Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Computer running not smooth.


  • This topic is locked This topic is locked
31 replies to this topic

#1 WinBMY

WinBMY

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 18 October 2014 - 09:35 PM

Recently, my Note-boot PC running not very smooth. And some time hanging there, and crash.

Would like to ask expert's help.

 

Here is the Farber Recovery Scanned result log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01
Ran by ASUS (administrator) on ASUS-PC on 19-10-2014 10:27:03
Running from C:\Users\ASUS\Desktop
Loaded Profile: ASUS (Available profiles: ASUS & 123)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: 中文 (繁體台灣)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2168424 2010-10-13] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-14] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-14] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IME14 CHT Setup] => C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110896 2012-03-14] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] => D:\CIS 8 Beta\COMODO\COMODO Internet Security\cistray.exe [1296088 2014-09-16] (COMODO)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-10-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-18] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-04-08] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2010-11-25] (CyberLink Corp.)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [48128 2012-01-16] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [IME14 CHT Setup] => C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333712 2012-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [EMET 4.1 Agent] => C:\Program Files (x86)\EMET 4.1\EMET_agent.exe [78992 2013-11-21] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4001696799-3722537429-2969441357-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-10-08] (Sandboxie Holdings, LLC)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1DF37C2486E3CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-TW
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\ndvqsvu8.default
FF DefaultSearchEngineuser_pref("browser.search.defaultenginename", "");: user_pref("browser.search.defaultenginename", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-14] (Atheros) [File not signed]
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-14] (Atheros Commnucations) [File not signed]
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S2 CmdAgent; D:\CIS 8 Beta\COMODO\COMODO Internet Security\cmdagent.exe [7504104 2014-09-16] (COMODO)
S3 cmdvirth; D:\CIS 8 Beta\COMODO\COMODO Internet Security\cmdvirth.exe [2264792 2014-09-16] (COMODO)
S2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
S2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
S2 ptservice; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe [17816 2014-07-10] (OpenVPN Technologies, Inc)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-10-08] (Sandboxie Holdings, LLC)
S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-26] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20696 2014-09-16] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [791112 2014-09-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-09-16] (COMODO)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [65024 2012-01-10] (Fresco Logic)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-09-16] (COMODO)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-04-25] (The OpenVPN Project) [File not signed]
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-30] (Sandboxie Holdings, LLC)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-10-17] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-20] ()
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-19 10:27 - 2014-10-19 10:27 - 00011581 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-10-19 10:26 - 2014-10-19 10:27 - 00000000 ____D () C:\FRST
2014-10-19 10:26 - 2014-10-19 10:26 - 02112000 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-10-19 09:50 - 2014-10-19 09:50 - 00000000 ___RD () C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-10-19 09:48 - 2014-10-19 09:48 - 00000000 ____D () C:\Windows\SysWOW64\dw蠉dwxu珮videace
2014-10-19 08:34 - 2014-10-19 08:34 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu暝videace
2014-10-18 21:34 - 2014-10-18 21:34 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu餐videace
2014-10-18 17:19 - 2014-10-18 17:19 - 00000000 ____D () C:\Windows\SysWOW64\Pw蠉Pwxu珮videace
2014-10-18 16:12 - 2014-10-18 16:12 - 00003104 _____ () C:\Windows\System32\Tasks\{E7358262-2873-495B-B361-24C0F2CF7D5B}
2014-10-17 22:38 - 2014-10-17 22:38 - 00000000 ____D () C:\Windows\SysWOW64\鑿蠉鑿xu墦videace
2014-10-17 12:54 - 2014-10-17 12:54 - 00000000 ____D () C:\Windows\SysWOW64\{w蠉{wxuvideace
2014-10-17 10:33 - 2014-10-17 10:33 - 00000000 ____D () C:\Windows\SysWOW64\iw蠉iwxu嫹videace
2014-10-17 09:48 - 2014-10-17 09:48 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\ASUS\Desktop\ADSSpy.exe
2014-10-17 08:47 - 2014-10-17 08:47 - 00000000 ____D () C:\Windows\SysWOW64\Iw蠉Iwxu蓋videace
2014-10-16 20:18 - 2014-10-16 20:18 - 00000000 ____D () C:\Windows\SysWOW64\捵蠉捵xu鈾videace
2014-10-15 15:55 - 2014-10-15 15:55 - 00000000 ____D () C:\Windows\SysWOW64\宨蠉宨xu許videace
2014-10-15 08:39 - 2014-10-15 08:39 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu沔videace
2014-10-14 18:45 - 2014-10-14 18:45 - 00000000 ____D () C:\Windows\SysWOW64\蠉xuvideace
2014-10-14 14:16 - 2014-10-14 14:16 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu兝videace
2014-10-13 19:32 - 2014-10-13 19:32 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu髏videace
2014-10-13 08:45 - 2014-10-13 09:08 - 00019702 _____ () C:\Users\ASUS\Documents\Weekly Pipeline 2014 1013.xlsx
2014-10-12 15:04 - 2014-10-12 15:04 - 00000000 ____D () C:\Windows\SysWOW64\yw蠉ywxu狖videace
2014-10-12 10:41 - 2014-10-15 20:22 - 00027653 _____ () C:\Users\ASUS\Documents\Solar Power Plant Figure.xlsx
2014-10-09 21:14 - 2014-10-09 21:14 - 00000000 ____D () C:\Windows\SysWOW64\w蠉wxu兝videace
2014-10-09 20:37 - 2014-10-09 20:37 - 00000000 ____D () C:\Windows\SysWOW64\%w蠉%wxuvideace
