.exe
2013-12-09 14:37 - 2013-12-09 14:37 - 00000000 ____D C:\Users\Owner\Desktop\New folder
2013-12-09 14:34 - 2013-07-30 12:04 - 00001003 ____N C:\Users\Owner\Desktop\README.txt
2013-12-09 01:56 - 2013-12-09 01:56 - 00000000 _____ C:\search.sqlite
2013-12-09 01:56 - 2013-12-09 01:56 - 00000000 _____ C:\prefs.js
2013-12-09 01:17 - 2013-12-09 01:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-08 21:48 - 2013-12-08 21:48 - 00000000 ____D C:\Users\Owner\Desktop\Lynas
2013-12-08 21:44 - 2013-12-08 21:44 - 02457386 _____ C:\Users\Owner\Downloads\Class Materials (1).zip
2013-12-08 21:42 - 2013-12-09 01:18 - 00000000 ____D C:\Users\Owner\Desktop\Tax
2013-12-08 09:48 - 2013-12-08 09:48 - 00003189 _____ C:\Users\Owner\Downloads\filters_modernwarfare.zip
2013-12-08 09:48 - 2013-12-08 09:48 - 00002905 _____ C:\Users\Owner\Downloads\filters_midfieldmaestro.zip
2013-12-08 09:43 - 2013-12-08 09:43 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-08 09:43 - 2013-12-08 09:43 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-08 09:43 - 2013-12-08 09:43 - 00000000 ____D C:\Program Files\CCleaner
2013-12-08 09:41 - 2013-12-09 14:42 - 00000000 ____D C:\ProgramData\ProductData
2013-12-08 09:40 - 2013-12-08 09:40 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-08 09:39 - 2013-12-08 09:40 - 04618136 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup408.exe
2013-12-07 14:36 - 2013-12-07 14:36 - 158489213 _____ C:\Users\Owner\Downloads\MGQ Part 3v1.0.rar
2013-12-05 22:04 - 2013-12-06 00:22 - 00000086 _____ C:\Users\Owner\Desktop\New Text Document.txt
2013-11-29 23:05 - 2013-11-29 23:06 - 00000000 ____D C:\Users\Owner\Desktop\Sunway
2013-11-29 23:01 - 2013-11-29 23:02 - 00000000 ____D C:\Users\Owner\Desktop\Micros
2013-11-28 00:27 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-28 00:25 - 2013-11-28 00:25 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-28 00:25 - 2013-11-28 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-28 00:25 - 2013-11-28 00:25 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-28 00:25 - 2013-11-28 00:25 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-28 00:25 - 2013-11-28 00:25 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-28 00:25 - 2013-11-28 00:25 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-28 00:25 - 2013-11-28 00:25 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-28 00:25 - 2013-11-28 00:25 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-28 00:25 - 2013-11-28 00:25 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-28 00:25 - 2013-11-28 00:25 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-28 00:25 - 2013-11-28 00:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-24 22:00 - 2013-11-24 22:58 - 622723135 _____ C:\Users\Owner\Downloads\HY's 60th.zip
2013-11-18 20:47 - 2013-11-18 20:47 - 07840256 _____ C:\Users\Owner\Downloads\08 The Workplace (1) Basic Issues(1).ppt
2013-11-17 22:34 - 2013-11-17 22:34 - 00084311 _____ C:\Users\Owner\Downloads\Historical Data of Economic Indictors.pptx
2013-11-16 15:57 - 2013-12-08 22:03 - 00000000 ____D C:\Users\Owner\Desktop\Class Materials
2013-11-16 15:57 - 2013-11-16 15:57 - 02457386 _____ C:\Users\Owner\Downloads\Class Materials.zip
2013-11-15 22:02 - 2013-11-15 22:03 - 08265712 _____ C:\Users\Owner\Downloads\DotA v6.78c.w3x
2013-11-14 22:07 - 2013-11-14 22:07 - 00000000 ____D C:\Users\Owner\Documents\My Games
2013-11-14 10:06 - 2013-11-14 10:06 - 00656139 _____ C:\Users\Owner\Downloads\SUBS Internship Jan-Mar 2014 (1).7z
2013-11-14 10:02 - 2013-11-14 10:02 - 01832795 _____ C:\Users\Owner\Downloads\Internship Company list and forms (1).zip
2013-11-13 17:48 - 2013-10-06 04:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 17:48 - 2013-10-06 03:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 17:47 - 2013-10-12 10:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 17:47 - 2013-10-12 10:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 17:47 - 2013-10-12 10:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 17:47 - 2013-10-12 10:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 17:47 - 2013-10-12 10:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 17:47 - 2013-10-04 10:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 17:47 - 2013-10-04 10:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 17:47 - 2013-10-04 10:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 17:47 - 2013-10-04 09:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 17:47 - 2013-10-04 09:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 17:47 - 2013-10-04 09:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 17:47 - 2013-10-03 10:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 17:47 - 2013-10-03 10:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 17:47 - 2013-09-28 09:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 17:47 - 2013-09-25 10:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 17:47 - 2013-09-25 10:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 17:47 - 2013-09-25 10:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 17:47 - 2013-09-25 10:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 17:47 - 2013-09-25 10:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 17:47 - 2013-09-25 10:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 17:47 - 2013-09-25 10:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 17:47 - 2013-09-25 10:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 17:47 - 2013-09-25 09:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 17:47 - 2013-09-25 09:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 17:47 - 2013-09-25 09:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 17:47 - 2013-09-25 09:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 17:47 - 2013-09-25 09:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 17:47 - 2013-07-04 20:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 15:59 - 2013-11-13 16:00 - 00656139 _____ C:\Users\Owner\Downloads\SUBS Internship Jan-Mar 2014.7z
2013-11-13 00:53 - 2013-11-13 00:53 - 00001036 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2013-11-13 00:48 - 2013-11-15 22:40 - 00000000 ____D C:\Program Files (x86)\GarenaPoE
2013-11-12 20:38 - 2013-11-12 20:38 - 00000000 ____D C:\GarenaDownload
 
