Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

0Access infection


  • This topic is locked This topic is locked
11 replies to this topic

#1 sunsigil

sunsigil

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 13 December 2013 - 02:26 PM

I have been told to make another topic about my current issue. Here the text logs Rkill and DDS

 

 

RogueKiller V8.7.11 [Dec  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Junjun [Admin rights]
Mode : Remove -- Date : 12/12/2013 20:07:09
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] GSDesktopHelper_Win(4).exe -- C:\Users\Junjun\Desktop\Multimedia\GSDesktopHelper_Win(4).exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : GSDesktopHelper (C:\Users\Junjun\Desktop\Multimedia\GSDesktopHelper_Win(4).exe [-]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-1366853064-4064985979-2904789789-1000\[...]\Run : GSDesktopHelper (C:\Users\Junjun\Desktop\Multimedia\GSDesktopHelper_Win(4).exe [-]) -> [0x2] The system cannot find the file specified.
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 :  (C:\Users\Junjun\AppData\Local\{b9eb9408-1fa2-5e6e-ac5d-453ec20a1912}\n. [x]) -> REPLACED (C:\Windows\system32\shell32.dll)
[BROK VAL] HKCR\[...]\command :  () -> CREATED ("%1" %*)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5002AALX-00J37A0 ATA Device +++++
--- User ---
[MBR] 0aa03c9d085a9ea10b3b07eb496e137b
[BSP] 014e2af72d48fce6652959ad9e924446 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12122013_200709.txt >>
RKreport[0]_S_12122013_180859.txt;RKreport[0]_S_12122013_200650.txt

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Junjun at 11:23:43 on 2013-12-13
Microsoft Windows 7 Ultimate   6.1.7601.1.932.81.1033.18.8188.5321 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIACA.EXE
C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIACA.EXE
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\XFast USB\XFastUsb.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ie
uURLSearchHooks: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [C3] <no file>
mRun: [XFast USB] C:\Program Files (x86)\XFast USB\XFastUsb.exe
mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\Junjun\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files\Logitech\SetPoint II\SetPointII.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{07A8280F-67A0-4C63-BC7F-664343F88783} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [XFast LAN] C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Junjun\AppData\Roaming\Mozilla\Firefox\Profiles\6b1miq6m.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Junjun\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Junjun\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-5-9 17192]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-7 283200]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2012-5-9 15936]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-3 1370912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-2 15128352]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-6-24 578264]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-17 450848]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-28 56960]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-28 79104]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-17 351136]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-17 4865568]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-5-9 32344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-3 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-9 471144]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-5-9 39480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S2 SmartViewService;SmartView service;C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe --> C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [?]
S3 BRDriver64;BRDriver64;C:\ProgramData\BitRaider\BRDriver64.sys [2013-11-6 75048]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2013-11-6 477960]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe --> C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2012-5-9 32320]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-10 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-5-10 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-5-13 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-15 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
ShellExec: SC2Switcher.exe: open="C:/Program Files (x86)/StarCraft II/Support/SC2Switcher.exe" "%1"
.
=============== Created Last 30 ================
.
2013-12-12 07:12:10    10285968    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1230D27E-627C-44F2-827C-DA1F00DEB816}\mpengine.dll
2013-12-11 07:49:38    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-12-11 07:20:12    --------    d-----w-    C:\Program Files (x86)\Guild Wars 2
2013-12-11 07:14:32    --------    d-sh--w-    C:\Windows\SysWow64\AI_RecycleBin
2013-12-11 06:59:10    9272200    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-12-11 06:35:52    10285968    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-11 06:33:51    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-12-11 06:33:49    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-12-11 06:33:48    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-12-11 06:33:45    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-12-11 06:33:45    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-12-11 06:33:32    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-12-11 06:33:32    116736    ----a-w-    C:\Windows\System32\drivers\drmk.sys
2013-12-11 06:32:44    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2013-12-11 06:32:44    168960    ----a-w-    C:\Windows\System32\wscript.exe
2013-12-11 06:32:44    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-12-11 06:32:44    156160    ----a-w-    C:\Windows\System32\cscript.exe
2013-12-11 06:32:44    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2013-12-11 06:32:44    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2013-12-11 06:32:44    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-12-11 06:32:44    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2013-12-06 22:18:41    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1ADA59D4-E970-4762-AD21-0923751EA8F0}\gapaengine.dll
2013-12-05 21:23:29    --------    d-----w-    C:\Program Files (x86)\StarCraft II
2013-12-05 03:59:09    --------    d-----w-    C:\ProgramData\Visan
2013-12-05 03:59:09    --------    d-----w-    C:\ProgramData\HP Photo Creations
2013-12-05 03:59:09    --------    d-----w-    C:\Program Files (x86)\HP Photo Creations
2013-12-05 03:58:58    --------    d-----w-    C:\Users\Junjun\AppData\Roaming\HpUpdate
2013-12-05 03:58:47    762400    ------w-    C:\Windows\System32\HPDiscoPMC311.dll
2013-12-05 03:58:15    --------    d-----w-    C:\Program Files (x86)\HP
2013-12-05 03:58:13    --------    d-----w-    C:\Program Files\HP
2013-12-05 03:54:50    --------    d-----w-    C:\Users\Junjun\AppData\Local\HP
2013-12-04 02:27:12    39200    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2013-12-04 02:27:12    32544    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2013-12-02 23:28:53    --------    d-----w-    C:\Users\Junjun\AppData\Roaming\openvr
2013-12-02 23:08:28    --------    d-----w-    C:\Users\Junjun\AppData\Roaming\Guild Wars 2
2013-11-29 21:49:06    --------    d-----w-    C:\Windows\ERUNT
2013-11-29 21:39:06    --------    d-----w-    C:\AdwCleaner
2013-11-19 23:10:09    --------    d-----w-    C:\Program Files (x86)\Zenimax Online
.
==================== Find3M  ====================
.
2013-12-11 18:59:18    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-11 18:59:17    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-29 16:56:58    1096480    ----a-w-    C:\Windows\System32\nvspcap64.dll
2013-11-29 16:56:57    979744    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-19 10:21:41    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-12 01:29:34    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-11-12 01:28:52    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-11-12 01:28:52    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-10-30 17:02:58    35104    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-08 14:50:37    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25:35    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 00:58:38    290184    ----a-w-    C:\Windows\SysWow64\PnkBstrB.xtr
2013-10-04 00:58:38    290184    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-10-04 00:58:05    280904    ----a-w-    C:\Windows\SysWow64\PnkBstrB.ex0
2013-10-03 21:02:04    76888    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-27 17:53:06    248240    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 17:53:06    134944    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
.
============= FINISH: 11:25:32.09 ===============
 



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 AM

Posted 14 December 2013 - 11:04 AM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 sunsigil

sunsigil
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 15 December 2013 - 07:58 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-12-2013
Ran by Junjun (administrator) on JUNJUN-PC on 15-12-2013 16:55:44
Running from C:\Users\Junjun\Desktop\Multimedia
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIACA.EXE
(Google Inc.) C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIACA.EXE
() C:\Program Files\Rainmeter\Rainmeter.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFast USB\XFastUsb.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] - C:\Program Files\ASRock\XFast LAN\cfosspeed.exe [1441152 2011-07-04] (cFos Software GmbH)
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.Exe [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-10] (Google Inc.)
HKCU\...\Run: [C3] - [x]
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-29] ()
HKCU\...\Run: [EPSON Stylus CX3800 Series] - C:\Windows\Temp\E_SA5D.tmp [132 2013-01-23] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKCU\...\Run: [Google Update] - C:\Users\Junjun\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-06-07] (Google Inc.)
HKCU\...\Run: [MusicManager] - C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7380992 2013-11-11] (Google Inc.)
HKCU\...\Run: [EPSON Stylus CX3800 Series (Copy 1)] - C:\Windows\Temp\E_SA3CE.tmp [150 2013-10-24] ()
MountPoints2: F - F:\setup.exe
MountPoints2: {4202b41e-a463-11e1-8b2f-bc5ff42be26a} - F:\setup.exe -a
MountPoints2: {8732a993-89cf-11e2-863c-bc5ff42be26a} - H:\LaunchU3.exe -a
HKLM-x32\...\Run: [XFast USB] - C:\Program Files (x86)\XFast USB\XFastUsb.exe [4878912 2012-05-09] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [167936 2008-11-02] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [STCAgent] - "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
HKLM-x32\...\Run: [ZyngaGamesAgent] - "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
Startup: C:\Users\Junjun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 5530 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP ENVY 5530 series.lnk -> C:\Program Files\HP\HP ENVY 5530 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x830B8D48D02ECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - (No Name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No File
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {821FE8A7-7423-4592-8286-4F661243F43B} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=PROTOSV
SearchScopes: HKCU - {B4CAC9CA-28B3-4094-AA06-097E12BCA4F1} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Junjun\AppData\Roaming\Mozilla\Firefox\Profiles\6b1miq6m.default
FF Homepage: about:home
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Junjun\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Junjun\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Junjun\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Extension: DownloadHelper - C:\Users\Junjun\AppData\Roaming\Mozilla\Firefox\Profiles\6b1miq6m.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: keysharky - C:\Users\Junjun\AppData\Roaming\Mozilla\Firefox\Profiles\6b1miq6m.default\Extensions\keysharky@intars.students.xpi
FF Extension: Adblock Plus - C:\Users\Junjun\AppData\Roaming\Mozilla\Firefox\Profiles\6b1miq6m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ch"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Junjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ijji Web Launching Plugin for FF) - C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll (NHN USA Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (QUAKE LIVE) - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Drive) - C:\Users\Junjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Junjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Junjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Junjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (Google Wallet) - C:\Users\Junjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Junjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2013-11-21] (BitRaider, LLC)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-07-04] (cFos Software GmbH)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [578264 2011-12-21] (Pandora.TV)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-03] ()
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [x]
S2 SmartViewService; C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [x]