2014-10-08 19:48 - 2014-10-08 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-10-08 19:48 - 2014-10-08 19:47 - 00000898 _____ () C:\Users\ASUS\Desktop\Sandboxed Web Browser.lnk
2014-10-08 19:46 - 2014-10-08 19:46 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\ASUS\Desktop\SandboxieInstall.exe
2014-10-08 19:45 - 2014-10-19 08:53 - 00208128 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-10-08 17:29 - 2014-10-08 17:29 - 00000000 ____D () C:\Windows\SysWOW64\Rw蠉Rwxu惝videace
2014-10-08 17:07 - 2014-10-08 17:07 - 00000000 ____D () C:\Windows\SysWOW64\針蠉針xu踊videace
2014-10-08 16:21 - 2014-10-08 16:21 - 00000000 ____D () C:\Windows\SysWOW64\蠉xuvideace
2014-10-07 20:25 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\SysWOW64\Pw蠉Pwxu娖videace
2014-10-03 11:57 - 2014-10-03 11:57 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-03 11:57 - 2014-10-03 11:57 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-03 11:02 - 2014-10-03 11:02 - 00000000 ____D () C:\Windows\SysWOW64\蠉xuvideace
2014-10-03 10:22 - 2014-10-03 10:22 - 00000000 ____D () C:\Windows\SysWOW64\繗蠉繗xuvideace
2014-09-30 22:01 - 2014-09-30 22:01 - 00000000 ____D () C:\Windows\SysWOW64\aw蠉awxu縷videace
2014-09-30 08:24 - 2014-09-30 08:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-30 08:24 - 2014-09-30 08:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-28 08:57 - 2014-09-28 08:57 - 00000000 ____D () C:\Windows\SysWOW64\庪蠉庪xuvideace
2014-09-27 05:51 - 2014-09-27 05:51 - 00000000 ____D () C:\Windows\SysWOW64\宨蠉宨xu涂videace
2014-09-25 22:33 - 2014-09-25 22:33 - 00000000 ____D () C:\Windows\SysWOW64\hw蠉hwxuvideace
2014-09-25 22:15 - 2014-09-25 22:15 - 00001659 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2014-09-25 22:15 - 2014-09-25 22:15 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-09-25 22:11 - 2014-09-25 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-09-25 22:11 - 2014-09-25 22:11 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2014-09-25 22:11 - 2014-09-25 22:11 - 00001122 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2014-09-25 22:10 - 2014-09-25 22:10 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-09-25 22:06 - 2014-09-25 22:06 - 00000000 ____D () C:\Windows\SysWOW64\Gw蠉Gwxu豹videace
2014-09-25 22:01 - 2014-09-25 22:01 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu柦videace
2014-09-25 16:31 - 2014-09-25 16:19 - 220810816 _____ (COMODO) C:\Users\ASUS\Desktop\cispremium_installer.exe
2014-09-25 13:10 - 2014-10-19 09:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-09-23 13:10 - 2014-09-23 18:10 - 00013805 _____ () C:\Users\ASUS\Documents\Indonesia Cement Market.xlsx
2014-09-21 17:25 - 2014-09-21 17:25 - 00000233 _____ () C:\Users\ASUS\Desktop\土地換算單.txt
2014-09-21 16:20 - 2014-09-21 16:20 - 00000000 ____D () C:\Windows\SysWOW64\蠉xuvideace
2014-09-21 15:58 - 2014-09-21 15:58 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-21 15:58 - 2014-09-21 15:58 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-21 15:58 - 2014-09-21 15:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-21 07:13 - 2014-09-21 07:13 - 36457624 _____ (Mozilla) C:\Users\ASUS\Desktop\Firefox-full-latest.exe
2014-09-20 15:13 - 2014-09-20 15:13 - 00000000 ____D () C:\Windows\SysWOW64\燸蠉燸xu琵videace
2014-09-19 07:14 - 2014-09-19 07:14 - 00000000 ____D () C:\Windows\SysWOW64\$w蠉$wxu茻videace
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-19 10:26 - 2012-10-10 14:32 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-10-19 10:17 - 2014-04-17 19:37 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
2014-10-19 10:17 - 2012-11-07 04:42 - 01619832 _____ () C:\Windows\WindowsUpdate.log
2014-10-19 10:16 - 2012-04-14 09:10 - 00000000 ____D () C:\Users\ASUS\AppData\Local\CrashDumps
2014-10-19 10:11 - 2012-04-09 12:35 - 00000000 ____D () C:\Users\ASUS\AppData\Local\CutePDF Writer
2014-10-19 09:56 - 2011-02-19 11:23 - 04513824 _____ () C:\Windows\system32\prfh0404.dat
2014-10-19 09:56 - 2011-02-19 11:23 - 04037706 _____ () C:\Windows\system32\prfc0404.dat
2014-10-19 09:55 - 2009-07-14 13:13 - 00006254 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-19 09:53 - 2009-07-14 12:45 - 00014816 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-19 09:53 - 2009-07-14 12:45 - 00014816 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-19 09:48 - 2014-05-25 21:41 - 00000526 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-19 09:48 - 2013-12-15 22:23 - 00041239 _____ () C:\Windows\setupact.log
2014-10-19 09:48 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 08:35 - 2012-11-06 14:33 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-10-18 19:57 - 2013-07-13 07:47 - 00000033 _____ () C:\ATKPF.ini
2014-10-18 17:16 - 2014-09-05 18:20 - 00001382 _____ () C:\DelFix.txt
2014-10-17 22:18 - 2013-11-07 08:57 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Skype
2014-10-17 12:54 - 2013-12-25 17:12 - 00446660 _____ () C:\Windows\PFRO.log
2014-10-17 11:22 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-17 10:24 - 2014-07-14 10:48 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-17 09:43 - 2012-11-07 15:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Mozilla
2014-10-14 21:52 - 2014-06-10 11:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-14 14:22 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-11 15:32 - 2014-09-05 11:45 - 00001584 _____ () C:\Windows\Sandboxie.ini
2014-10-09 12:17 - 2012-11-06 14:35 - 00000000 ____D () C:\Users\ASUS\Documents\Bluetooth Folder
2014-10-02 21:41 - 2014-03-05 19:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-02 21:41 - 2014-03-05 19:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-02 21:41 - 2014-03-05 19:34 - 00003464 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-02 09:44 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-09-25 22:11 - 2014-04-17 19:33 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2014-09-25 22:01 - 2009-07-14 13:08 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-20 12:38 - 2014-07-10 09:15 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-09-19 17:57 - 2013-07-14 07:42 - 00000000 ____D () C:\Windows\system32\MRT
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-17 13:14
 
