Thank you very much, Dave.
Hi, Broni.
Here's the frst log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Rachel (administrator) on RACHEL-PC on 29-07-2014 10:02:05
Running from C:\Users\Rachel\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: 中文 (繁體,香港特別行政區)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version:
https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(深圳市迅雷网络技术有限公司) C:\Users\Public\Thunder Network\KKVideo\Core\Program\KKV.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Akamai Technologies, Inc.) C:\Users\Rachel\AppData\Local\Akamai\netsession_win.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Akamai Technologies, Inc.) C:\Users\Rachel\AppData\Local\Akamai\netsession_win.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2005-05-23] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-16] (AVAST Software)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-07-18] (Comodo Security Solutions, Inc.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-02-11] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-643212585-2591526618-1564776100-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Rachel\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-643212585-2591526618-1564776100-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-643212585-2591526618-1564776100-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-643212585-2591526618-1564776100-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics)
HKU\S-1-5-21-643212585-2591526618-1564776100-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-643212585-2591526618-1564776100-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-643212585-2591526618-1564776100-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-643212585-2591526618-1564776100-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
ShellIconOverlayIdentifiers: !IconOverlay_Conflict -> {486C8576-C2C5-42AD-87C6-5E9681633935} => C:\Users\Rachel\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: !IconOverlay_ForbidSync -> {683617F1-0DD4-4B24-B87F-73CE23B8440C} => C:\Users\Rachel\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: !IconOverlay_LargeFile -> {6B3CB227-0A30-418E-A673-FF1F142D9327} => C:\Users\Rachel\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: !IconOverlay_Synced -> {B2AF7140-40A1-449E-82B9-2C0876C97AF4} => C:\Users\Rachel\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: !IconOverlay_Syncing -> {F3E9E0C3-F30E-4EB1-9926-A5DA9DC2F68D} => C:\Users\Rachel\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: .XLKKDesktopIcon -> {4DB0021B-1EC2-4C31-BD79-FEA2892EEB43} => C:\Users\Public\Thunder Network\KKVideo\Addins\KKVIconHandler64.dll (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 115ErrorOverlayIcon -> {361F6990-0582-4B1B-88D1-294640A2AB65} => C:\Program Files (x86)\115\115com\Shell_x64.dll (广东一一五科技有限公司)
ShellIconOverlayIdentifiers: 115ProcessOverlayIcon -> {52F2EEDF-65F7-4685-8C30-10F56E1080E6} => C:\Program Files (x86)\115\115com\Shell_x64.dll (广东一一五科技有限公司)
ShellIconOverlayIdentifiers: 115SucceedOverlayIcon -> {E6DDA755-8C6C-4D06-8765-FEA0DC7F2660} => C:\Program Files (x86)\115\115com\Shell_x64.dll (广东一一五科技有限公司)
ShellIconOverlayIdentifiers-x32: AAADesktopTips -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(292).dll (深圳市迅雷网络技术有限公司)
GroupPolicyUsers\S-1-5-21-643212585-2591526618-1564776100-1001\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: 捃濘狟婥盓厥 -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.24.4804.dll (深圳市迅雷网络技术有限公司)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> No File
BHO-x32: WebDetectorBHO Class -> {43BEAFD9-E005-483D-A367-146BA6C8A32E} -> C:\Program Files (x86)\Tudou\滄厒Tudou\tudouDetector.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: 捃濘狟婥盓厥郪璃 -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll (深圳市迅雷网络技术有限公司)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258}
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AE90874A-C851-4864-9C4D-3EBC134868C5}: [NameServer]156.154.70.25,156.154.71.25
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @115.com/CheckPluginEx - C:\Program Files (x86)\115\115com\np_115download_plugin.dll (115.COM Inc.)