==================== Drivers (Whitelisted) ====================

S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-11-06] (BitRaider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-07] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-03-10] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-05-09] (FNet Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-15 16:55 - 2013-12-15 16:55 - 00000000 ____D C:\FRST
2013-12-14 22:56 - 2013-12-14 22:57 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-13 20:46 - 2013-12-13 20:46 - 00000222 _____ C:\Users\Junjun\Desktop\Wasteland 2.url
2013-12-13 11:25 - 2013-12-13 11:27 - 00022501 _____ C:\Users\Junjun\Desktop\dds.txt
2013-12-13 11:25 - 2013-12-13 11:25 - 00008964 _____ C:\Users\Junjun\Desktop\attach.txt
2013-12-12 20:07 - 2013-12-12 20:07 - 00002851 _____ C:\Users\Junjun\Desktop\RKreport[0]_D_12122013_200709.txt
2013-12-12 20:06 - 2013-12-12 20:06 - 00002708 _____ C:\Users\Junjun\Desktop\RKreport[0]_S_12122013_200650.txt
2013-12-12 18:08 - 2013-12-12 18:08 - 00002675 _____ C:\Users\Junjun\Desktop\RKreport[0]_S_12122013_180859.txt
2013-12-12 18:06 - 2013-12-12 20:07 - 00000000 ____D C:\Users\Junjun\Desktop\RK_Quarantine
2013-12-11 11:27 - 2013-12-11 11:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-10 23:49 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-10 23:49 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-10 23:49 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-10 23:49 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-10 23:49 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-10 23:49 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-10 23:49 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-10 23:49 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-10 23:49 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-10 23:49 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-10 23:49 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-10 23:49 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-10 23:49 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-10 23:49 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-10 23:49 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-10 23:49 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-10 23:49 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-10 23:49 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-10 23:49 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-10 23:49 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-10 23:49 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-10 23:49 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-10 23:49 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-10 23:49 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-10 23:49 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-10 23:49 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-10 23:49 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-10 23:49 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-10 23:49 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-10 23:49 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-10 23:49 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-10 23:20 - 2013-12-10 23:20 - 00000936 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk
2013-12-10 23:20 - 2013-12-10 23:20 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2013-12-10 23:14 - 2013-12-10 23:14 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-12-10 22:59 - 2013-12-11 10:59 - 09272200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-10 22:33 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-10 22:33 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-10 22:33 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-10 22:33 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-10 22:33 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-10 22:33 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-10 22:33 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 22:32 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-10 22:32 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-10 22:32 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-10 22:32 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-10 22:32 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-10 22:32 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-10 22:32 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-10 22:32 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-10 15:05 - 2013-12-10 15:07 - 00000222 _____ C:\Users\Junjun\Desktop\Starbound.url
2013-12-05 13:23 - 2013-12-05 14:31 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2013-12-05 13:23 - 2013-12-05 13:23 - 00001097 _____ C:\Users\Public\Desktop\StarCraft II.lnk
2013-12-05 13:00 - 2013-12-05 13:00 - 00003544 _____ C:\Windows\System32\Tasks\HP AR Program Upload - cc0129a021884eb99e2db0a3484d7655a7ce5567cf8c47dbbb2deb6bab917d5f
2013-12-05 13:00 - 2013-12-05 13:00 - 00003544 _____ C:\Windows\System32\Tasks\HP AR Program Upload - 5560f9c376a1463f8b439ca4eb3fedbec8bc736c9e8b466481aa1fabf299be0f
2013-12-04 19:59 - 2013-12-04 19:59 - 00001995 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2013-12-04 19:59 - 2013-12-04 19:59 - 00000000 ____D C:\ProgramData\Visan
2013-12-04 19:59 - 2013-12-04 19:59 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-12-04 19:59 - 2013-12-04 19:59 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-12-04 19:59 - 2013-12-04 19:59 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-12-04 19:58 - 2013-12-11 20:39 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\HpUpdate
2013-12-04 19:58 - 2013-12-04 19:59 - 00000000 ____D C:\Program Files (x86)\HP
2013-12-04 19:58 - 2013-12-04 19:58 - 00003614 _____ C:\Windows\System32\Tasks\HPCustParticipation HP ENVY 5530 series
2013-12-04 19:58 - 2013-12-04 19:58 - 00002176 _____ C:\Users\Public\Desktop\HP ENVY 5530 series.lnk
2013-12-04 19:58 - 2013-12-04 19:58 - 00001138 _____ C:\Users\Public\Desktop\Shop for Supplies - HP ENVY 5530 series.lnk
2013-12-04 19:58 - 2013-12-04 19:58 - 00000057 _____ C:\ProgramData\Ament.ini
2013-12-04 19:58 - 2013-12-04 19:58 - 00000000 ____D C:\ProgramData\HP
2013-12-04 19:58 - 2013-12-04 19:58 - 00000000 ____D C:\Program Files\HP
2013-12-04 19:58 - 2013-08-13 13:42 - 00762400 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC311.dll
2013-12-04 19:54 - 2013-12-04 20:04 - 00000000 ____D C:\Users\Junjun\AppData\Local\HP
2013-12-03 18:27 - 2013-10-30 09:03 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-03 18:27 - 2013-10-30 09:02 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-02 15:28 - 2013-12-02 15:28 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\openvr
2013-12-02 15:08 - 2013-12-02 15:08 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\Guild Wars 2
2013-11-30 23:04 - 2013-12-03 20:58 - 00000000 ____D C:\Users\Junjun\Documents\Baldur's Gate - Enhanced Edition
2013-11-29 18:12 - 2013-11-29 18:12 - 00000840 _____ C:\Users\Junjun\Desktop\eset.txt
2013-11-29 13:54 - 2013-11-29 13:54 - 00001316 _____ C:\Users\Junjun\Desktop\JRT.txt
2013-11-29 13:49 - 2013-11-29 13:49 - 00000000 ____D C:\Windows\ERUNT
2013-11-29 13:45 - 2013-11-29 13:45 - 00030590 _____ C:\Users\Junjun\Desktop\AdwCleaner[S0].txt
2013-11-29 13:39 - 2013-12-11 22:57 - 00000000 ____D C:\AdwCleaner
2013-11-29 13:38 - 2013-11-29 13:38 - 00098768 _____ C:\Users\Junjun\Desktop\result2.txt
2013-11-29 13:35 - 2013-11-29 13:35 - 00029547 _____ C:\Users\Junjun\Desktop\Result.txt
2013-11-28 12:10 - 2013-11-28 12:10 - 00000212 _____ C:\Users\Junjun\Desktop\Baldur's Gate Enhanced Edition.url
2013-11-21 19:16 - 2013-11-21 19:40 - 00006085 _____ C:\Users\Junjun\Documents\TombRaider.log
2013-11-19 15:10 - 2013-12-02 15:11 - 00000000 ____D C:\Program Files (x86)\Zenimax Online

==================== One Month Modified Files and Folders =======

2013-12-15 16:55 - 2013-12-15 16:55 - 00000000 ____D C:\FRST
2013-12-15 16:55 - 2012-05-12 12:39 - 00000000 ____D C:\Users\Junjun\AppData\Local\PMB Files
2013-12-15 16:55 - 2012-05-12 12:39 - 00000000 ____D C:\ProgramData\PMB Files
2013-12-15 16:55 - 2012-05-10 15:04 - 00000000 ___RD C:\Users\Junjun\Desktop\Multimedia
2013-12-15 16:54 - 2012-05-09 18:06 - 01633560 _____ C:\Windows\WindowsUpdate.log
2013-12-15 16:51 - 2012-05-10 19:58 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-15 16:48 - 2012-05-10 09:15 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-15 16:48 - 2012-05-09 18:40 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-15 16:48 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-15 16:48 - 2009-07-13 20:51 - 00172739 _____ C:\Windows\setupact.log
2013-12-14 23:59 - 2012-05-10 09:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-14 23:41 - 2012-05-10 09:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-14 23:32 - 2013-06-07 21:05 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1366853064-4064985979-2904789789-1000UA.job
2013-12-14 23:00 - 2012-05-11 17:54 - 00000000 ____D C:\Users\Junjun\Documents\My Games
2013-12-14 22:57 - 2013-12-14 22:56 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-14 22:52 - 2009-07-13 20:45 - 00022272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-14 22:52 - 2009-07-13 20:45 - 00022272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-14 18:27 - 2013-08-12 01:03 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 18:25 - 2012-05-13 17:09 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 23:52 - 2012-06-02 16:03 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\Skype
2013-12-13 21:32 - 2013-06-07 21:05 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1366853064-4064985979-2904789789-1000Core.job
2013-12-13 20:46 - 2013-12-13 20:46 - 00000222 _____ C:\Users\Junjun\Desktop\Wasteland 2.url
2013-12-13 20:46 - 2012-05-10 20:02 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-12-13 11:27 - 2013-12-13 11:25 - 00022501 _____ C:\Users\Junjun\Desktop\dds.txt
2013-12-13 11:25 - 2013-12-13 11:25 - 00008964 _____ C:\Users\Junjun\Desktop\attach.txt
2013-12-12 22:18 - 2013-02-07 02:27 - 00415502 _____ C:\Windows\system32\perfh011.dat
2013-12-12 22:18 - 2013-02-07 02:27 - 00120996 _____ C:\Windows\system32\perfc011.dat
2013-12-12 22:18 - 2009-07-13 21:13 - 01306938 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-12 21:33 - 2012-08-26 19:13 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\BitTorrent
2013-12-12 20:07 - 2013-12-12 20:07 - 00002851 _____ C:\Users\Junjun\Desktop\RKreport[0]_D_12122013_200709.txt
2013-12-12 20:07 - 2013-12-12 18:06 - 00000000 ____D C:\Users\Junjun\Desktop\RK_Quarantine
2013-12-12 20:06 - 2013-12-12 20:06 - 00002708 _____ C:\Users\Junjun\Desktop\RKreport[0]_S_12122013_200650.txt
2013-12-12 18:08 - 2013-12-12 18:08 - 00002675 _____ C:\Users\Junjun\Desktop\RKreport[0]_S_12122013_180859.txt
2013-12-12 09:45 - 2012-05-11 17:15 - 00000000 ____D C:\Users\Junjun\AppData\Local\CrashDumps
2013-12-11 22:57 - 2013-11-29 13:39 - 00000000 ____D C:\AdwCleaner
2013-12-11 21:58 - 2012-05-10 14:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-11 20:39 - 2013-12-04 19:58 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\HpUpdate
2013-12-11 11:27 - 2013-12-11 11:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-11 10:59 - 2013-12-10 22:59 - 09272200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-11 10:59 - 2012-05-10 09:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 10:59 - 2012-05-10 09:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 10:59 - 2012-05-10 09:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 10:30 - 2009-07-13 20:45 - 00291432 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-10 23:50 - 2009-07-13 18:34 - 00000499 _____ C:\Windows\win.ini
2013-12-10 23:20 - 2013-12-10 23:20 - 00000936 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk
2013-12-10 23:20 - 2013-12-10 23:20 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2013-12-10 23:18 - 2012-07-10 09:29 - 00000000 ____D C:\Users\Junjun\Documents\Guild Wars 2
2013-12-10 23:15 - 2013-10-19 15:14 - 00000000 ____D C:\Users\Junjun\AppData\Local\Deployment
2013-12-10 23:14 - 2013-12-10 23:14 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-12-10 23:13 - 2013-11-06 17:43 - 00000000 ____D C:\ProgramData\BitRaider
2013-12-10 15:07 - 2013-12-10 15:05 - 00000222 _____ C:\Users\Junjun\Desktop\Starbound.url
2013-12-10 01:37 - 2012-09-17 18:32 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\vlc
2013-12-09 21:27 - 2013-06-07 21:05 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1366853064-4064985979-2904789789-1000UA
2013-12-09 21:27 - 2013-06-07 21:05 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1366853064-4064985979-2904789789-1000Core
2013-12-09 21:11 - 2012-05-09 18:32 - 00065082 _____ C:\Windows\PFRO.log
2013-12-09 20:04 - 2012-08-26 19:13 - 00000000 ____D C:\Users\Junjun\Desktop\torrents
2013-12-05 21:30 - 2013-01-23 22:21 - 00000000 ____D C:\Program Files (x86)\epson
2013-12-05 21:00 - 2013-07-12 13:16 - 00000000 ____D C:\Users\Junjun\AppData\Local\Battle.net
2013-12-05 14:31 - 2013-12-05 13:23 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2013-12-05 13:23 - 2013-12-05 13:23 - 00001097 _____ C:\Users\Public\Desktop\StarCraft II.lnk
2013-12-05 13:21 - 2013-07-12 13:16 - 00000000 ____D C:\Program Files (x86)\Battle.net
2013-12-05 13:20 - 2013-10-22 15:18 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2013-12-05 13:19 - 2013-07-12 13:24 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-12-05 13:00 - 2013-12-05 13:00 - 00003544 _____ C:\Windows\System32\Tasks\HP AR Program Upload - cc0129a021884eb99e2db0a3484d7655a7ce5567cf8c47dbbb2deb6bab917d5f
2013-12-05 13:00 - 2013-12-05 13:00 - 00003544 _____ C:\Windows\System32\Tasks\HP AR Program Upload - 5560f9c376a1463f8b439ca4eb3fedbec8bc736c9e8b466481aa1fabf299be0f
2013-12-04 20:04 - 2013-12-04 19:54 - 00000000 ____D C:\Users\Junjun\AppData\Local\HP
2013-12-04 20:00 - 2012-05-09 18:06 - 00000000 ___RD C:\Users\Junjun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-04 19:59 - 2013-12-04 19:59 - 00001995 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2013-12-04 19:59 - 2013-12-04 19:59 - 00000000 ____D C:\ProgramData\Visan
2013-12-04 19:59 - 2013-12-04 19:59 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-12-04 19:59 - 2013-12-04 19:59 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-12-04 19:59 - 2013-12-04 19:59 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-12-04 19:59 - 2013-12-04 19:58 - 00000000 ____D C:\Program Files (x86)\HP
2013-12-04 19:58 - 2013-12-04 19:58 - 00003614 _____ C:\Windows\System32\Tasks\HPCustParticipation HP ENVY 5530 series
2013-12-04 19:58 - 2013-12-04 19:58 - 00002176 _____ C:\Users\Public\Desktop\HP ENVY 5530 series.lnk
2013-12-04 19:58 - 2013-12-04 19:58 - 00001138 _____ C:\Users\Public\Desktop\Shop for Supplies - HP ENVY 5530 series.lnk
2013-12-04 19:58 - 2013-12-04 19:58 - 00000057 _____ C:\ProgramData\Ament.ini
2013-12-04 19:58 - 2013-12-04 19:58 - 00000000 ____D C:\ProgramData\HP
2013-12-04 19:58 - 2013-12-04 19:58 - 00000000 ____D C:\Program Files\HP
2013-12-04 17:12 - 2013-01-28 12:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-04 17:12 - 2012-06-02 16:03 - 00000000 ____D C:\ProgramData\Skype
2013-12-03 22:38 - 2013-08-15 19:08 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\uTorrent
2013-12-03 20:58 - 2013-11-30 23:04 - 00000000 ____D C:\Users\Junjun\Documents\Baldur's Gate - Enhanced Edition
2013-12-03 18:29 - 2013-03-27 17:44 - 00000000 ____D C:\Users\Junjun\AppData\Local\NVIDIA
2013-12-03 18:28 - 2013-11-12 19:28 - 00000000 ____D C:\Users\Junjun\AppData\Local\NVIDIA Corporation
2013-12-03 18:28 - 2012-07-20 17:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-03 18:27 - 2012-05-09 18:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-03 18:27 - 2012-05-09 18:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-02 22:36 - 2012-05-10 09:15 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-02 22:36 - 2012-05-10 09:15 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-02 15:28 - 2013-12-02 15:28 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\openvr
2013-12-02 15:11 - 2013-11-19 15:10 - 00000000 ____D C:\Program Files (x86)\Zenimax Online
2013-12-02 15:11 - 2013-04-17 18:28 - 00010135 _____ C:\Users\Junjun\Documents\Uninstall STAR WARS The Old Republic.log
2013-12-02 15:08 - 2013-12-02 15:08 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\Guild Wars 2
2013-12-02 13:33 - 2013-01-09 14:19 - 00000000 ____D C:\Users\Junjun\AppData\Local\Warframe
2013-12-01 23:04 - 2013-11-05 21:22 - 00000000 ____D C:\Users\Junjun\Desktop\CNA
2013-11-29 18:12 - 2013-11-29 18:12 - 00000840 _____ C:\Users\Junjun\Desktop\eset.txt
2013-11-29 13:54 - 2013-11-29 13:54 - 00001316 _____ C:\Users\Junjun\Desktop\JRT.txt
2013-11-29 13:49 - 2013-11-29 13:49 - 00000000 ____D C:\Windows\ERUNT
2013-11-29 13:45 - 2013-11-29 13:45 - 00030590 _____ C:\Users\Junjun\Desktop\AdwCleaner[S0].txt
2013-11-29 13:38 - 2013-11-29 13:38 - 00098768 _____ C:\Users\Junjun\Desktop\result2.txt
2013-11-29 13:35 - 2013-11-29 13:35 - 00029547 _____ C:\Users\Junjun\Desktop\Result.txt
2013-11-29 08:56 - 2013-11-02 17:30 - 01096480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-29 08:56 - 2013-11-02 17:30 - 00979744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-28 12:10 - 2013-11-28 12:10 - 00000212 _____ C:\Users\Junjun\Desktop\Baldur's Gate Enhanced Edition.url
2013-11-26 03:54 - 2013-12-10 23:49 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 02:19 - 2013-12-10 23:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 02:18 - 2013-12-10 23:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 02:11 - 2013-12-10 23:49 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 01:48 - 2013-12-10 23:49 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 01:46 - 2013-12-10 23:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 01:41 - 2013-12-10 23:49 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 01:29 - 2013-12-10 23:49 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 01:27 - 2013-12-10 23:49 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 01:23 - 2013-12-10 23:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 01:21 - 2013-12-10 23:49 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 01:18 - 2013-12-10 23:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 01:18 - 2013-12-10 23:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 01:16 - 2013-12-10 23:49 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 00:57 - 2013-12-10 23:49 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 00:38 - 2013-12-10 23:49 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 00:38 - 2013-12-10 23:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 00:35 - 2013-12-10 23:49 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 00:32 - 2013-12-10 23:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 00:28 - 2013-12-10 23:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 00:16 - 2013-12-10 23:49 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 00:02 - 2013-12-10 23:49 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-25 23:48 - 2013-12-10 23:49 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-25 23:32 - 2013-12-10 23:49 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-25 23:26 - 2013-12-10 23:49 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-25 23:07 - 2013-12-10 23:49 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-25 22:40 - 2013-12-10 23:49 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-25 22:34 - 2013-12-10 23:49 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-25 22:34 - 2013-12-10 23:49 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-25 22:33 - 2013-12-10 23:49 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-25 22:27 - 2013-12-10 23:49 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-21 23:14 - 2013-05-03 00:14 - 00000000 ____D C:\Users\Junjun\Desktop\book
2013-11-21 23:14 - 2012-10-18 17:27 - 00000000 ____D C:\Users\Junjun\Desktop\books
2013-11-21 19:40 - 2013-11-21 19:16 - 00006085 _____ C:\Users\Junjun\Documents\TombRaider.log
2013-11-20 17:30 - 2013-05-09 00:28 - 00000000 ____D C:\Users\Public\Games
2013-11-19 02:21 - 2012-05-12 10:46 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-18 18:25 - 2012-06-08 17:55 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-18 18:25 - 2012-06-08 17:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-18 18:25 - 2012-05-10 09:51 - 00001945 _____ C:\Windows\epplauncher.mif