==================== End Of Log ============================
 
And here is the additional log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01
Ran by ASUS at 2014-10-19 10:27:56
Running from C:\Users\ASUS\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}) (Version: 1.7.17.25416 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416 - Alcor Micro Corp.) Hidden
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.15 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.25 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS RT-N12 Wireless Router Utilities (HKLM-x32\...\{58F2F72A-B8C9-4CCC-B253-4F1509193EC3}) (Version: 4.2.6.7 - ASUS)
ASUS RT-N12C1 Wireless Router Utilities (HKLM-x32\...\{611B04D4-E2E0-4536-9F39-77C41688E573}) (Version: 4.2.4.2 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0033 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4710 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4710 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
COMODO Internet Security Premium Beta (HKLM\...\{98A8B98D-31DD-4CB3-8CF8-4505F2D5D2BE}) (Version: 8.0.5242.4281 - COMODO Security Solutions Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.0.1123_32710 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.0.1123_32710 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3327 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3327 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2726.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2726.0 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2312.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.2312.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
EMET 4.1 (HKLM-x32\...\{65BC2BDA-D828-4596-99E4-A8799C45C84C}) (Version: 4.1 - Microsoft Corporation)
ETDWare PS/2-X64 8.0.5.3_WHQL (HKLM\...\Elantech) (Version: 8.0.5.3 - ELAN Microelectronic Corp.)
ExpressGateCloud (HKLM-x32\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 2.6.27.160 - VideACE Co.)
ExpressGateCloud (x32 Version: 2.6.27.160 - VideACE Co.) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Fresco Logic USB3.0 Host Controller (HKLM\...\{1A4FE2D5-88B4-45EB-B58E-AB9134FEAA26}) (Version: 3.5.30.0 - Fresco Logic Inc.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LINE (HKLM-x32\...\LINE) (Version: 3.7.4.97 - LINE Corporation)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office IME (Chinese (Traditional)) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office IME (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 zh-TW) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 zh-TW)) (Version: 32.0.2 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 zh-TW) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 zh-TW)) (Version: 31.2.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
Nuance PDF Reader (HKLM-x32\...\{0017FFDB-F7F3-4058-BCDF-D9204CFBDCB2}) (Version: 8.10.1302 - Nuance Communications, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6221 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
UFR II Printer Driver Uninstaller (HKLM\...\Canon UFR II Printer Driver) (Version: 6, 1, 0, 0 - Canon Inc.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0404-0000-0000000FF1CE}_Office14.SingleImage_{832CEEA7-2B99-4345-8497-440E2E8E595D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0404-0000-0000000FF1CE}_Office14.SingleImage_{3B211212-22E0-4E41-A6D3-7C881759CEF8}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
USB2.0 UVC 2M WebCam (HKLM\...\USB2.0 UVC 2M WebCam) (Version: 5.8.55133.208 - Sonix)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
04-10-2014 01:38:27 Windows Update
08-10-2014 12:33:11 Removed PrivDog
08-10-2014 12:33:49 Removed PrivDog
09-10-2014 12:40:33 Installed PrivDog
12-10-2014 06:51:40 Removed PrivDog
12-10-2014 07:11:17 Installed PrivDog
15-10-2014 00:52:39 Checkpoint by HitmanPro
15-10-2014 00:53:11 Checkpoint by HitmanPro
17-10-2014 01:33:13 Removed PrivDog
17-10-2014 01:34:43 Removed PrivDog
17-10-2014 01:35:40 Removed PrivDog
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2014-10-17 10:28 - 00000747 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01EC2AAF-DE34-44B3-A893-082218DDE060} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-05-31] (ASUS)
Task: {36419487-C348-44AB-A029-EC5F89A9E873} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {4A382306-34D9-4605-9748-2A7D9315D4A2} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2011-09-08] (ASUSTek Computer Inc.)
Task: {67294013-1931-44EE-8E54-8A67DE560D48} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-16] (ASUS)
Task: {69685F71-F339-4F48-9F62-CD1595425979} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => D:\CIS 8 Beta\COMODO\COMODO Internet Security\cfpconfg.exe [2014-09-16] (COMODO)
Task: {7FD54A6F-5B8A-479A-B675-55B6EBD4476F} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)
Task: {853E5DE0-4123-4A51-A867-66DB128A9E0A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-02] (Adobe Systems Incorporated)
Task: {A850228C-66BA-46E5-BC10-A63FCA8BE5A2} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => D:\CIS 8 Beta\COMODO\COMODO Internet Security\cfpconfg.exe [2014-09-16] (COMODO)
Task: {B5D91C37-15EF-4867-83F2-CCBE454E2C57} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B5E071F6-D288-41ED-A3B4-0F94EBB6D13E} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => D:\CIS 8 Beta\COMODO\COMODO Internet Security\cfpconfg.exe [2014-09-16] (COMODO)
Task: {C91F6037-E17F-45BA-BEEF-81F6ACFC1BEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D30853EB-51B8-4159-A130-2EB2A6978511} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2010-11-24] (CyberLink)
Task: {F3682B95-8F08-4217-8613-F993E765BF9C} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => D:\CIS 8 Beta\COMODO\COMODO Internet Security\cfpconfg.exe [2014-09-16] (COMODO)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) =============
 