FF Plugin-x32: @baidu.com/npxbdsetup - C:\Windows\Downloaded Program Files\4611046\npxbdsetup.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pptv.com/plugin - C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @xunlei.com/DapCtrl - C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(296).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF Plugin-x32: @xunlei.com/npxluser - C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 - C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files (x86)\AliWangWang\8.00.34C\npAliSSOLogin.dll (ÌÔ±¦£¨Öйú£©Èí¼þÓÐÏÞ¹«Ë¾)
FF Plugin HKCU: @alibaba.com/npwangwang;version=1.0 - C:\Program Files (x86)\AliWangWang\8.00.34C\npwangwang.dll ( )
FF Plugin HKCU: @xunlei.com/npxluser - C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin HKCU: @xunlei.com/npxunlei;version=1.0.0.2 - C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF HKLM-x32\...\Firefox\Extensions: [
wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-16]
Chrome:
=======
CHR HomePage:
CHR StartupUrls: "
https://www.google.com.hk/?gfe_rd=cr&ei=8vy9U-gyi4vxB4akgYgL"
CHR DefaultSearchKeyword: google.com.hk
CHR Plugin: (Shockwave Flash) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll ()
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (115 Check Plugin Ex) - C:\Program Files (x86)\115\115com\np_115download_plugin.dll (115.COM Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AliSSOLogin plugin) - C:\Program Files (x86)\AliWangWang\7.21.18C\npAliSSOLogin.dll (ÌÔ±¦£¨Öйú£©Èí¼þÓÐÏÞ¹«Ë¾)
CHR Plugin: (AliWangWang Plug-In For Firefox and Netscape) - C:\Program Files (x86)\AliWangWang\7.21.18C\npwangwang.dll ( )
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (PPLive PPTV Plugin) - C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.600.19) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U60) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (BaiduSetUp Plugin) - C:\Windows\Downloaded Program Files\4611046\npxbdsetup.dll ()
CHR Extension: (Google 文件) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-28]
CHR Extension: (Google 雲端硬碟) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-28]
CHR Extension: (WOT) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-07-11]
CHR Extension: (YouTube) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-28]
CHR Extension: (Google æœå°‹) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-28]
CHR Extension: (Thunder Download Extension for Chrome) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncennffkjdiamlpmcbajkmaiiiddgioo [2014-07-20]
CHR Extension: (Google é›»å錢包) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-09]
CHR Extension: (Unblock Youku) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-07-10]
CHR Extension: (Gmail) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-28]
CHR HKLM-x32\...\Chrome\Extension: [dpphgmdbhahgadoggfojpaljepicgfpd] - C:\Users\Rachel\AppData\Roaming\DBankPlugin\DBankPluginChrome.crx [2014-06-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-07-18] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-07-18] (Comodo Security Solutions, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5203984 2014-03-17] (INCA Internet Co., Ltd.)
R2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174024 2014-07-18] (ShenZhen Xunlei Networking Technologies,LTD)
R2 SDDUpdate; C:\Windows\system32\config\systemprofile\AppData\Roaming\SNDA\SDUpdate\SDDUpdateSvc.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-16] ()
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows (R) Win 7 DDK provider) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-01-31] (DT Soft Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
S3 HaozipVirtualCDBus; C:\Windows\System32\DRIVERS\HaoZipVirtualCDBus.sys [204888 2012-07-24] (Shanghai RuiChuang)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-06-15] (Duplex Secure Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198400 2009-01-09] (Vimicro Corporation) [File not signed]
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation) [File not signed]
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
R2 YLMFVDISK; C:\Windows\System32\drivers\VirtDisk64.sys [23896 2011-12-09] ()
S3 cpuz134; \??\C:\Users\Rachel\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-29 09:43 - 2014-07-29 09:44 - 00039067 _____ () C:\Users\Rachel\Desktop\Addition.txt
2014-07-29 09:42 - 2014-07-29 10:02 - 00023447 _____ () C:\Users\Rachel\Desktop\FRST.txt
2014-07-29 09:42 - 2014-07-29 10:02 - 00000000 ____D () C:\FRST
2014-07-29 09:41 - 2014-07-29 09:41 - 02093568 _____ (Farbar) C:\Users\Rachel\Desktop\FRST64.exe
2014-07-28 19:49 - 2014-07-28 19:49 - 28015450 _____ () C:\Users\Rachel\Downloads\montage_final_1.wmv
2014-07-28 18:59 - 2014-07-28 18:59 - 00061777 _____ () C:\Users\Rachel\Downloads\montage_final_1.wlmp
2014-07-28 10:45 - 2014-07-28 10:48 - 00000000 ___SD () C:\commy
2014-07-28 10:12 - 2014-07-28 10:12 - 05379160 _____ () C:\Users\Rachel\Desktop\winlogon.exe.exe
2014-07-26 00:34 - 2014-07-26 00:34 - 00246784 _____ () C:\Users\Rachel\Desktop\260714.ppt
2014-07-22 12:04 - 2014-07-22 12:04 - 00003980 _____ () C:\Users\Rachel\Desktop\RKreport_SCN_07222014_120116.log
2014-07-22 11:16 - 2014-07-28 10:12 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-22 11:16 - 2014-07-22 11:16 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-22 09:56 - 2014-07-22 11:08 - 00000000 ____D () C:\Users\Rachel\Desktop\RK_Quarantine
2014-07-20 22:30 - 2014-07-20 22:30 - 00003458 _____ () C:\Users\Rachel\Downloads\1010.mid
2014-07-20 21:37 - 2014-07-28 10:42 - 05563277 ____R (Swearware) C:\Users\Rachel\Desktop\commy.exe
2014-07-19 21:57 - 2014-01-07 20:50 - 00104360 _____ () C:\Users\Rachel\Desktop\Sherlock.S02E01.RERIP.1080p.BluRay.x264-RRH.English.srt
2014-07-19 21:57 - 2014-01-07 20:50 - 00099603 _____ () C:\Users\Rachel\Desktop\Sherlock.S02E02.1080p.Bluray.x264-RRH.English.srt
2014-07-19 21:57 - 2014-01-07 20:50 - 00098402 _____ () C:\Users\Rachel\Desktop\Sherlock.S02E03.1080p.BluRay.x264-SHORTBREHD.English.srt