Some content of TEMP:
====================
C:\Users\Junjun\AppData\Local\Temp\Gw2.exe
C:\Users\Junjun\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Junjun\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-29 14:26

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-12-2013
Ran by Junjun at 2013-12-15 16:57:02
Running from C:\Users\Junjun\Desktop\Multimedia
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7-Zip 9.20 (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Absolute Nature for S.T.A.L.K.E.R - Shadow of Chernobyl (x32)
Absolute Structures for S.T.A.L.K.E.R - Shadow of Chernobyl (x32)
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.1.377)
Adobe AIR (x32 Version: 3.9.0.1030)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
AMD USB Filter Driver (x32 Version: 1.0.14.91)
ASRock App Charger v1.0.5
ASRock eXtreme Tuner v0.1.122 (x32)
ASRock InstantBoot v1.29 (x32)
ASUS E-Green Uninstall (x32)
ATI Catalyst Install Manager (Version: 3.0.762.0)
Baldur's Gate: Enhanced Edition (x32)
Bandisoft MPEG-1 Decoder (x32)
Battle.net (x32)
Battlelog Web Plugins (x32 Version: 2.3.0)
BioWare Premium Module: Neverwinter Nights™ Kingmaker (x32)
BitRaider Web Client (x32 Version: 1.1.9.4)
BOSS (x32 Version: 2.1.1)
CameraHelperMsi (x32 Version: 13.50.854.0)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Curse Client (HKCU Version: 5.1.1.792)
DAEMON Tools Lite (x32 Version: 4.46.1.0328)
Deus Ex - HDTP (x32)
Dota 2 (x32)
Dragon Age Redesigned © Morrigan (HKCU)
Dragon Age Redesigned Oghren© (HKCU)
Dragon Age Redesigned©  Zevran (HKCU)
Dragon Age Redesigned© (HKCU)
Dragon Age Redesigned© Leliana (HKCU)
Dragon Age Redesigned© Sten (HKCU)
Dragon Age Redesigned© Wynne (HKCU)
Dropbox (HKCU Version: 2.0.22)
E-Hammer (x32 Version: 1.0.0)
EPSON Printer Software
erLT (x32 Version: 1.20.0137)
erLT (x32 Version: 1.20.138.34)
ESET Online Scanner v3 (x32)
ESN Sonar (x32 Version: 0.70.4)
Etron USB3.0 Host Controller (x32 Version: 0.104)
EVGA Precision 2.0.4 (x32 Version: 2.0.4)
Fallout Mod Manager 0.13.21 (x32)
FINAL FANTASY XIV - A Realm Reborn (x32 Version: 1.0.0000)
Fraps (x32)
FTL: Faster Than Light (x32)
gamelauncher-code4344-beta (HKCU)
GeForce Experience NvStream Client Components (Version: 1.6.28)
Google Chrome (x32 Version: 31.0.1650.63)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320)
Google Update Helper (x32 Version: 1.3.22.3)
Grooveshark (x32 Version: 0.2.0)
Guild Wars 2 (x32)
Happy Cloud Client (HKCU Version: 1.374)
HashCheck Shell Extension (x86-32) (x32 Version: 2.1.11.1)
HashCheck Shell Extension (x86-64) (Version: 2.1.11.1)
Hearthstone (x32)
HP ENVY 5530 series Basic Device Software (Version: 32.0.1180.44630)
HP ENVY 5530 series Help (x32 Version: 30.0.0)
HP Photo Creations (x32 Version: 1.0.0.7702)
HP Update (x32 Version: 5.005.002.002)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
JavaFX 2.1.0 (x32 Version: 2.1.0)
League of Legends (x32 Version: 1.3)
Left 4 Dead 2 Dedicated Server (x32)
Logitech SetPoint 5.20 (Version: 5.20)
Logitech Webcam Software (x32 Version: 2.0)
LWS Facebook (x32 Version: 13.50.854.0)
LWS Gallery (x32 Version: 13.50.854.0)
LWS Help_main (x32 Version: 13.50.862.0)
LWS Launcher (x32 Version: 13.50.859.0)
LWS Motion Detection (x32 Version: 13.30.1395.0)
LWS Pictures And Video (x32 Version: 13.50.861.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Video Mask Maker (x32 Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (x32 Version: 13.31.1038.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.31.1038.0)
Magic 2014  (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (x32 Version: 12.0.21005.1)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (x32 Version: 12.0.21005.1)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0)
Mozilla Maintenance Service (x32 Version: 26.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mumble 1.2.3 (x32 Version: 1.2.3)
Music Manager (HKCU)
NCLEX-PN 3000 - Institutional Version (x32)
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0)
Nero BurnRights 10 (x32 Version: 4.0.11300.14.100)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Control Center 10 (x32 Version: 10.0.12900.2.6)
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Core Components 10 (x32 Version: 2.0.16800.7.15)
Nero CoverDesigner 10 (x32 Version: 5.0.11200.16.100)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10900)
Nero DiscSpeed 10 (x32 Version: 6.0.11400.18.100)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Express 10 (x32 Version: 10.0.12300.23.100)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10900)
Nero InfoTool 10 (x32 Version: 7.0.11400.15.100)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10900)
Nero MediaHub 10 (x32 Version: 1.0.14800.28.100)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.0.10300)
Nero StartSmart 10 (x32 Version: 10.0.12600.30.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Update (x32 Version: 1.0.0018)
Nexon Game Manager (x32)
Nexus Mod Manager (Version: 0.45.4)
NVIDIA 3D Vision Controller Driver 314.22 (Version: 314.22)
NVIDIA 3D Vision Driver 314.22 (Version: 314.22)
NVIDIA Control Panel 314.22 (Version: 314.22)
NVIDIA Endless City demo (x32 Version: 1.0)
NVIDIA GeForce Experience 1.8 (Version: 1.8)
NVIDIA Graphics Driver 314.22 (Version: 314.22)
NVIDIA HD Audio Driver 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.142.992)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA Network Service (Version: 1.0)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA ShadowPlay 10.10.5 (Version: 10.10.5)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422)
NVIDIA Update 10.10.5 (Version: 10.10.5)
NVIDIA Update Core (Version: 10.10.5)
NVIDIA Virtual Audio 1.2.12 (Version: 1.2.12)
Oblivion mod manager 1.1.12 (x32)
OpenAL (x32)
Origin (x32 Version: 9.3.7.2735)
Pando Media Booster (x32 Version: 2.6.0.8)
Pandora Service (x32)
Portal 2 Publishing Tool (x32)
PowerISO (x32)
Product Improvement Study for HP ENVY 5530 series (Version: 32.0.1180.44630)
PunkBuster Services (x32 Version: 0.991)
Quake Live Mozilla Plugin (x32 Version: 1.0.520)
RaidCall (x32 Version: 7.2.4-1.0.7299.14)
Rainmeter (x32 Version: 2.2 r1116)
Realtek Ethernet Controller Driver (x32 Version: 7.44.421.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6378)
SHIELD Streaming (Version: 1.6.75)
Skype Click to Call (x32 Version: 6.13.13771)
Skype™ 6.11 (x32 Version: 6.11.102)
Source SDK Base 2007 (x32)
Splashtop Connect IE (x32 Version: 1.1.12.1)
Spybot - Search & Destroy (x32 Version: 1.6.2)
SpywareBlaster 4.6 (x32 Version: 4.6.0)
Starbound (x32)
StarCraft II (x32)
Steam (x32 Version: 1.0.0.0)
Straight A's in Medical-Surgical Nursing - 2nd Edition (x32)
Straight A's in Psychiatric & Mental Health Nursing (x32)
System Requirements Lab CYRI (x32 Version: 6.0.8.0)
System Requirements Lab Test (x32 Version: 5.0.6.0)
Team Fortress 2 (x32)
TeamSpeak 3 Client (Version: 3.0.13.1)
The Binding of Isaac (x32)
The KMPlayer (remove only) (x32)
THX TruStudio (x32 Version: 1.00.01)
Unofficial Oblivion Patch v3.2.0 (x32 Version: 3.2.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
User's Guides (Version: 1.20.0000)
Vampire: The Masquerade - Bloodlines (x32)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Wasteland 2 (x32)
Windows 7 Manager (Version: 1.1.3)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
World of Warcraft (x32)
XCOM: Enemy Unknown (x32)
XFast LAN v6.61 (Version: 6.61)
XFast USB (x32)
YUME MIRU KUSURI (x32 Version: 1.00.0000)
グリザイアの果実 (x32)
真剣で私に恋しなさい! (HKCU)
真剣で私に恋しなさい!A-1 (HKCU)
真剣で私に恋しなさい!S (HKCU)