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
========================= Accounts: ==========================
 
123 (S-1-5-21-4001696799-3722537429-2969441357-1005 - Administrator - Enabled) => C:\Users\123
Administrator (S-1-5-21-4001696799-3722537429-2969441357-500 - Administrator - Disabled)
ASUS (S-1-5-21-4001696799-3722537429-2969441357-1001 - Administrator - Enabled) => C:\Users\ASUS
Guest (S-1-5-21-4001696799-3722537429-2969441357-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4001696799-3722537429-2969441357-1004 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/19/2014 10:16:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 失敗的應用程式名稱: plugin-container.exe版本: 32.0.2.5373時間戳記: 0x541a8277
失敗的模組名稱: mozalloc.dll版本: 32.0.2.5373時間戳記: 0x541a4d44
例外狀況碼: 0x80000003
錯誤位移: 0x0000141b
失敗的處理程序識別碼: 0x1294
失敗的應用程式開始時間: 0xplugin-container.exe0
失敗的應用程式路徑: plugin-container.exe1
失敗的模組路徑: plugin-container.exe2
報告識別碼: plugin-container.exe3
 
Error: (10/19/2014 09:55:21 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: 解除載入服務 WmiApRpl (WmiApRpl) 的效能計數器字串失敗。Data 區段中的第一個 DWORD 包含錯誤碼。
 
Error: (10/19/2014 09:55:21 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: 處理 Performance 延伸計數器提供者時Performance 登錄值中的效能字串已損毀。Performance 登錄中的 BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD而 LastHelp 值則是 Data 區段中的第三個 DWORD。
 
Error: (10/19/2014 09:55:21 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: 處理 Performance 延伸計數器提供者時Performance 登錄值中的效能字串已損毀。Performance 登錄中的 BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD而 LastHelp 值則是 Data 區段中的第三個 DWORD。
 
Error: (10/19/2014 08:40:18 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: 解除載入服務 WmiApRpl (WmiApRpl) 的效能計數器字串失敗。Data 區段中的第一個 DWORD 包含錯誤碼。
 
Error: (10/19/2014 08:40:18 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: 處理 Performance 延伸計數器提供者時Performance 登錄值中的效能字串已損毀。Performance 登錄中的 BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD而 LastHelp 值則是 Data 區段中的第三個 DWORD。
 
Error: (10/19/2014 08:40:18 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: 處理 Performance 延伸計數器提供者時Performance 登錄值中的效能字串已損毀。Performance 登錄中的 BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD而 LastHelp 值則是 Data 區段中的第三個 DWORD。
 
Error: (10/18/2014 09:38:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: 解除載入服務 WmiApRpl (WmiApRpl) 的效能計數器字串失敗。Data 區段中的第一個 DWORD 包含錯誤碼。
 