2014-07-19 08:52 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-19 08:52 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-19 08:52 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-19 08:52 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-19 08:52 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-19 08:52 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-19 08:52 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-19 08:52 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-19 08:50 - 2014-07-19 08:52 - 00000000 ____D () C:\Qoobox
2014-07-19 08:49 - 2014-07-19 08:49 - 00000000 ____D () C:\Windows\erdnt
2014-07-18 23:19 - 2014-07-18 23:19 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\MPC-HC
2014-07-18 20:27 - 2014-07-18 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
2014-07-18 20:26 - 2014-07-18 20:26 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\Macromedia
2014-07-18 19:56 - 2014-07-18 19:57 - 2607703360 _____ () C:\Users\Rachel\Downloads\TeniPuri Festa 2013 disc1.mp4
2014-07-18 19:53 - 2014-07-18 19:53 - 00000857 _____ () C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-07-17 10:09 - 2014-07-18 23:34 - 00002015 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2014-07-16 22:21 - 2014-07-16 22:21 - 00688992 ____R (Swearware) C:\Users\Rachel\Downloads\dds.com
2014-07-16 17:19 - 2014-07-16 17:19 - 00000000 _____ () C:\Windows\system32\ExtraInfo.txt.tmp
2014-07-16 17:09 - 2014-07-16 17:09 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\AVAST Software
2014-07-16 17:08 - 2014-07-29 09:32 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-16 17:08 - 2014-07-16 17:08 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-16 17:08 - 2014-07-16 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-16 17:07 - 2014-07-16 17:08 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-16 17:07 - 2014-07-16 17:07 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-16 17:07 - 2014-07-16 17:07 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-16 17:06 - 2014-07-16 17:06 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-16 17:04 - 2014-07-16 17:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-16 17:01 - 2014-07-16 17:03 - 91906368 _____ (AVAST Software) C:\Users\Rachel\Downloads\avast_free_antivirus_setup.exe
2014-07-16 16:17 - 2014-07-16 16:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-16 16:14 - 2014-07-16 16:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rachel\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-16 15:20 - 2014-07-16 15:21 - 06762112 _____ (ParetoLogic, Inc.) C:\Users\Rachel\Downloads\RegCureProSetup.exe
2014-07-16 15:09 - 2014-07-16 15:09 - 02060288 _____ () C:\Users\Guest\ntuser.rhk
2014-07-16 15:09 - 2014-07-16 15:09 - 01437696 _____ () C:\Users\Rachel2\ntuser.rhk
2014-07-16 14:57 - 2014-07-16 14:57 - 02128128 _____ (WiseCleaner.com ) C:\Users\Rachel\Downloads\WRCFree.exe
2014-07-16 14:16 - 2014-07-16 23:04 - 00000163 _____ () C:\Windows\Reimage.ini
2014-07-12 10:03 - 2014-01-23 11:21 - 00206080 _____ (DEVGURU Co., LTD.(
www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-07-12 10:03 - 2014-01-23 11:21 - 00108800 _____ (DEVGURU Co., LTD.(
www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-07-12 09:57 - 2014-07-12 09:57 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2014-07-12 09:56 - 2014-07-12 09:56 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-07-11 17:07 - 2014-07-11 17:07 - 00000000 ____D () C:\Users\Rachel\AppData\Local\AdTrustMedia
2014-07-11 11:05 - 2014-07-11 11:05 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-07-11 11:04 - 2014-07-11 11:05 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-07-11 11:03 - 2014-07-18 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-07-11 11:03 - 2014-07-12 09:57 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2014-07-11 11:03 - 2014-07-11 11:03 - 00000000 ____D () C:\Users\Rachel\AppData\Local\Comodo
2014-07-11 11:03 - 2014-07-11 11:03 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-07-11 11:03 - 2014-07-11 11:03 - 00000000 ____D () C:\Program Files\COMODO
2014-07-11 11:02 - 2014-07-12 09:57 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-07-11 11:02 - 2014-07-11 11:05 - 00000000 ____D () C:\ProgramData\Comodo
2014-07-11 11:02 - 2014-07-11 11:02 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-07-11 10:56 - 2014-07-11 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-07-11 10:56 - 2014-06-14 22:03 - 00260696 _____ () C:\Windows\system32\unrar64.dll
2014-07-11 10:39 - 2014-07-11 10:39 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-07-11 10:11 - 2014-07-11 10:12 - 00001188 _____ () C:\DelFix.txt
2014-07-09 22:45 - 2014-07-11 10:11 - 00000000 ____D () C:\Windows\ERUNT
2014-07-09 09:32 - 2014-06-30 10:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 09:32 - 2014-06-30 10:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 09:32 - 2014-06-18 10:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 09:32 - 2014-06-18 09:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 09:32 - 2014-06-18 09:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 09:32 - 2014-06-06 18:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 09:32 - 2014-06-06 17:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 09:32 - 2014-05-30 16:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 09:32 - 2014-05-30 16:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 09:32 - 2014-05-30 16:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 09:32 - 2014-05-30 16:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 09:32 - 2014-05-30 16:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 09:32 - 2014-05-30 16:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 09:32 - 2014-05-30 16:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 09:32 - 2014-05-30 15:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 09:32 - 2014-05-30 15:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 09:32 - 2014-05-30 15:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 09:32 - 2014-05-30 15:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 09:32 - 2014-05-30 15:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 09:32 - 2014-05-30 15:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 