==================== Restore Points  =========================

15-12-2013 02:05:06 Windows Update
15-12-2013 02:25:14 Windows Update
15-12-2013 06:55:27 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
15-12-2013 06:57:13 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005

==================== Hosts content: ==========================

2009-07-13 18:34 - 2012-06-29 12:20 - 00442922 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => Rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
Task: {16CBFC93-B8CE-46F4-9EC9-C65C789B59DE} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {29BDADB1-4230-459C-99AF-0AB69D064B43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10] (Google Inc.)
Task: {4177E39F-0091-4CA0-BAD2-5861A825F193} - System32\Tasks\HP AR Program Upload - 5560f9c376a1463f8b439ca4eb3fedbec8bc736c9e8b466481aa1fabf299be0f => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {5EFAB1A5-CFC7-42D4-A264-D997530F363C} - System32\Tasks\HP AR Program Upload - cc0129a021884eb99e2db0a3484d7655a7ce5567cf8c47dbbb2deb6bab917d5f => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {6DB68F90-1911-4D68-A604-8A9071972EA0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10] (Google Inc.)
Task: {84E04C8C-D158-481C-B4C5-5145468D32AF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1366853064-4064985979-2904789789-1000Core => C:\Users\Junjun\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-07] (Google Inc.)
Task: {92F08ED3-5817-4DA1-9484-A046724EB41B} - System32\Tasks\{692AB4C4-1F9B-4A7E-9332-A1546B3FCA1E} => C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE [2013-08-27] (Microsoft Corporation)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => Rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
Task: {994D0247-2B02-4F9B-9C22-FE93CD8A0BFB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe aepdu.dll,AePduRunUpdate
Task: {BD690621-2A84-4FB3-97CD-2796322AD0BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1366853064-4064985979-2904789789-1000UA => C:\Users\Junjun\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-07] (Google Inc.)
Task: {C7113089-F735-4BE6-BE7F-F24C057CE22B} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => Rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => Rundll32.exe /d acproxy.dll,PerformAutochkOperations
Task: {DC222E63-32CB-4EF1-BEAA-7D38C13D85EE} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1366853064-4064985979-2904789789-1000
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => Rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
Task: {EF80D5CD-D6B6-4B11-8BB2-ADBE50632B24} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1366853064-4064985979-2904789789-1000 => Rundll32.exe portabledeviceapi.dll,#1
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1366853064-4064985979-2904789789-1000Core.job => C:\Users\Junjun\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1366853064-4064985979-2904789789-1000UA.job => C:\Users\Junjun\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-05-30 22:38 - 2011-05-30 22:38 - 00062976 _____ () C:\Windows\system32\bdmpega64.acm
2012-05-09 18:14 - 2011-05-19 08:58 - 00246784 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2012-01-08 05:32 - 2012-01-08 05:32 - 00809672 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2012-01-08 05:31 - 2012-01-08 05:31 - 00025600 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.dll
2012-01-08 05:32 - 2012-01-08 05:32 - 00167424 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.dll
2012-01-08 05:32 - 2012-01-08 05:32 - 00028160 _____ () C:\Program Files\Rainmeter\Plugins\RecycleManager.dll
2011-02-10 17:45 - 2011-02-10 17:45 - 00026112 _____ () C:\Program Files\Rainmeter\Plugins\InputText.dll
2012-06-24 16:17 - 2011-12-06 15:19 - 01269760 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll
2012-06-24 16:17 - 2011-12-06 15:19 - 02090496 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avcodec-53.dll
2012-06-24 16:17 - 2011-12-06 15:19 - 00133632 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avutil-51.dll
2013-02-27 11:33 - 2013-02-27 11:33 - 10683392 _____ () C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-02-27 11:32 - 2013-02-27 11:32 - 07741952 _____ () C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-02-27 11:32 - 2013-02-27 11:32 - 02248192 _____ () C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2013-02-27 11:33 - 2013-02-27 11:33 - 01681408 _____ () C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2013-11-11 17:03 - 2013-11-11 17:03 - 00117248 _____ () C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2013-11-11 17:04 - 2013-11-11 17:04 - 00231936 _____ () C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2013-11-11 17:03 - 2013-11-11 17:03 - 00253440 _____ () C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2013-11-11 17:05 - 2013-11-11 17:05 - 00344064 _____ () C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-02-27 11:33 - 2013-02-27 11:33 - 00026624 _____ () C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-03-12 16:10 - 2013-11-06 13:48 - 00691200 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2012-05-10 19:59 - 2013-12-11 11:40 - 01135016 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-05-10 19:59 - 2013-11-06 13:48 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-05-10 19:59 - 2013-06-14 15:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-05-10 19:59 - 2013-06-14 15:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-05-10 19:59 - 2013-06-14 15:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-12-11 11:27 - 2013-12-11 11:27 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/14/2013 11:58:48 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (12/13/2013 10:44:50 PM) (Source: Application Hang) (User: )
Description: The program Steam.exe version 2.4.35.50 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 129c

Start Time: 01cef89679b52f6a

Termination Time: 12

Application Path: C:\Program Files (x86)\Steam\Steam.exe

Report Id: 3566370d-648b-11e3-ac4a-bc5ff42be26a

Error: (12/13/2013 11:36:37 AM) (Source: Application Hang) (User: )
Description: The program dota.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 139c

Start Time: 01cef83a04c03c4a

Termination Time: 443

Application Path: C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe

Report Id: df2d04f6-642d-11e3-9757-bc5ff42be26a

Error: (12/12/2013 09:21:25 PM) (Source: Application Hang) (User: )
Description: The program Grooveshark.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13a8

Start Time: 01cef7bf21a30180

Termination Time: 9

Application Path: C:\Program Files (x86)\Grooveshark\Grooveshark.exe

Report Id: 661242aa-63b6-11e3-ac7c-bc5ff42be26a

Error: (12/12/2013 09:45:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 26.0.0.5087, time stamp: 0x52a0d293
Faulting module name: mozalloc.dll, version: 26.0.0.5087, time stamp: 0x52a0af28
Exception code: 0x80000003
Fault offset: 0x0000119c
Faulting process id: 0x111c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (12/11/2013 11:12:57 PM) (Source: Application Hang) (User: )
Description: The program starbound.exe version 0.9.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 108c

Start Time: 01cef70971b77f82

Termination Time: 2

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe

Report Id: d0c7cd25-62fc-11e3-b6b9-bc5ff42be26a

Error: (12/11/2013 03:37:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: starbound.exe, version: 0.9.0.0, time stamp: 0x52a790c1
Faulting module name: starbound.exe, version: 0.9.0.0, time stamp: 0x52a790c1
Exception code: 0x40000015
Fault offset: 0x00601602
Faulting process id: 0x1b28
Faulting application start time: 0xstarbound.exe0
Faulting application path: starbound.exe1
Faulting module path: starbound.exe2
Report Id: starbound.exe3

Error: (12/11/2013 10:41:45 AM) (Source: Application Hang) (User: )
Description: The program starbound.exe version 0.9.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 131c

Start Time: 01cef6a06daf1ba2

Termination Time: 7

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe

Report Id: de750e87-6293-11e3-acae-bc5ff42be26a

Error: (12/10/2013 04:10:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: starbound.exe, version: 0.9.0.0, time stamp: 0x52a790c1
Faulting module name: starbound.exe, version: 0.9.0.0, time stamp: 0x52a790c1
Exception code: 0x40000015
Fault offset: 0x00601602
Faulting process id: 0x16c4
Faulting application start time: 0xstarbound.exe0
Faulting application path: starbound.exe1
Faulting module path: starbound.exe2
Report Id: starbound.exe3

Error: (12/09/2013 02:49:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 25.0.1.5064, time stamp: 0x5282f204
Faulting module name: xul.dll, version: 25.0.1.5064, time stamp: 0x5282f10e
Exception code: 0xc0000005
Fault offset: 0x00118f87
Faulting process id: 0x734
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3


System errors:
=============
Error: (12/15/2013 04:49:17 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/14/2013 10:43:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/14/2013 05:54:49 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/13/2013 10:33:37 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/13/2013 07:05:10 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/13/2013 07:00:05 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (12/13/2013 05:49:01 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/13/2013 03:13:27 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/13/2013 11:49:41 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (12/13/2013 11:35:47 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.