Error: (10/18/2014 09:38:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: 處理 Performance 延伸計數器提供者時Performance 登錄值中的效能字串已損毀。Performance 登錄中的 BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD而 LastHelp 值則是 Data 區段中的第三個 DWORD。
 
Error: (10/18/2014 09:38:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: 處理 Performance 延伸計數器提供者時Performance 登錄值中的效能字串已損毀。Performance 登錄中的 BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD而 LastHelp 值則是 Data 區段中的第三個 DWORD。
 
 
System errors:
=============
Error: (10/19/2014 10:26:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer Browser 服務依存的 Server 服務因為發生下列錯誤而無法啟動: 
%%1068
 
Error: (10/19/2014 10:26:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer Browser 服務依存的 Server 服務因為發生下列錯誤而無法啟動: 
%%1068
 
Error: (10/19/2014 10:26:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer Browser 服務依存的 Server 服務因為發生下列錯誤而無法啟動: 
%%1068
 
Error: (10/19/2014 10:26:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer Browser 服務依存的 Server 服務因為發生下列錯誤而無法啟動: 
%%1068
 
Error: (10/19/2014 10:26:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer Browser 服務依存的 Server 服務因為發生下列錯誤而無法啟動: 
%%1068
 
Error: (10/19/2014 10:26:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer Browser 服務依存的 Server 服務因為發生下列錯誤而無法啟動: 
%%1068
 
Error: (10/19/2014 10:26:09 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}
 
Error: (10/19/2014 10:26:09 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
 
Error: (10/19/2014 10:25:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer Browser 服務依存的 Server 服務因為發生下列錯誤而無法啟動: 
%%1068
 
Error: (10/19/2014 10:25:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer Browser 服務依存的 Server 服務因為發生下列錯誤而無法啟動: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (10/19/2014 10:16:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.2.5373541a8277mozalloc.dll32.0.2.5373541a4d44800000030000141b129401cfeb40f5d87f5bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllea6bef8b-5735-11e4-bffb-e0b9a5453a43
 
Error: (10/19/2014 09:55:21 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (10/19/2014 09:55:21 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (10/19/2014 09:55:21 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (10/19/2014 08:40:18 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (10/19/2014 08:40:18 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (10/19/2014 08:40:18 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (10/18/2014 09:38:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (10/18/2014 09:38:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (10/18/2014 09:38:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-19 10:20:22.029
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-19 10:20:21.873
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-19 10:20:21.733
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-19 10:20:21.577
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-19 09:48:24.435
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-19 09:48:24.263
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-19 09:48:24.107
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-19 09:48:23.951
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-19 08:34:36.717
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-19 08:34:36.561
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 11%
Total physical RAM: 8102.77 MB
Available physical RAM: 7211.04 MB
Total Pagefile: 16503.72 MB
Available Pagefile: 15649.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:200 GB) (Free:109.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:240.76 GB) (Free:210.54 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 007203DB)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=240.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:31 AM

Posted 23 October 2014 - 09:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/552493 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 25 October 2014 - 07:56 AM