==================== One Month Modified Files and Folders =======
 
2013-12-12 08:23 - 2013-12-12 08:22 - 00007648 _____ C:\Users\Owner\Desktop\FRST.txt
2013-12-12 08:22 - 2013-12-12 08:22 - 00000000 ____D C:\FRST
2013-12-12 08:22 - 2013-10-05 17:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-12-12 08:20 - 2013-12-12 08:19 - 01926944 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2013-12-12 08:20 - 2013-10-03 17:18 - 01904298 _____ C:\Windows\WindowsUpdate.log
2013-12-12 08:20 - 2009-07-14 12:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-12 08:20 - 2009-07-14 12:45 - 00021840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-12 08:19 - 2013-10-05 17:40 - 00000000 ____D C:\Program Files (x86)\IObit
2013-12-12 08:17 - 2013-10-05 17:52 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-12 08:16 - 2013-10-05 20:38 - 00000000 ____D C:\Users\Owner\AppData\Roaming\GarenaPlus
2013-12-12 08:16 - 2013-10-05 20:38 - 00000000 ____D C:\ProgramData\GarenaMessenger
2013-12-12 08:13 - 2013-10-04 11:12 - 00000374 _____ C:\Windows\Tasks\WpsUpdateTask_Owner.job
2013-12-12 08:12 - 2013-12-11 14:22 - 00003496 _____ C:\Windows\System32\Tasks\gg_uac_daemon_Owner
2013-12-12 08:12 - 2013-12-11 14:22 - 00000168 _____ C:\Windows\setupact.log
2013-12-12 08:12 - 2013-10-05 17:52 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-12 08:12 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-12 01:24 - 2013-10-03 20:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-12 00:02 - 2013-12-12 00:02 - 01205292 _____ C:\Users\Owner\Downloads\FIN3024_5(1).pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00322001 _____ C:\Users\Owner\Downloads\FIN3024_3(1).pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00256463 _____ C:\Users\Owner\Downloads\FIN3024_12(1).pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00254772 _____ C:\Users\Owner\Downloads\FIN3024_11 Revised.pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00252985 _____ C:\Users\Owner\Downloads\FIN3024_1.pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00204276 _____ C:\Users\Owner\Downloads\FIN3024_7and8(1).pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00169738 _____ C:\Users\Owner\Downloads\FIN3024_9(1).pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00135569 _____ C:\Users\Owner\Downloads\FIN3024_4(1).pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00134799 _____ C:\Users\Owner\Downloads\FIN3024_6(1).pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00129298 _____ C:\Users\Owner\Downloads\FIN3024_2(1).pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00115445 _____ C:\Users\Owner\Downloads\IM Workshop_5(1).xlsx
2013-12-12 00:02 - 2013-12-12 00:02 - 00108320 _____ C:\Users\Owner\Downloads\FIN 3024_10.pptx
2013-12-12 00:02 - 2013-12-12 00:02 - 00025418 _____ C:\Users\Owner\Downloads\Tutorials 7 and 8 Solutions(1).xlsx
2013-12-11 21:18 - 2013-12-11 14:22 - 00002754 _____ C:\Windows\PFRO.log
2013-12-11 15:16 - 2013-12-11 15:16 - 00012109 _____ C:\Users\Owner\Desktop\dds.txt
2013-12-11 15:16 - 2013-12-11 14:51 - 00005983 _____ C:\Users\Owner\Desktop\attach.txt
2013-12-11 14:59 - 2013-10-05 18:30 - 00000000 ____D C:\Users\Owner\Desktop\DL
2013-12-11 14:55 - 2013-10-05 19:20 - 00000000 ____D C:\Users\Owner\Desktop\Games
2013-12-11 14:46 - 2013-10-05 18:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2013-12-11 14:42 - 2013-12-11 14:42 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.scr
2013-12-11 14:42 - 2013-12-11 14:42 - 00688992 ____R (Swearware) C:\Users\Owner\Downloads\dds.com
2013-12-11 14:39 - 2013-12-11 14:39 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2013-12-11 14:39 - 2013-12-11 14:39 - 00000000 ____D C:\ProgramData\Razer
2013-12-11 14:39 - 2013-10-05 17:40 - 00000000 ____D C:\ProgramData\IObit
2013-12-11 14:38 - 2009-07-14 13:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-11 14:22 - 2013-12-11 14:22 - 00000000 _____ C:\Windows\setuperr.log