Microsoft Office Sessions:
=========================
Error: (12/14/2013 11:58:48 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (12/13/2013 10:44:50 PM) (Source: Application Hang)(User: )
Description: Steam.exe2.4.35.50129c01cef89679b52f6a12C:\Program Files (x86)\Steam\Steam.exe3566370d-648b-11e3-ac4a-bc5ff42be26a

Error: (12/13/2013 11:36:37 AM) (Source: Application Hang)(User: )
Description: dota.exe0.0.0.0139c01cef83a04c03c4a443C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exedf2d04f6-642d-11e3-9757-bc5ff42be26a

Error: (12/12/2013 09:21:25 PM) (Source: Application Hang)(User: )
Description: Grooveshark.exe0.0.0.013a801cef7bf21a301809C:\Program Files (x86)\Grooveshark\Grooveshark.exe661242aa-63b6-11e3-ac7c-bc5ff42be26a

Error: (12/12/2013 09:45:55 AM) (Source: Application Error)(User: )
Description: plugin-container.exe26.0.0.508752a0d293mozalloc.dll26.0.0.508752a0af28800000030000119c111c01cef7580c44e139C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3fd1fd85-6355-11e3-83a2-bc5ff42be26a

Error: (12/11/2013 11:12:57 PM) (Source: Application Hang)(User: )
Description: starbound.exe0.9.0.0108c01cef70971b77f822C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exed0c7cd25-62fc-11e3-b6b9-bc5ff42be26a

Error: (12/11/2013 03:37:55 PM) (Source: Application Error)(User: )
Description: starbound.exe0.9.0.052a790c1starbound.exe0.9.0.052a790c140000015006016021b2801cef6c88303ffbbC:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exeC:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe41eb8648-62bd-11e3-acae-bc5ff42be26a

Error: (12/11/2013 10:41:45 AM) (Source: Application Hang)(User: )
Description: starbound.exe0.9.0.0131c01cef6a06daf1ba27C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exede750e87-6293-11e3-acae-bc5ff42be26a

Error: (12/10/2013 04:10:04 PM) (Source: Application Error)(User: )
Description: starbound.exe0.9.0.052a790c1starbound.exe0.9.0.052a790c1400000150060160216c401cef604b18121e3C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exeC:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe95792405-61f8-11e3-ac4b-bc5ff42be26a

Error: (12/09/2013 02:49:32 PM) (Source: Application Error)(User: )
Description: firefox.exe25.0.1.50645282f204xul.dll25.0.1.50645282f10ec000000500118f8773401cef51ba2b95575C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll2a801256-6124-11e3-8fc1-bc5ff42be26a


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 8187.64 MB
Available physical RAM: 5073.94 MB
Total Pagefile: 16373.47 MB
Available Pagefile: 13057.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:19.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 72419E4B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 sunsigil

sunsigil
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 20 December 2013 - 08:16 PM

Sorry, I didnt know I had to attach the file log. I'm sorry if I made you wait. I shall copy and paste the logs again.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-12-2013 02
Ran by Junjun (administrator) on JUNJUN-PC on 20-12-2013 17:08:59
Running from C:\Users\Junjun\Desktop\Multimedia
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIACA.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIACA.EXE
() C:\Program Files\Rainmeter\Rainmeter.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFast USB\XFastUsb.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(PowerISO Computing, Inc.) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Farbar) C:\Users\Junjun\Desktop\Multimedia\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] - C:\Program Files\ASRock\XFast LAN\cfosspeed.exe [1441152 2011-07-04] (cFos Software GmbH)
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.Exe [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-10] (Google Inc.)
HKCU\...\Run: [C3] - [x]
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-29] ()
HKCU\...\Run: [EPSON Stylus CX3800 Series] - C:\Windows\Temp\E_SA5D.tmp [132 2013-01-23] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKCU\...\Run: [Google Update] - C:\Users\Junjun\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-06-07] (Google Inc.)
HKCU\...\Run: [MusicManager] - C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7380992 2013-11-11] (Google Inc.)
HKCU\...\Run: [EPSON Stylus CX3800 Series (Copy 1)] - C:\Windows\Temp\E_SA3CE.tmp [150 2013-10-24] ()
MountPoints2: F - F:\setup.exe
MountPoints2: {4202b41e-a463-11e1-8b2f-bc5ff42be26a} - F:\setup.exe -a
MountPoints2: {8732a993-89cf-11e2-863c-bc5ff42be26a} - H:\LaunchU3.exe -a
HKLM-x32\...\Run: [XFast USB] - C:\Program Files (x86)\XFast USB\XFastUsb.exe [4878912 2012-05-09] (FNet Co., Ltd.)
HKLM-x32\...\Run: [THX TruStudio NB Settings] - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [167936 2008-11-02] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [STCAgent] - "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
HKLM-x32\...\Run: [ZyngaGamesAgent] - "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
Startup: C:\Users\Junjun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 5530 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP ENVY 5530 series.lnk -> C:\Program Files\HP\HP ENVY 5530 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x830B8D48D02ECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - (No Name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No File
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {821FE8A7-7423-4592-8286-4F661243F43B} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=PROTOSV
SearchScopes: HKCU - {B4CAC9CA-28B3-4094-AA06-097E12BCA4F1} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Junjun\AppData\Roaming\Mozilla\Firefox\Profiles\6b1miq6m.default
FF Homepage: about:home
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Junjun\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Junjun\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Junjun\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Extension: DownloadHelper - C:\Users\Junjun\AppData\Roaming\Mozilla\Firefox\Profiles\6b1miq6m.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: keySharky - C:\Users\Junjun\AppData\Roaming\Mozilla\Firefox\Profiles\6b1miq6m.default\Extensions\keysharky@intars.students.xpi
FF Extension: Adblock Plus - C:\Users\Junjun\AppData\Roaming\Mozilla\Firefox\Profiles\6b1miq6m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ch"
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Junjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ijji Web Launching Plugin for FF) - C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll (NHN USA Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (QUAKE LIVE) - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Drive) - C:\Users\Junjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Junjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Junjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Junjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (Google Wallet) - C:\Users\Junjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Junjun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2013-11-21] (BitRaider, LLC)
R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-07-04] (cFos Software GmbH)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [578264 2011-12-21] (Pandora.TV)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-03] ()
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [x]
S2 SmartViewService; C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [x]

==================== Drivers (Whitelisted) ====================

S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-11-06] (BitRaider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-07] (DT Soft Ltd)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2013-03-10] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2012-05-09] (FNet Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-19 18:57 - 2013-12-19 18:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-19 18:57 - 2013-12-19 18:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-19 18:44 - 2013-12-19 18:44 - 00000222 _____ C:\Users\Junjun\Desktop\PlanetSide 2.url
2013-12-15 16:55 - 2013-12-15 16:55 - 00000000 ____D C:\FRST
2013-12-14 22:56 - 2013-12-14 22:57 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-13 20:46 - 2013-12-13 20:46 - 00000222 _____ C:\Users\Junjun\Desktop\Wasteland 2.url
2013-12-13 11:25 - 2013-12-13 11:27 - 00022501 _____ C:\Users\Junjun\Desktop\dds.txt
2013-12-13 11:25 - 2013-12-13 11:25 - 00008964 _____ C:\Users\Junjun\Desktop\attach.txt
2013-12-12 20:07 - 2013-12-12 20:07 - 00002851 _____ C:\Users\Junjun\Desktop\RKreport[0]_D_12122013_200709.txt
2013-12-12 20:06 - 2013-12-12 20:06 - 00002708 _____ C:\Users\Junjun\Desktop\RKreport[0]_S_12122013_200650.txt
2013-12-12 18:08 - 2013-12-12 18:08 - 00002675 _____ C:\Users\Junjun\Desktop\RKreport[0]_S_12122013_180859.txt
2013-12-12 18:06 - 2013-12-12 20:07 - 00000000 ____D C:\Users\Junjun\Desktop\RK_Quarantine
2013-12-11 11:27 - 2013-12-11 11:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-10 23:49 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-10 23:49 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-10 23:49 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-10 23:49 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-10 23:49 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-10 23:49 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-10 23:49 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-10 23:49 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-10 23:49 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-10 23:49 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-10 23:49 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-10 23:49 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-10 23:49 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-10 23:49 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-10 23:49 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-10 23:49 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-10 23:49 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-10 23:49 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-10 23:49 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-10 23:49 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-10 23:49 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-10 23:49 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-10 23:49 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-10 23:49 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-10 23:49 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-10 23:49 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-10 23:49 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-10 23:49 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-10 23:49 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-10 23:49 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-10 23:49 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-10 23:20 - 2013-12-10 23:20 - 00000936 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk
2013-12-10 23:20 - 2013-12-10 23:20 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2013-12-10 23:14 - 2013-12-10 23:14 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-12-10 22:59 - 2013-12-11 10:59 - 09272200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-10 22:33 - 2013-11-11 18:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-10 22:33 - 2013-11-11 18:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-10 22:33 - 2013-10-29 17:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-10 22:33 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-10 22:33 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-10 22:33 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-10 22:33 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 22:32 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-10 22:32 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-10 22:32 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-10 22:32 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-10 22:32 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-10 22:32 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-10 22:32 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-10 22:32 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-10 15:05 - 2013-12-10 15:07 - 00000222 _____ C:\Users\Junjun\Desktop\Starbound.url
2013-12-05 13:00 - 2013-12-05 13:00 - 00003544 _____ C:\Windows\System32\Tasks\HP AR Program Upload - cc0129a021884eb99e2db0a3484d7655a7ce5567cf8c47dbbb2deb6bab917d5f
2013-12-05 13:00 - 2013-12-05 13:00 - 00003544 _____ C:\Windows\System32\Tasks\HP AR Program Upload - 5560f9c376a1463f8b439ca4eb3fedbec8bc736c9e8b466481aa1fabf299be0f
2013-12-04 19:59 - 2013-12-04 19:59 - 00001995 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2013-12-04 19:59 - 2013-12-04 19:59 - 00000000 ____D C:\ProgramData\Visan
2013-12-04 19:59 - 2013-12-04 19:59 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-12-04 19:59 - 2013-12-04 19:59 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-12-04 19:59 - 2013-12-04 19:59 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-12-04 19:58 - 2013-12-18 22:32 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\HpUpdate
2013-12-04 19:58 - 2013-12-04 19:59 - 00000000 ____D C:\Program Files (x86)\HP
2013-12-04 19:58 - 2013-12-04 19:58 - 00003614 _____ C:\Windows\System32\Tasks\HPCustParticipation HP ENVY 5530 series
2013-12-04 19:58 - 2013-12-04 19:58 - 00002176 _____ C:\Users\Public\Desktop\HP ENVY 5530 series.lnk
2013-12-04 19:58 - 2013-12-04 19:58 - 00001138 _____ C:\Users\Public\Desktop\Shop for Supplies - HP ENVY 5530 series.lnk
2013-12-04 19:58 - 2013-12-04 19:58 - 00000057 _____ C:\ProgramData\Ament.ini
2013-12-04 19:58 - 2013-12-04 19:58 - 00000000 ____D C:\ProgramData\HP
2013-12-04 19:58 - 2013-12-04 19:58 - 00000000 ____D C:\Program Files\HP
2013-12-04 19:58 - 2013-08-13 13:42 - 00762400 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC311.dll
2013-12-04 19:54 - 2013-12-04 20:04 - 00000000 ____D C:\Users\Junjun\AppData\Local\HP
2013-12-03 18:27 - 2013-10-30 09:03 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-12-03 18:27 - 2013-10-30 09:02 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-12-02 15:28 - 2013-12-02 15:28 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\openvr
2013-12-02 15:08 - 2013-12-02 15:08 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\Guild Wars 2
2013-11-30 23:04 - 2013-12-03 20:58 - 00000000 ____D C:\Users\Junjun\Documents\Baldur's Gate - Enhanced Edition
2013-11-29 18:12 - 2013-11-29 18:12 - 00000840 _____ C:\Users\Junjun\Desktop\eset.txt
2013-11-29 13:54 - 2013-11-29 13:54 - 00001316 _____ C:\Users\Junjun\Desktop\JRT.txt
2013-11-29 13:49 - 2013-11-29 13:49 - 00000000 ____D C:\Windows\ERUNT
2013-11-29 13:45 - 2013-11-29 13:45 - 00030590 _____ C:\Users\Junjun\Desktop\AdwCleaner[S0].txt
2013-11-29 13:39 - 2013-12-11 22:57 - 00000000 ____D C:\AdwCleaner
2013-11-29 13:38 - 2013-11-29 13:38 - 00098768 _____ C:\Users\Junjun\Desktop\result2.txt
2013-11-29 13:35 - 2013-11-29 13:35 - 00029547 _____ C:\Users\Junjun\Desktop\Result.txt
2013-11-28 12:10 - 2013-11-28 12:10 - 00000212 _____ C:\Users\Junjun\Desktop\Baldur's Gate Enhanced Edition.url
2013-11-21 19:16 - 2013-11-21 19:40 - 00006085 _____ C:\Users\Junjun\Documents\TombRaider.log