09:32 - 2014-05-30 15:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 09:32 - 2014-05-30 14:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 09:31 - 2014-06-21 04:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 09:31 - 2014-06-21 03:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 09:31 - 2014-06-19 09:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 09:31 - 2014-06-19 09:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 09:31 - 2014-06-19 09:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 09:31 - 2014-06-19 08:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 09:31 - 2014-06-19 08:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 09:31 - 2014-06-19 08:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 09:31 - 2014-06-19 08:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 09:31 - 2014-06-19 08:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 09:31 - 2014-06-19 08:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 09:31 - 2014-06-19 08:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 09:31 - 2014-06-19 08:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 09:31 - 2014-06-19 08:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 09:31 - 2014-06-19 08:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 09:31 - 2014-06-19 08:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 09:31 - 2014-06-19 08:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 09:31 - 2014-06-19 08:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 09:31 - 2014-06-19 08:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 09:31 - 2014-06-19 07:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 09:31 - 2014-06-19 07:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 09:31 - 2014-06-19 07:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 09:31 - 2014-06-19 07:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 09:31 - 2014-06-19 07:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 09:31 - 2014-06-19 07:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 09:31 - 2014-06-19 07:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 09:31 - 2014-06-19 07:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 09:31 - 2014-06-19 07:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 09:31 - 2014-06-19 07:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 09:31 - 2014-06-19 07:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 09:31 - 2014-06-19 07:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 09:31 - 2014-06-19 07:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 09:31 - 2014-06-19 07:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 09:31 - 2014-06-19 07:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 09:31 - 2014-06-19 07:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 09:31 - 2014-06-19 07:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 09:31 - 2014-06-19 07:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 09:31 - 2014-06-19 07:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 09:31 - 2014-06-19 07:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 09:31 - 2014-06-19 07:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 09:31 - 2014-06-19 07:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 09:31 - 2014-06-19 07:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 09:31 - 2014-06-19 06:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 09:31 - 2014-06-19 06:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 09:31 - 2014-06-19 06:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 09:31 - 2014-06-19 06:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 09:31 - 2014-06-19 06:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 09:31 - 2014-06-19 06:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 09:31 - 2014-06-19 06:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 09:31 - 2014-06-19 06:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 09:31 - 2014-06-19 06:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 09:31 - 2014-06-19 06:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 09:31 - 2014-06-19 06:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 09:31 - 2014-06-19 06:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 09:31 - 2014-06-19 06:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 09:31 - 2014-06-19 06:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 09:31 - 2014-06-05 22:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 09:31 - 2014-06-05 22:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 09:31 - 2014-06-05 22:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 09:21 - 2014-07-09 22:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-09 09:20 - 2014-07-09 09:20 - 00000000 ___DC () C:\Users\Rachel\AppData\Local\MigWiz
2014-07-08 22:48 - 2014-07-08 22:48 - 00000259 _____ () C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\淘宝.url
2014-07-08 22:48 - 2014-07-08 22:48 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\taobao
2014-07-08 21:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-07 15:27 - 2014-07-16 22:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 15:26 - 2014-07-16 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-07 15:26 - 2014-07-07 15:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-07 15:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-07 15:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-07 15:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-07 14:51 - 2014-07-07 14:51 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-07 14:51 - 2014-07-07 14:50 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-07 14:50 - 2014-07-07 14:50 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-07 14:50 - 2014-07-07 14:50 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-07 14:50 - 2014-07-07 14:50 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-07 14:50 - 2014-07-07 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-07 14:50 - 2014-07-07 14:50 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-07 14:24 - 2014-07-11 10:49 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\TaobaoProtect