2013-12-11 13:25 - 2013-10-03 20:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 13:25 - 2013-10-03 20:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 13:25 - 2013-10-03 20:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 13:04 - 2013-12-11 13:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-12-11 13:04 - 2013-12-11 12:52 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine
2013-12-11 13:02 - 2013-12-11 13:02 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-11 13:02 - 2013-12-11 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-11 13:02 - 2013-12-11 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-11 13:00 - 2013-12-11 13:00 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Owner\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-11 12:56 - 2013-12-11 12:56 - 00002668 _____ C:\Users\Owner\Desktop\RKreport[0]_S_12112013_125601.txt
2013-12-11 12:49 - 2013-12-11 12:49 - 00891200 _____ C:\Users\Owner\Downloads\SecurityCheck.exe
2013-12-11 12:47 - 2013-12-11 12:47 - 04166144 _____ C:\Users\Owner\Downloads\RogueKillerX64.exe
2013-12-11 10:33 - 2013-12-11 10:33 - 00007605 _____ C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2013-12-10 22:46 - 2013-12-10 22:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Tencent
2013-12-10 22:36 - 2013-12-10 22:32 - 03045288 _____ C:\Users\Owner\Downloads\bns_1.72.4010.4_setup_signed_TDL_signed_New2.exe
2013-12-10 11:31 - 2013-12-10 11:31 - 00726528 _____ C:\Users\Owner\Downloads\Chap024.ppt
2013-12-10 11:24 - 2013-12-10 11:24 - 00934912 _____ C:\Users\Owner\Downloads\Chap009.ppt
2013-12-10 11:24 - 2013-12-10 11:24 - 00871424 _____ C:\Users\Owner\Downloads\Chap017.ppt
2013-12-10 11:24 - 2013-12-10 11:24 - 00815616 _____ C:\Users\Owner\Downloads\Chap016 (1).ppt
2013-12-10 11:04 - 2013-12-10 11:04 - 01093120 _____ C:\Users\Owner\Downloads\Chap018.ppt
2013-12-10 10:52 - 2013-12-10 10:52 - 00745472 _____ C:\Users\Owner\Downloads\Chap019.ppt
2013-12-10 10:51 - 2013-12-10 10:51 - 00815616 _____ C:\Users\Owner\Downloads\Chap016.ppt
2013-12-10 00:27 - 2013-10-05 10:20 - 00001945 _____ C:\Windows\epplauncher.mif
2013-12-10 00:24 - 2013-12-10 00:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Lavasoft
2013-12-09 22:05 - 2013-10-03 17:18 - 00000000 ____D C:\Users\Owner
2013-12-09 22:03 - 2013-12-09 22:03 - 00001334 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2013-12-09 22:02 - 2013-12-09 22:02 - 00000000 ____D C:\Program Files\Lavasoft
2013-12-09 16:48 - 2013-12-09 16:23 - 05726880 _____ C:\Users\Owner\Downloads\bns_setup_17240142_17240144_signed.exe
2013-12-09 14:43 - 2013-10-05 17:59 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-12-09 14:42 - 2013-12-08 09:41 - 00000000 ____D C:\ProgramData\ProductData
2013-12-09 14:40 - 2013-12-09 14:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-09 14:39 - 2013-12-09 14:39 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2013-12-09 14:38 - 2013-12-09 14:38 - 01723528 _____ C:\Users\Owner\Downloads\Adaware_Installer.exe
2013-12-09 14:38 - 2013-10-05 17:59 - 00000000 ____D C:\ProgramData\Lavasoft
2013-12-09 14:37 - 2013-12-09 14:37 - 00000000 ____D C:\Users\Owner\Desktop\New folder
2013-12-09 01:56 - 2013-12-09 01:56 - 00000000 _____ C:\search.sqlite
2013-12-09 01:56 - 2013-12-09 01:56 - 00000000 _____ C:\prefs.js
2013-12-09 01:21 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-09 01:18 - 2013-12-08 21:42 - 00000000 ____D C:\Users\Owner\Desktop\Tax
2013-12-09 01:17 - 2013-12-09 01:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-12-08 22:03 - 2013-11-16 15:57 - 00000000 ____D C:\Users\Owner\Desktop\Class Materials
2013-12-08 21:48 - 2013-12-08 21:48 - 00000000 ____D C:\Users\Owner\Desktop\Lynas
2013-12-08 21:44 - 2013-12-08 21:44 - 02457386 _____ C:\Users\Owner\Downloads\Class Materials (1).zip
2013-12-08 10:17 - 2013-10-04 07:41 - 00000000 ____D C:\Windows\Panther
2013-12-08 09:48 - 2013-12-08 09:48 - 00003189 _____ C:\Users\Owner\Downloads\filters_modernwarfare.zip
2013-12-08 09:48 - 2013-12-08 09:48 - 00002905 _____ C:\Users\Owner\Downloads\filters_midfieldmaestro.zip
2013-12-08 09:43 - 2013-12-08 09:43 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-08 09:43 - 2013-12-08 09:43 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-08 09:43 - 2013-12-08 09:43 - 00000000 ____D C:\Program Files\CCleaner