==================== One Month Modified Files and Folders =======

2013-12-20 17:09 - 2012-05-12 12:39 - 00000000 ____D C:\Users\Junjun\AppData\Local\PMB Files
2013-12-20 17:08 - 2012-05-10 15:04 - 00000000 ___RD C:\Users\Junjun\Desktop\Multimedia
2013-12-20 17:06 - 2012-05-09 18:06 - 02021777 _____ C:\Windows\WindowsUpdate.log
2013-12-20 17:05 - 2012-05-10 19:58 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-20 17:01 - 2012-05-10 09:15 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-20 17:01 - 2012-05-09 18:40 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-20 17:01 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-20 17:01 - 2009-07-13 20:51 - 00175427 _____ C:\Windows\setupact.log
2013-12-20 12:41 - 2012-05-10 09:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-20 12:33 - 2013-06-07 21:05 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1366853064-4064985979-2904789789-1000UA.job
2013-12-20 11:59 - 2012-05-10 09:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-20 11:56 - 2009-07-13 20:45 - 00022272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-20 11:56 - 2009-07-13 20:45 - 00022272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-19 21:53 - 2012-05-09 18:32 - 00067174 _____ C:\Windows\PFRO.log
2013-12-19 21:12 - 2012-06-02 16:03 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\Skype
2013-12-19 18:57 - 2013-12-19 18:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-19 18:57 - 2013-12-19 18:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-19 18:44 - 2013-12-19 18:44 - 00000222 _____ C:\Users\Junjun\Desktop\PlanetSide 2.url
2013-12-19 18:44 - 2012-05-10 20:02 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-12-19 14:14 - 2012-05-12 12:39 - 00000000 ____D C:\ProgramData\PMB Files
2013-12-18 23:39 - 2012-05-10 09:15 - 00000000 ____D C:\Users\Junjun\AppData\Local\Google
2013-12-18 22:32 - 2013-12-04 19:58 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\HpUpdate
2013-12-18 19:28 - 2013-02-07 02:27 - 00415502 _____ C:\Windows\system32\perfh011.dat
2013-12-18 19:28 - 2013-02-07 02:27 - 00120996 _____ C:\Windows\system32\perfc011.dat
2013-12-18 19:28 - 2009-07-13 21:13 - 01306938 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-17 22:28 - 2013-11-05 21:22 - 00000000 ____D C:\Users\Junjun\Desktop\CNA
2013-12-17 21:32 - 2013-06-07 21:05 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1366853064-4064985979-2904789789-1000Core.job
2013-12-17 12:36 - 2012-05-11 17:15 - 00000000 ____D C:\Users\Junjun\AppData\Local\CrashDumps
2013-12-16 17:18 - 2013-10-22 15:18 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2013-12-16 17:15 - 2013-07-12 13:16 - 00000000 ____D C:\Users\Junjun\AppData\Local\Battle.net
2013-12-16 16:47 - 2013-07-12 13:24 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-12-16 16:46 - 2012-08-26 19:13 - 00000000 ____D C:\Users\Junjun\Desktop\torrents
2013-12-15 16:55 - 2013-12-15 16:55 - 00000000 ____D C:\FRST
2013-12-14 23:00 - 2012-05-11 17:54 - 00000000 ____D C:\Users\Junjun\Documents\My Games
2013-12-14 22:57 - 2013-12-14 22:56 - 00000000 ____D C:\ProgramData\Package Cache
2013-12-14 18:27 - 2013-08-12 01:03 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 18:25 - 2012-05-13 17:09 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 20:46 - 2013-12-13 20:46 - 00000222 _____ C:\Users\Junjun\Desktop\Wasteland 2.url
2013-12-13 11:27 - 2013-12-13 11:25 - 00022501 _____ C:\Users\Junjun\Desktop\dds.txt
2013-12-13 11:25 - 2013-12-13 11:25 - 00008964 _____ C:\Users\Junjun\Desktop\attach.txt
2013-12-12 21:33 - 2012-08-26 19:13 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\BitTorrent
2013-12-12 20:07 - 2013-12-12 20:07 - 00002851 _____ C:\Users\Junjun\Desktop\RKreport[0]_D_12122013_200709.txt
2013-12-12 20:07 - 2013-12-12 18:06 - 00000000 ____D C:\Users\Junjun\Desktop\RK_Quarantine
2013-12-12 20:06 - 2013-12-12 20:06 - 00002708 _____ C:\Users\Junjun\Desktop\RKreport[0]_S_12122013_200650.txt
2013-12-12 18:08 - 2013-12-12 18:08 - 00002675 _____ C:\Users\Junjun\Desktop\RKreport[0]_S_12122013_180859.txt
2013-12-11 22:57 - 2013-11-29 13:39 - 00000000 ____D C:\AdwCleaner
2013-12-11 21:58 - 2012-05-10 14:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-11 11:27 - 2013-12-11 11:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-11 10:59 - 2013-12-10 22:59 - 09272200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-12-11 10:59 - 2012-05-10 09:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 10:59 - 2012-05-10 09:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 10:59 - 2012-05-10 09:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 10:30 - 2009-07-13 20:45 - 00291432 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-10 23:50 - 2009-07-13 18:34 - 00000499 _____ C:\Windows\win.ini
2013-12-10 23:20 - 2013-12-10 23:20 - 00000936 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk
2013-12-10 23:20 - 2013-12-10 23:20 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2013-12-10 23:18 - 2012-07-10 09:29 - 00000000 ____D C:\Users\Junjun\Documents\Guild Wars 2
2013-12-10 23:15 - 2013-10-19 15:14 - 00000000 ____D C:\Users\Junjun\AppData\Local\Deployment
2013-12-10 23:14 - 2013-12-10 23:14 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2013-12-10 23:13 - 2013-11-06 17:43 - 00000000 ____D C:\ProgramData\BitRaider
2013-12-10 15:07 - 2013-12-10 15:05 - 00000222 _____ C:\Users\Junjun\Desktop\Starbound.url
2013-12-10 01:37 - 2012-09-17 18:32 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\vlc
2013-12-09 21:27 - 2013-06-07 21:05 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1366853064-4064985979-2904789789-1000UA
2013-12-09 21:27 - 2013-06-07 21:05 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1366853064-4064985979-2904789789-1000Core
2013-12-05 21:30 - 2013-01-23 22:21 - 00000000 ____D C:\Program Files (x86)\epson
2013-12-05 13:21 - 2013-07-12 13:16 - 00000000 ____D C:\Program Files (x86)\Battle.net
2013-12-05 13:00 - 2013-12-05 13:00 - 00003544 _____ C:\Windows\System32\Tasks\HP AR Program Upload - cc0129a021884eb99e2db0a3484d7655a7ce5567cf8c47dbbb2deb6bab917d5f
2013-12-05 13:00 - 2013-12-05 13:00 - 00003544 _____ C:\Windows\System32\Tasks\HP AR Program Upload - 5560f9c376a1463f8b439ca4eb3fedbec8bc736c9e8b466481aa1fabf299be0f
2013-12-04 20:04 - 2013-12-04 19:54 - 00000000 ____D C:\Users\Junjun\AppData\Local\HP
2013-12-04 20:00 - 2012-05-09 18:06 - 00000000 ___RD C:\Users\Junjun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-04 19:59 - 2013-12-04 19:59 - 00001995 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2013-12-04 19:59 - 2013-12-04 19:59 - 00000000 ____D C:\ProgramData\Visan
2013-12-04 19:59 - 2013-12-04 19:59 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-12-04 19:59 - 2013-12-04 19:59 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2013-12-04 19:59 - 2013-12-04 19:59 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2013-12-04 19:59 - 2013-12-04 19:58 - 00000000 ____D C:\Program Files (x86)\HP
2013-12-04 19:58 - 2013-12-04 19:58 - 00003614 _____ C:\Windows\System32\Tasks\HPCustParticipation HP ENVY 5530 series
2013-12-04 19:58 - 2013-12-04 19:58 - 00002176 _____ C:\Users\Public\Desktop\HP ENVY 5530 series.lnk
2013-12-04 19:58 - 2013-12-04 19:58 - 00001138 _____ C:\Users\Public\Desktop\Shop for Supplies - HP ENVY 5530 series.lnk
2013-12-04 19:58 - 2013-12-04 19:58 - 00000057 _____ C:\ProgramData\Ament.ini
2013-12-04 19:58 - 2013-12-04 19:58 - 00000000 ____D C:\ProgramData\HP
2013-12-04 19:58 - 2013-12-04 19:58 - 00000000 ____D C:\Program Files\HP
2013-12-04 17:12 - 2013-01-28 12:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-04 17:12 - 2012-06-02 16:03 - 00000000 ____D C:\ProgramData\Skype
2013-12-03 22:38 - 2013-08-15 19:08 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\uTorrent
2013-12-03 20:58 - 2013-11-30 23:04 - 00000000 ____D C:\Users\Junjun\Documents\Baldur's Gate - Enhanced Edition
2013-12-03 18:29 - 2013-03-27 17:44 - 00000000 ____D C:\Users\Junjun\AppData\Local\NVIDIA
2013-12-03 18:28 - 2013-11-12 19:28 - 00000000 ____D C:\Users\Junjun\AppData\Local\NVIDIA Corporation
2013-12-03 18:28 - 2012-07-20 17:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-03 18:27 - 2012-05-09 18:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-03 18:27 - 2012-05-09 18:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-12-02 22:36 - 2012-05-10 09:15 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-02 22:36 - 2012-05-10 09:15 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-02 15:28 - 2013-12-02 15:28 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\openvr
2013-12-02 15:11 - 2013-11-19 15:10 - 00000000 ____D C:\Program Files (x86)\Zenimax Online
2013-12-02 15:11 - 2013-04-17 18:28 - 00010135 _____ C:\Users\Junjun\Documents\Uninstall STAR WARS The Old Republic.log
2013-12-02 15:08 - 2013-12-02 15:08 - 00000000 ____D C:\Users\Junjun\AppData\Roaming\Guild Wars 2
2013-12-02 13:33 - 2013-01-09 14:19 - 00000000 ____D C:\Users\Junjun\AppData\Local\Warframe
2013-11-29 18:12 - 2013-11-29 18:12 - 00000840 _____ C:\Users\Junjun\Desktop\eset.txt
2013-11-29 13:54 - 2013-11-29 13:54 - 00001316 _____ C:\Users\Junjun\Desktop\JRT.txt
2013-11-29 13:49 - 2013-11-29 13:49 - 00000000 ____D C:\Windows\ERUNT
2013-11-29 13:45 - 2013-11-29 13:45 - 00030590 _____ C:\Users\Junjun\Desktop\AdwCleaner[S0].txt
2013-11-29 13:38 - 2013-11-29 13:38 - 00098768 _____ C:\Users\Junjun\Desktop\result2.txt
2013-11-29 13:35 - 2013-11-29 13:35 - 00029547 _____ C:\Users\Junjun\Desktop\Result.txt
2013-11-29 08:56 - 2013-11-02 17:30 - 01096480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-29 08:56 - 2013-11-02 17:30 - 00979744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-28 12:10 - 2013-11-28 12:10 - 00000212 _____ C:\Users\Junjun\Desktop\Baldur's Gate Enhanced Edition.url
2013-11-26 03:54 - 2013-12-10 23:49 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 02:19 - 2013-12-10 23:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 02:18 - 2013-12-10 23:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 02:11 - 2013-12-10 23:49 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 01:48 - 2013-12-10 23:49 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 01:46 - 2013-12-10 23:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 01:41 - 2013-12-10 23:49 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 01:29 - 2013-12-10 23:49 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 01:27 - 2013-12-10 23:49 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 01:23 - 2013-12-10 23:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 01:21 - 2013-12-10 23:49 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 01:18 - 2013-12-10 23:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 01:18 - 2013-12-10 23:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 01:16 - 2013-12-10 23:49 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 00:57 - 2013-12-10 23:49 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 00:38 - 2013-12-10 23:49 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 00:38 - 2013-12-10 23:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 00:35 - 2013-12-10 23:49 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 00:32 - 2013-12-10 23:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 00:28 - 2013-12-10 23:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 00:16 - 2013-12-10 23:49 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 00:02 - 2013-12-10 23:49 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-25 23:48 - 2013-12-10 23:49 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-25 23:32 - 2013-12-10 23:49 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-25 23:26 - 2013-12-10 23:49 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-25 23:07 - 2013-12-10 23:49 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-25 22:40 - 2013-12-10 23:49 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-25 22:34 - 2013-12-10 23:49 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-25 22:34 - 2013-12-10 23:49 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-25 22:33 - 2013-12-10 23:49 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-25 22:27 - 2013-12-10 23:49 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-21 23:14 - 2013-05-03 00:14 - 00000000 ____D C:\Users\Junjun\Desktop\book
2013-11-21 23:14 - 2012-10-18 17:27 - 00000000 ____D C:\Users\Junjun\Desktop\books
2013-11-21 19:40 - 2013-11-21 19:16 - 00006085 _____ C:\Users\Junjun\Documents\TombRaider.log
2013-11-20 17:30 - 2013-05-09 00:28 - 00000000 ____D C:\Users\Public\Games