Farbar scan log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01
Ran by ASUS (administrator) on ASUS-PC on 25-10-2014 20:50:35
Running from C:\Users\ASUS\Desktop
Loaded Profile: ASUS (Available profiles: ASUS & 123)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: 中文 (繁體台灣)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(COMODO) D:\CIS 7\COMODO\COMODO Internet Security\cmdagent.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
(AdTrustMedia) C:\Program Files\AdTrustMedia\PrivDog\3.0.36.0\PrivDogService.exe
(OpenVPN Technologies, Inc) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe
(OpenVPN Technologies, Inc) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptcore.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(COMODO) D:\CIS 7\COMODO\COMODO Internet Security\cavwp.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(COMODO) D:\CIS 7\COMODO\COMODO Internet Security\CisTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(COMODO) D:\CIS 7\COMODO\COMODO Internet Security\cmdvirth.exe
(COMODO) D:\CIS 7\COMODO\COMODO Internet Security\cis.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 4.1\EMET_Agent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe
(COMODO) D:\CIS 7\COMODO\COMODO Internet Security\cmdupd.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2168424 2010-10-13] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-14] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-14] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IME14 CHT Setup] => C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110896 2012-03-14] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] => D:\CIS 7\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-10-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-18] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-04-08] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2010-11-25] (CyberLink Corp.)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [48128 2012-01-16] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [IME14 CHT Setup] => C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333712 2012-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [EMET 4.1 Agent] => C:\Program Files (x86)\EMET 4.1\EMET_agent.exe [78992 2013-11-21] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4001696799-3722537429-2969441357-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-10-08] (Sandboxie Holdings, LLC)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1DF37C2486E3CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-TW
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\ndvqsvu8.default
FF DefaultSearchEngineuser_pref("browser.search.defaultenginename", "");: user_pref("browser.search.defaultenginename", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-14] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-14] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 CmdAgent; D:\CIS 7\COMODO\COMODO Internet Security\cmdagent.exe [6812400 2014-03-25] (COMODO)
R3 cmdvirth; D:\CIS 7\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
R2 PrivDogService; C:\Program Files\AdTrustMedia\PrivDog\3.0.36.0\PrivDogService.exe [2097152 2014-09-11] (AdTrustMedia) [File not signed]
R2 ptservice; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe [17816 2014-07-10] (OpenVPN Technologies, Inc)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-10-08] (Sandboxie Holdings, LLC)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-26] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-10-25] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-03-25] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-03-25] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-03-25] (COMODO)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [65024 2012-01-10] (Fresco Logic)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-03-25] (COMODO)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R1 netfilter2; C:\Windows\system32\Drivers\netfilter2.sys [49024 2014-08-04] (Windows ® Win 7 DDK provider)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-30] (Sandboxie Holdings, LLC)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-10-17] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-20] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
S3 MFE_RR; \??\C:\Users\ASUS\AppData\Local\Temp\mfe_rr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-25 19:50 - 2014-10-25 19:50 - 00000000 ___RD () C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-10-25 14:09 - 2014-10-25 14:09 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-10-25 14:01 - 2014-10-25 14:02 - 00000310 _____ () C:\Users\ASUS\Desktop\RootkitRemover_20141025_140151.log
2014-10-25 11:16 - 2014-10-25 11:16 - 00783120 _____ (McAfee, Inc.) C:\Users\ASUS\Desktop\rootkitremover.exe
2014-10-25 09:50 - 2014-10-25 09:50 - 00000000 ____D () C:\Windows\SysWOW64\鑿蠉鑿videace
2014-10-24 15:39 - 2014-10-24 15:39 - 00000000 ____D () C:\Windows\SysWOW64\Bw蠉Bwvideace
2014-10-23 14:48 - 2014-10-25 20:52 - 00000526 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-23 14:48 - 2014-10-23 14:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-23 14:48 - 2014-10-23 14:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-23 14:48 - 2014-10-23 14:48 - 00003464 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-23 14:46 - 2014-10-23 14:29 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-23 14:46 - 2014-10-23 14:29 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-23 14:46 - 2014-10-23 14:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-23 14:36 - 2014-10-23 14:36 - 00000000 ____D () C:\ProgramData\APN
2014-10-23 14:28 - 2014-10-23 14:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-23 14:24 - 2014-10-23 14:24 - 00000000 ____D () C:\Windows\SysWOW64\喦蠉喦xu沔videace
2014-10-23 13:30 - 2014-10-23 13:29 - 00638888 _____ (Oracle Corporation) C:\Users\ASUS\Desktop\jxpiinstall.exe
2014-10-22 21:22 - 2014-10-22 21:22 - 00000000 ____D () C:\Windows\SysWOW64\tw蠉twxu餐videace
2014-10-22 21:07 - 2014-10-25 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-22 21:05 - 2014-10-25 11:11 - 00000000 ____D () C:\Users\ASUS\Desktop\mbar
2014-10-22 20:46 - 2014-10-22 20:46 - 00204496 _____ (Malwarebytes) C:\Users\ASUS\Desktop\startuplite-setup-1.07.exe
2014-10-22 20:46 - 2014-10-22 20:43 - 14349744 _____ (Malwarebytes Corp.) C:\Users\ASUS\Desktop\mbar-1.07.0.1012.exe
2014-10-22 20:42 - 2014-10-22 20:42 - 04909382 _____ () C:\Users\ASUS\Desktop\mbam-chameleon-3.1.7.0.zip
2014-10-22 20:10 - 2014-10-22 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdTrustMedia
2014-10-22 11:15 - 2014-10-22 11:15 - 00000000 ____D () C:\Windows\SysWOW64\泡蠉泡xu娉videace
2014-10-22 09:35 - 2014-10-22 09:35 - 00000000 ____D () C:\Windows\SysWOW64\髯蠉髯xu苒videace
2014-10-21 10:09 - 2014-10-21 10:09 - 00000000 ____D () C:\Windows\SysWOW64\Bw蠉Bwxu胐videace
2014-10-20 16:48 - 2014-10-25 20:05 - 00731950 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-10-20 16:44 - 2014-10-20 16:44 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu孀videace
2014-10-20 16:41 - 2014-10-25 13:59 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-10-20 16:41 - 2014-10-20 16:41 - 00001615 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2014-10-20 16:37 - 2014-10-21 22:10 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-10-20 16:37 - 2014-10-20 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-10-20 16:37 - 2014-10-20 16:37 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2014-10-20 16:37 - 2014-10-20 16:37 - 00001122 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2014-10-20 16:37 - 2014-10-20 16:37 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Comodo