2013-12-08 09:40 - 2013-12-08 09:40 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-08 09:40 - 2013-12-08 09:39 - 04618136 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup408.exe
2013-12-08 09:40 - 2013-10-05 17:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IObit
2013-12-07 14:36 - 2013-12-07 14:36 - 158489213 _____ C:\Users\Owner\Downloads\MGQ Part 3v1.0.rar
2013-12-06 14:12 - 2013-10-05 17:52 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 14:12 - 2013-10-05 17:52 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-06 00:22 - 2013-12-05 22:04 - 00000086 _____ C:\Users\Owner\Desktop\New Text Document.txt
2013-12-05 12:11 - 2013-10-05 19:53 - 00000000 ____D C:\Users\Owner\Desktop\Garena Plus
2013-12-04 08:26 - 2013-10-05 17:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-04 08:26 - 2013-10-05 17:56 - 00000000 ____D C:\ProgramData\Skype
2013-12-01 11:13 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2013-11-29 23:11 - 2013-10-05 23:49 - 00000000 ____D C:\Users\Owner\AppData\Local\Sports Interactive
2013-11-29 23:06 - 2013-11-29 23:05 - 00000000 ____D C:\Users\Owner\Desktop\Sunway
2013-11-29 23:02 - 2013-11-29 23:01 - 00000000 ____D C:\Users\Owner\Desktop\Micros
2013-11-28 16:50 - 2013-10-03 17:19 - 00001413 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-28 16:49 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-28 00:25 - 2013-11-28 00:25 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-28 00:25 - 2013-11-28 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-28 00:25 - 2013-11-28 00:25 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-28 00:25 - 2013-11-28 00:25 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-28 00:25 - 2013-11-28 00:25 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-28 00:25 - 2013-11-28 00:25 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-28 00:25 - 2013-11-28 00:25 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-28 00:25 - 2013-11-28 00:25 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-28 00:25 - 2013-11-28 00:25 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-28 00:25 - 2013-11-28 00:25 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-28 00:25 - 2013-11-28 00:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-28 00:25 - 2013-11-28 00:25 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-28 00:25 - 2013-11-28 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-24 22:58 - 2013-11-24 22:00 - 622723135 _____ C:\Users\Owner\Downloads\HY's 60th.zip
2013-11-19 03:33 - 2010-11-21 11:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-18 20:47 - 2013-11-18 20:47 - 07840256 _____ C:\Users\Owner\Downloads\08 The Workplace (1) Basic Issues(1).ppt
2013-11-17 22:34 - 2013-11-17 22:34 - 00084311 _____ C:\Users\Owner\Downloads\Historical Data of Economic Indictors.pptx
2013-11-16 15:57 - 2013-11-16 15:57 - 02457386 _____ C:\Users\Owner\Downloads\Class Materials.zip
2013-11-15 22:40 - 2013-11-13 00:48 - 00000000 ____D C:\Program Files (x86)\GarenaPoE
2013-11-15 22:03 - 2013-11-15 22:02 - 08265712 _____ C:\Users\Owner\Downloads\DotA v6.78c.w3x
2013-11-14 22:07 - 2013-11-14 22:07 - 00000000 ____D C:\Users\Owner\Documents\My Games
2013-11-14 10:06 - 2013-11-14 10:06 - 00656139 _____ C:\Users\Owner\Downloads\SUBS Internship Jan-Mar 2014 (1).7z
2013-11-14 10:02 - 2013-11-14 10:02 - 01832795 _____ C:\Users\Owner\Downloads\Internship Company list and forms (1).zip
2013-11-14 01:09 - 2013-10-03 18:59 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 01:08 - 2013-10-03 18:59 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 16:00 - 2013-11-13 15:59 - 00656139 _____ C:\Users\Owner\Downloads\SUBS Internship Jan-Mar 2014.7z
2013-11-13 00:53 - 2013-11-13 00:53 - 00001036 _____ C:\Users\Public\Desktop\Path of Exile.lnk
2013-11-12 20:38 - 2013-11-12 20:38 - 00000000 ____D C:\GarenaDownload
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\ntdll_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-10 00:13
 