Some content of TEMP:
====================
C:\Users\Junjun\AppData\Local\Temp\Gw2.exe
C:\Users\Junjun\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Junjun\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-29 14:26

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-12-2013 02
Ran by Junjun at 2013-12-20 17:10:05
Running from C:\Users\Junjun\Desktop\Multimedia
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7-Zip 9.20 (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Absolute Nature for S.T.A.L.K.E.R - Shadow of Chernobyl (x32)
Absolute Structures for S.T.A.L.K.E.R - Shadow of Chernobyl (x32)
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.1.377)
Adobe AIR (x32 Version: 3.9.0.1030)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
AMD USB Filter Driver (x32 Version: 1.0.14.91)
ASRock App Charger v1.0.5
ASRock eXtreme Tuner v0.1.122 (x32)
ASRock InstantBoot v1.29 (x32)
ASUS E-Green Uninstall (x32)
ATI Catalyst Install Manager (Version: 3.0.762.0)
Baldur's Gate: Enhanced Edition (x32)
Bandisoft MPEG-1 Decoder (x32)
Battle.net (x32)
Battlelog Web Plugins (x32 Version: 2.3.0)
BioWare Premium Module: Neverwinter Nights™ Kingmaker (x32)
BitRaider Web Client (x32 Version: 1.1.9.4)
BOSS (x32 Version: 2.1.1)
CameraHelperMsi (x32 Version: 13.50.854.0)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Curse Client (HKCU Version: 5.1.1.792)
DAEMON Tools Lite (x32 Version: 4.46.1.0328)
Deus Ex - HDTP (x32)
Dota 2 (x32)
Dragon Age Redesigned © Morrigan (HKCU)
Dragon Age Redesigned Oghren© (HKCU)
Dragon Age Redesigned©  Zevran (HKCU)
Dragon Age Redesigned© (HKCU)
Dragon Age Redesigned© Leliana (HKCU)
Dragon Age Redesigned© Sten (HKCU)
Dragon Age Redesigned© Wynne (HKCU)
Dropbox (HKCU Version: 2.0.22)
E-Hammer (x32 Version: 1.0.0)
EPSON Printer Software
erLT (x32 Version: 1.20.0137)
erLT (x32 Version: 1.20.138.34)
ESET Online Scanner v3 (x32)
ESN Sonar (x32 Version: 0.70.4)
Etron USB3.0 Host Controller (x32 Version: 0.104)
EVGA Precision 2.0.4 (x32 Version: 2.0.4)
Fallout Mod Manager 0.13.21 (x32)
FINAL FANTASY XIV - A Realm Reborn (x32 Version: 1.0.0000)
Fraps (x32)
FTL: Faster Than Light (x32)
gamelauncher-code4344-beta (HKCU)
GeForce Experience NvStream Client Components (Version: 1.6.28)
Google Chrome (x32 Version: 31.0.1650.63)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320)
Google Update Helper (x32 Version: 1.3.22.3)
Grooveshark (x32 Version: 0.2.0)
Guild Wars 2 (x32)
Happy Cloud Client (HKCU Version: 1.374)
HashCheck Shell Extension (x86-32) (x32 Version: 2.1.11.1)
HashCheck Shell Extension (x86-64) (Version: 2.1.11.1)
Hearthstone (x32)
HP ENVY 5530 series Basic Device Software (Version: 32.0.1180.44630)
HP ENVY 5530 series Help (x32 Version: 30.0.0)
HP FWUpdateEDO2 (x32 Version: 1.2.0.0)
HP Photo Creations (x32 Version: 1.0.0.7702)
HP Update (x32 Version: 5.005.002.002)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
JavaFX 2.1.0 (x32 Version: 2.1.0)
League of Legends (x32 Version: 1.3)
Left 4 Dead 2 Dedicated Server (x32)
Logitech SetPoint 5.20 (Version: 5.20)
Logitech Webcam Software (x32 Version: 2.0)
LWS Facebook (x32 Version: 13.50.854.0)
LWS Gallery (x32 Version: 13.50.854.0)
LWS Help_main (x32 Version: 13.50.862.0)
LWS Launcher (x32 Version: 13.50.859.0)
LWS Motion Detection (x32 Version: 13.30.1395.0)
LWS Pictures And Video (x32 Version: 13.50.861.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Video Mask Maker (x32 Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (x32 Version: 13.31.1038.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.31.1038.0)
Magic 2014  (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (x32 Version: 12.0.21005.1)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (x32 Version: 12.0.21005.1)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0)
Mozilla Maintenance Service (x32 Version: 26.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mumble 1.2.3 (x32 Version: 1.2.3)
Music Manager (HKCU)
NCLEX-PN 3000 - Institutional Version (x32)
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0)
Nero BurnRights 10 (x32 Version: 4.0.11300.14.100)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Control Center 10 (x32 Version: 10.0.12900.2.6)
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Core Components 10 (x32 Version: 2.0.16800.7.15)
Nero CoverDesigner 10 (x32 Version: 5.0.11200.16.100)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10900)
Nero DiscSpeed 10 (x32 Version: 6.0.11400.18.100)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Express 10 (x32 Version: 10.0.12300.23.100)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10900)
Nero InfoTool 10 (x32 Version: 7.0.11400.15.100)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10900)
Nero MediaHub 10 (x32 Version: 1.0.14800.28.100)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.0.10300)
Nero StartSmart 10 (x32 Version: 10.0.12600.30.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10900)
Nero Update (x32 Version: 1.0.0018)
Nexon Game Manager (x32)
Nexus Mod Manager (Version: 0.45.4)
NVIDIA 3D Vision Controller Driver 314.22 (Version: 314.22)
NVIDIA 3D Vision Driver 314.22 (Version: 314.22)
NVIDIA Control Panel 314.22 (Version: 314.22)
NVIDIA Endless City demo (x32 Version: 1.0)
NVIDIA GeForce Experience 1.8 (Version: 1.8)
NVIDIA Graphics Driver 314.22 (Version: 314.22)
NVIDIA HD Audio Driver 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.142.992)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA Network Service (Version: 1.0)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA ShadowPlay 10.10.5 (Version: 10.10.5)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422)
NVIDIA Update 10.10.5 (Version: 10.10.5)
NVIDIA Update Core (Version: 10.10.5)
NVIDIA Virtual Audio 1.2.12 (Version: 1.2.12)
Oblivion mod manager 1.1.12 (x32)
OpenAL (x32)
Origin (x32 Version: 9.3.7.2735)
Pando Media Booster (x32 Version: 2.6.0.8)
Pandora Service (x32)
PlanetSide 2 (x32)
Portal 2 Publishing Tool (x32)
PowerISO (x32)
Product Improvement Study for HP ENVY 5530 series (Version: 32.0.1180.44630)
PunkBuster Services (x32 Version: 0.991)
Quake Live Mozilla Plugin (x32 Version: 1.0.520)
RaidCall (x32 Version: 7.2.4-1.0.7299.14)
Rainmeter (x32 Version: 2.2 r1116)
Realtek Ethernet Controller Driver (x32 Version: 7.44.421.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6378)
SHIELD Streaming (Version: 1.6.75)
Skype Click to Call (x32 Version: 6.13.13771)
Skype™ 6.11 (x32 Version: 6.11.102)
Source SDK Base 2007 (x32)
Splashtop Connect IE (x32 Version: 1.1.12.1)
Spybot - Search & Destroy (x32 Version: 1.6.2)
SpywareBlaster 4.6 (x32 Version: 4.6.0)
Starbound (x32)
Steam (x32 Version: 1.0.0.0)
Straight A's in Medical-Surgical Nursing - 2nd Edition (x32)
Straight A's in Psychiatric & Mental Health Nursing (x32)
System Requirements Lab CYRI (x32 Version: 6.0.8.0)
System Requirements Lab Test (x32 Version: 5.0.6.0)
Team Fortress 2 (x32)
TeamSpeak 3 Client (Version: 3.0.13.1)
The Binding of Isaac (x32)
The KMPlayer (remove only) (x32)
THX TruStudio (x32 Version: 1.00.01)
Unofficial Oblivion Patch v3.2.0 (x32 Version: 3.2.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
User's Guides (Version: 1.20.0000)
Vampire: The Masquerade - Bloodlines (x32)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Wasteland 2 (x32)
Windows 7 Manager (Version: 1.1.3)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
World of Warcraft (x32)
XCOM: Enemy Unknown (x32)
XFast LAN v6.61 (Version: 6.61)
XFast USB (x32)
YUME MIRU KUSURI (x32 Version: 1.00.0000)
グリザイアの果実 (x32)
真剣で私に恋しなさい! (HKCU)
真剣で私に恋しなさい!A-1 (HKCU)
真剣で私に恋しなさい!S (HKCU)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-13 18:34 - 2012-06-29 12:20 - 00442922 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {16CBFC93-B8CE-46F4-9EC9-C65C789B59DE} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {29BDADB1-4230-459C-99AF-0AB69D064B43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10] (Google Inc.)
Task: {4177E39F-0091-4CA0-BAD2-5861A825F193} - System32\Tasks\HP AR Program Upload - 5560f9c376a1463f8b439ca4eb3fedbec8bc736c9e8b466481aa1fabf299be0f => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {5EFAB1A5-CFC7-42D4-A264-D997530F363C} - System32\Tasks\HP AR Program Upload - cc0129a021884eb99e2db0a3484d7655a7ce5567cf8c47dbbb2deb6bab917d5f => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {6DB68F90-1911-4D68-A604-8A9071972EA0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10] (Google Inc.)
Task: {84E04C8C-D158-481C-B4C5-5145468D32AF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1366853064-4064985979-2904789789-1000Core => C:\Users\Junjun\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-07] (Google Inc.)
Task: {92F08ED3-5817-4DA1-9484-A046724EB41B} - System32\Tasks\{692AB4C4-1F9B-4A7E-9332-A1546B3FCA1E} => C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE [2013-08-27] (Microsoft Corporation)
Task: {994D0247-2B02-4F9B-9C22-FE93CD8A0BFB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {BD690621-2A84-4FB3-97CD-2796322AD0BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1366853064-4064985979-2904789789-1000UA => C:\Users\Junjun\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-07] (Google Inc.)
Task: {DC222E63-32CB-4EF1-BEAA-7D38C13D85EE} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1366853064-4064985979-2904789789-1000
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1366853064-4064985979-2904789789-1000Core.job => C:\Users\Junjun\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1366853064-4064985979-2904789789-1000UA.job => C:\Users\Junjun\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-05-30 22:38 - 2011-05-30 22:38 - 00062976 _____ () C:\Windows\system32\bdmpega64.acm
2012-05-09 18:14 - 2011-05-19 08:58 - 00246784 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2012-01-08 05:32 - 2012-01-08 05:32 - 00809672 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2012-01-08 05:31 - 2012-01-08 05:31 - 00025600 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.dll
2012-01-08 05:32 - 2012-01-08 05:32 - 00167424 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.dll
2012-01-08 05:32 - 2012-01-08 05:32 - 00028160 _____ () C:\Program Files\Rainmeter\Plugins\RecycleManager.dll
2011-02-10 17:45 - 2011-02-10 17:45 - 00026112 _____ () C:\Program Files\Rainmeter\Plugins\InputText.dll
2012-06-24 16:17 - 2011-12-06 15:19 - 01269760 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll
2012-06-24 16:17 - 2011-12-06 15:19 - 02090496 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avcodec-53.dll
2012-06-24 16:17 - 2011-12-06 15:19 - 00133632 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avutil-51.dll
2013-02-27 11:33 - 2013-02-27 11:33 - 10683392 _____ () C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-02-27 11:32 - 2013-02-27 11:32 - 07741952 _____ () C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-02-27 11:32 - 2013-02-27 11:32 - 02248192 _____ () C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2013-02-27 11:33 - 2013-02-27 11:33 - 01681408 _____ () C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2013-11-11 17:03 - 2013-11-11 17:03 - 00117248 _____ () C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2013-11-11 17:04 - 2013-11-11 17:04 - 00231936 _____ () C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2013-11-11 17:03 - 2013-11-11 17:03 - 00253440 _____ () C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2013-11-11 17:05 - 2013-11-11 17:05 - 00344064 _____ () C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-02-27 11:33 - 2013-02-27 11:33 - 00026624 _____ () C:\Users\Junjun\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-03-12 16:10 - 2013-11-06 13:48 - 00691200 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2012-05-10 19:59 - 2013-12-11 11:40 - 01135016 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-05-10 19:59 - 2013-11-06 13:48 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-05-10 19:59 - 2013-06-14 15:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-05-10 19:59 - 2013-06-14 15:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-05-10 19:59 - 2013-06-14 15:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-12-11 11:27 - 2013-12-11 11:27 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-11 10:59 - 2013-12-11 10:59 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/18/2013 11:34:30 PM) (Source: MsiInstaller) (User: Junjun-PC)
Description: Product: NVIDIA PhysX -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi

Error: (12/17/2013 00:35:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: WL2.exe, version: 4.2.2.12621, time stamp: 0x524d9d94
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc000041d
Fault offset: 0x000222d2
Faulting process id: 0x1324
Faulting application start time: 0xWL2.exe0
Faulting application path: WL2.exe1
Faulting module path: WL2.exe2
Report Id: WL2.exe3

Error: (12/15/2013 07:17:17 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (12/14/2013 11:58:48 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (12/13/2013 10:44:50 PM) (Source: Application Hang) (User: )
Description: The program Steam.exe version 2.4.35.50 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 129c

Start Time: 01cef89679b52f6a

Termination Time: 12

Application Path: C:\Program Files (x86)\Steam\Steam.exe

Report Id: 3566370d-648b-11e3-ac4a-bc5ff42be26a

Error: (12/13/2013 11:36:37 AM) (Source: Application Hang) (User: )
Description: The program dota.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 139c

Start Time: 01cef83a04c03c4a

Termination Time: 443

Application Path: C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe

Report Id: df2d04f6-642d-11e3-9757-bc5ff42be26a

Error: (12/12/2013 09:21:25 PM) (Source: Application Hang) (User: )
Description: The program Grooveshark.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13a8

Start Time: 01cef7bf21a30180

Termination Time: 9

Application Path: C:\Program Files (x86)\Grooveshark\Grooveshark.exe

Report Id: 661242aa-63b6-11e3-ac7c-bc5ff42be26a

Error: (12/12/2013 09:45:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 26.0.0.5087, time stamp: 0x52a0d293
Faulting module name: mozalloc.dll, version: 26.0.0.5087, time stamp: 0x52a0af28
Exception code: 0x80000003
Fault offset: 0x0000119c
Faulting process id: 0x111c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (12/11/2013 11:12:57 PM) (Source: Application Hang) (User: )
Description: The program starbound.exe version 0.9.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 108c

Start Time: 01cef70971b77f82

Termination Time: 2

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe

Report Id: d0c7cd25-62fc-11e3-b6b9-bc5ff42be26a

Error: (12/11/2013 03:37:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: starbound.exe, version: 0.9.0.0, time stamp: 0x52a790c1
Faulting module name: starbound.exe, version: 0.9.0.0, time stamp: 0x52a790c1
Exception code: 0x40000015
Fault offset: 0x00601602
Faulting process id: 0x1b28
Faulting application start time: 0xstarbound.exe0
Faulting application path: starbound.exe1
Faulting module path: starbound.exe2
Report Id: starbound.exe3


System errors:
=============
Error: (12/20/2013 05:02:11 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/20/2013 11:49:53 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/19/2013 09:53:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SBRE

Error: (12/19/2013 08:30:47 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (12/19/2013 08:25:47 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (12/19/2013 08:25:47 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (12/19/2013 08:25:46 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (12/19/2013 08:25:45 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (12/19/2013 08:20:45 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (12/19/2013 08:20:44 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.


Microsoft Office Sessions:
=========================
Error: (12/18/2013 11:34:30 PM) (Source: MsiInstaller)(User: Junjun-PC)
Description: Product: NVIDIA PhysX -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\_CommonRedist\PhysX\9.12.1031\PhysX_9.12.1031_SystemSoftware.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/17/2013 00:35:52 PM) (Source: Application Error)(User: )
Description: WL2.exe4.2.2.12621524d9d94ntdll.dll6.1.7601.18247521ea8e7c000041d000222d2132401cefb66c213e81aC:\Program Files (x86)\Steam\steamapps\common\Wasteland 2\Build\WL2.exeC:\Windows\SysWOW64\ntdll.dlld2063035-675a-11e3-a556-bc5ff42be26a

Error: (12/15/2013 07:17:17 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (12/14/2013 11:58:48 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (12/13/2013 10:44:50 PM) (Source: Application Hang)(User: )
Description: Steam.exe2.4.35.50129c01cef89679b52f6a12C:\Program Files (x86)\Steam\Steam.exe3566370d-648b-11e3-ac4a-bc5ff42be26a

Error: (12/13/2013 11:36:37 AM) (Source: Application Hang)(User: )
Description: dota.exe0.0.0.0139c01cef83a04c03c4a443C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exedf2d04f6-642d-11e3-9757-bc5ff42be26a

Error: (12/12/2013 09:21:25 PM) (Source: Application Hang)(User: )
Description: Grooveshark.exe0.0.0.013a801cef7bf21a301809C:\Program Files (x86)\Grooveshark\Grooveshark.exe661242aa-63b6-11e3-ac7c-bc5ff42be26a

Error: (12/12/2013 09:45:55 AM) (Source: Application Error)(User: )
Description: plugin-container.exe26.0.0.508752a0d293mozalloc.dll26.0.0.508752a0af28800000030000119c111c01cef7580c44e139C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3fd1fd85-6355-11e3-83a2-bc5ff42be26a

Error: (12/11/2013 11:12:57 PM) (Source: Application Hang)(User: )
Description: starbound.exe0.9.0.0108c01cef70971b77f822C:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exed0c7cd25-62fc-11e3-b6b9-bc5ff42be26a

Error: (12/11/2013 03:37:55 PM) (Source: Application Error)(User: )
Description: starbound.exe0.9.0.052a790c1starbound.exe0.9.0.052a790c140000015006016021b2801cef6c88303ffbbC:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exeC:\Program Files (x86)\Steam\steamapps\common\Starbound\win32\starbound.exe41eb8648-62bd-11e3-acae-bc5ff42be26a


==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 8187.64 MB
Available physical RAM: 5791.88 MB
Total Pagefile: 16373.47 MB
Available Pagefile: 13774.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:11.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 72419E4B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files



#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 AM

Posted 21 December 2013 - 04:42 PM

Please do this next:

icon11.gif  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 sunsigil

sunsigil
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 21 December 2013 - 11:32 PM

Here you go, I have attached the logs into the post. Thank you

Attached Files



#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 AM

Posted 22 December 2013 - 12:37 AM

Please do this next:

icon11.gif   Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

icon11.gif  You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:FRST\Quarantine or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • adwCleaner
  • MBAM log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 sunsigil

sunsigil
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 23 December 2013 - 03:38 AM

# AdwCleaner v3.016 - Report created 22/12/2013 at 17:11:44
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Junjun - JUNJUN-PC
# Running from : C:\Users\Junjun\Desktop\Multimedia\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Junjun\AppData\Roaming\Mozilla\Firefox\Profiles\6b1miq6m.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Junjun\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [30161 octets] - [29/11/2013 13:39:20]
AdwCleaner[R1].txt - [1029 octets] - [11/12/2013 22:56:32]
AdwCleaner[R2].txt - [893 octets] - [22/12/2013 17:11:44]
AdwCleaner[S0].txt - [30590 octets] - [29/11/2013 13:41:49]
AdwCleaner[S1].txt - [1091 octets] - [11/12/2013 22:57:29]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1073 octets] ##########
 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.23.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Junjun :: JUNJUN-PC [administrator]

12/22/2013 9:41:54 PM
mbam-log-2013-12-22 (21-41-54).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 670721
Time elapsed: 2 hour(s), 52 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

(end)
 

Attached Files



#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 AM

Posted 23 December 2013 - 04:30 PM

How is your computer running now?  Please do this next:

icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.

Please include the following in your next post:
  • How is the computer running now?
  • ESET log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 sunsigil

sunsigil
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 28 December 2013 - 11:03 PM

My computer is running fine thank you. I just wanna get rid of any traces of viruses or malware off my computer.

 

 

C:\Users\Junjun\AppData\Local\Temp\KMP_3.7.0.113.exe    a variant of Win32/CNETInstaller.B application
 

Attached Files


Edited by sunsigil, 28 December 2013 - 11:04 PM.


#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 AM

Posted 28 December 2013 - 11:25 PM

This will take care of that ESET detection:

icon11.gif   Open an elevated command window:

  • Click Start and type cmd in Start Search.
  • When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.
  • Copy the contents of the following code box then right click in the command window, select paste and press "Enter"
cmd /c del /a/f/q "C:\Users\Junjun\AppData\Local\Temp\KMP_3.7.0.113.exe"

Other than that, your logs look good now!  All I have left for you is some very important housekeeping:

icon11.gif  Your Adobe reader needs to be updated.  Please visit Adobe's site and grab the newest version.  Be sure to watch for and uncheck any boxes offering to install other software.

icon11.gif  Uninstall ComboFix

  • Press the Windows key + R on your keyboard or click Start -> Run.  Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Combofix_uninstall_image.jpg

icon11.gif  Download OTC to your desktop and run it


  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
  • Manually delete any remaining logs or tools from our fixes

icon11.gif  Double click on AdwCleaner.exe to run the tool again.


  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

icon11.gif  Download TFC to your desktop


  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't,  manually reboot to ensure a complete clean

icon11.gif  Finally, I'd like to make a couple of suggestions to help you stay clean in the future:


  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated.  Scan with them at least weekly.
  • Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

 


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:09 AM

Posted 03 January 2014 - 10:08 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users