2014-10-20 16:37 - 2014-10-20 16:37 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-10-20 15:39 - 2014-10-20 15:39 - 00205795 _____ () C:\ProgramData\1413790628.bdinstall.bin
2014-10-20 15:39 - 2014-10-20 15:39 - 00002178 _____ () C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
2014-10-20 15:39 - 2014-10-20 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2014-10-20 15:39 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-10-20 15:39 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-10-20 15:37 - 2014-10-20 15:39 - 00000000 ____D () C:\Program Files\Bitdefender
2014-10-20 15:37 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-10-20 15:37 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-10-20 15:33 - 2014-10-20 15:33 - 00106465 _____ () C:\ProgramData\1413790368.bdinstall.bin
2014-10-20 09:16 - 2014-10-20 09:16 - 00000079 _____ () C:\Users\ASUS\Desktop\Problem Shooting 2014 10 19.txt
2014-10-19 20:26 - 2014-10-19 20:26 - 00000000 ____D () C:\Windows\SysWOW64\已蠉已xuvideace
2014-10-19 10:27 - 2014-10-25 20:51 - 00016913 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-10-19 10:26 - 2014-10-25 20:50 - 00000000 ____D () C:\FRST
2014-10-19 10:26 - 2014-10-19 10:26 - 02112000 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-10-19 09:48 - 2014-10-19 09:48 - 00000000 ____D () C:\Windows\SysWOW64\dw蠉dwxu珮videace
2014-10-19 08:34 - 2014-10-19 08:34 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu暝videace
2014-10-18 21:34 - 2014-10-18 21:34 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu餐videace
2014-10-18 17:19 - 2014-10-18 17:19 - 00000000 ____D () C:\Windows\SysWOW64\Pw蠉Pwxu珮videace
2014-10-17 22:38 - 2014-10-17 22:38 - 00000000 ____D () C:\Windows\SysWOW64\鑿蠉鑿xu墦videace
2014-10-17 12:54 - 2014-10-17 12:54 - 00000000 ____D () C:\Windows\SysWOW64\{w蠉{wxuvideace
2014-10-17 10:33 - 2014-10-17 10:33 - 00000000 ____D () C:\Windows\SysWOW64\iw蠉iwxu嫹videace
2014-10-17 09:48 - 2014-10-17 09:48 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\ASUS\Desktop\ADSSpy.exe
2014-10-17 08:47 - 2014-10-17 08:47 - 00000000 ____D () C:\Windows\SysWOW64\Iw蠉Iwxu蓋videace
2014-10-16 20:18 - 2014-10-16 20:18 - 00000000 ____D () C:\Windows\SysWOW64\捵蠉捵xu鈾videace
2014-10-15 15:55 - 2014-10-15 15:55 - 00000000 ____D () C:\Windows\SysWOW64\宨蠉宨xu許videace
2014-10-15 08:39 - 2014-10-15 08:39 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu沔videace
2014-10-14 18:45 - 2014-10-14 18:45 - 00000000 ____D () C:\Windows\SysWOW64\蠉xuvideace
2014-10-14 14:16 - 2014-10-14 14:16 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu兝videace
2014-10-13 19:32 - 2014-10-13 19:32 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu髏videace
2014-10-12 15:04 - 2014-10-12 15:04 - 00000000 ____D () C:\Windows\SysWOW64\yw蠉ywxu狖videace
2014-10-09 21:14 - 2014-10-09 21:14 - 00000000 ____D () C:\Windows\SysWOW64\w蠉wxu兝videace
2014-10-09 20:37 - 2014-10-09 20:37 - 00000000 ____D () C:\Windows\SysWOW64\%w蠉%wxuvideace
2014-10-08 19:48 - 2014-10-19 15:14 - 00001290 _____ () C:\Users\ASUS\Desktop\Sandboxed Web Browser.lnk
2014-10-08 19:48 - 2014-10-08 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-10-08 19:46 - 2014-10-08 19:46 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\ASUS\Desktop\SandboxieInstall.exe
2014-10-08 17:29 - 2014-10-08 17:29 - 00000000 ____D () C:\Windows\SysWOW64\Rw蠉Rwxu惝videace
2014-10-08 17:07 - 2014-10-08 17:07 - 00000000 ____D () C:\Windows\SysWOW64\針蠉針xu踊videace
2014-10-08 16:21 - 2014-10-08 16:21 - 00000000 ____D () C:\Windows\SysWOW64\蠉xuvideace
2014-10-07 20:25 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\SysWOW64\Pw蠉Pwxu娖videace
2014-10-03 11:57 - 2014-10-03 11:57 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-03 11:57 - 2014-10-03 11:57 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-03 11:02 - 2014-10-03 11:02 - 00000000 ____D () C:\Windows\SysWOW64\蠉xuvideace
2014-10-03 10:22 - 2014-10-03 10:22 - 00000000 ____D () C:\Windows\SysWOW64\繗蠉繗xuvideace
2014-09-30 22:01 - 2014-09-30 22:01 - 00000000 ____D () C:\Windows\SysWOW64\aw蠉awxu縷videace
2014-09-30 08:24 - 2014-09-30 08:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-30 08:24 - 2014-09-30 08:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-28 08:57 - 2014-09-28 08:57 - 00000000 ____D () C:\Windows\SysWOW64\庪蠉庪xuvideace
2014-09-27 05:51 - 2014-09-27 05:51 - 00000000 ____D () C:\Windows\SysWOW64\宨蠉宨xu涂videace
2014-09-25 22:33 - 2014-09-25 22:33 - 00000000 ____D () C:\Windows\SysWOW64\hw蠉hwxuvideace
2014-09-25 22:06 - 2014-09-25 22:06 - 00000000 ____D () C:\Windows\SysWOW64\Gw蠉Gwxu豹videace
2014-09-25 22:01 - 2014-09-25 22:01 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu柦videace
2014-09-25 13:10 - 2014-10-19 09:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-25 20:32 - 2012-11-07 04:42 - 01078098 _____ () C:\Windows\WindowsUpdate.log
2014-10-25 20:10 - 2009-07-14 12:45 - 00014816 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-25 20:10 - 2009-07-14 12:45 - 00014816 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-25 20:05 - 2013-12-15 22:23 - 00044123 _____ () C:\Windows\setupact.log
2014-10-25 19:52 - 2011-02-19 11:23 - 04534644 _____ () C:\Windows\system32\prfh0404.dat
2014-10-25 19:52 - 2011-02-19 11:23 - 04052766 _____ () C:\Windows\system32\prfc0404.dat
2014-10-25 19:52 - 2009-07-14 13:13 - 00006254 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-25 19:48 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-25 17:25 - 2014-06-10 11:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-25 13:59 - 2012-11-06 14:33 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-10-25 10:45 - 2014-06-10 11:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-23 14:48 - 2012-06-20 22:37 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Adobe
2014-10-23 14:46 - 2014-08-05 21:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-23 14:29 - 2014-08-05 21:34 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-23 14:29 - 2014-08-05 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-22 18:08 - 2012-04-09 12:35 - 00000000 ____D () C:\Users\ASUS\AppData\Local\CutePDF Writer
2014-10-20 16:43 - 2013-12-25 17:12 - 00447698 _____ () C:\Windows\PFRO.log
2014-10-20 16:41 - 2012-10-10 14:32 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-10-20 16:41 - 2012-09-30 16:00 - 00000000 ____D () C:\ProgramData\Comodo
2014-10-20 15:38 - 2013-06-17 17:11 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\QuickScan
2014-10-18 19:57 - 2013-07-13 07:47 - 00000033 _____ () C:\ATKPF.ini
2014-10-18 17:16 - 2014-09-05 18:20 - 00001382 _____ () C:\DelFix.txt
2014-10-17 22:18 - 2013-11-07 08:57 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Skype
2014-10-17 11:22 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-17 10:24 - 2014-07-14 10:48 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-17 09:43 - 2012-11-07 15:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Mozilla
2014-10-14 14:22 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-11 15:32 - 2014-09-05 11:45 - 00001584 _____ () C:\Windows\Sandboxie.ini
2014-10-09 12:17 - 2012-11-06 14:35 - 00000000 ____D () C:\Users\ASUS\Documents\Bluetooth Folder
2014-10-02 09:44 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-09-25 22:01 - 2009-07-14 13:08 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-17 13:14