==================== End Of Log ============================

attach.txt

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2013

Ran by Owner at 2013-12-12 09:42:56 Run:1

Running from C:\Users\Owner\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

C:\Program Files (x86)\IObit

C:\Program Files (x86)\Common Files\Spigot

HKLM\...\Run: [] - [x]

MountPoints2: {3bb67d7c-2dc1-11e3-853d-74d02bc62f58} - J:\setup.exe

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/

BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File

CHR Extension: (\u4F18\u9177\u571F\u8C46\u6D77\u5916\u7248) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfdgnnclfnickpplhpeaeeaphlbplnmj\2013.12.6_0

CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx

CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx

CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx

CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)

C:\search.sqlite

C:\prefs.js

C:\Users\Owner\AppData\Local\Temp\ntdll_dump.dll

 

*****************

 

C:\Program Files (x86)\IObit => Moved successfully.

C:\Program Files (x86)\Common Files\Spigot => Moved successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bb67d7c-2dc1-11e3-853d-74d02bc62f58} => Key deleted successfully.

HKCR\CLSID\{3bb67d7c-2dc1-11e3-853d-74d02bc62f58} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => Value deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key deleted successfully.

HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => Key deleted successfully.

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfdgnnclfnickpplhpeaeeaphlbplnmj => Moved successfully.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj => Key deleted successfully.

"C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx" => File/Directory not found.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => Key deleted successfully.

"C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx" => File/Directory not found.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => Key deleted successfully.

"C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx" => File/Directory not found.

HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp => Key deleted successfully.

"C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx" => File/Directory not found.

LiveUpdateSvc => Service deleted successfully.

C:\search.sqlite => Moved successfully.

C:\prefs.js => Moved successfully.

C:\Users\Owner\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.

 

 

The system needs a manual reboot. 

 

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Please restart the computer.

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
Then let me know if you're still having any issue or not.
Link to post
Share on other sites

  • Root Admin

At this time there are no more signs of an infection on your system.

However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.

They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.

It will also reset your System Restore by flushing out previous restore points and create a new restore point.

It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png

Remove the rest of the tools used:

Please download OTCleanIt and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

AdwCleaner Removal:

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
ESET antivirus Removal:
  • This tool can be uninstalled via the Control Panel, Programs, Uninstall

If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.

How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers

How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.

Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.