==================== End Of Log ============================

 

The addition Log of Farbar:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01
Ran by ASUS at 2014-10-25 20:52:18
Running from C:\Users\ASUS\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}) (Version: 1.7.17.25416 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416 - Alcor Micro Corp.) Hidden
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.15 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.25 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS RT-N12 Wireless Router Utilities (HKLM-x32\...\{58F2F72A-B8C9-4CCC-B253-4F1509193EC3}) (Version: 4.2.6.7 - ASUS)
ASUS RT-N12C1 Wireless Router Utilities (HKLM-x32\...\{611B04D4-E2E0-4536-9F39-77C41688E573}) (Version: 4.2.4.2 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0033 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4710 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4710 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
COMODO Internet Security Premium (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.0.1123_32710 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.0.1123_32710 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3327 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3327 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2726.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2726.0 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2312.52 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.2312.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
EMET 4.1 (HKLM-x32\...\{65BC2BDA-D828-4596-99E4-A8799C45C84C}) (Version: 4.1 - Microsoft Corporation)
ETDWare PS/2-X64 8.0.5.3_WHQL (HKLM\...\Elantech) (Version: 8.0.5.3 - ELAN Microelectronic Corp.)
ExpressGateCloud (HKLM-x32\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 2.6.27.160 - VideACE Co.)
ExpressGateCloud (x32 Version: 2.6.27.160 - VideACE Co.) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Fresco Logic USB3.0 Host Controller (HKLM\...\{1A4FE2D5-88B4-45EB-B58E-AB9134FEAA26}) (Version: 3.5.30.0 - Fresco Logic Inc.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LINE (HKLM-x32\...\LINE) (Version: 3.7.4.97 - LINE Corporation)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office IME (Chinese (Traditional)) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office IME (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 zh-TW) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 zh-TW)) (Version: 32.0.2 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 zh-TW) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 zh-TW)) (Version: 31.2.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
Nuance PDF Reader (HKLM-x32\...\{0017FFDB-F7F3-4058-BCDF-D9204CFBDCB2}) (Version: 8.10.1302 - Nuance Communications, Inc.)
PrivDog (HKLM\...\{47AE54A8-A0C5-4A60-B89A-32F61F1CC72A}) (Version: 3.0.36.0 - AdTrustMedia)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6221 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
UFR II Printer Driver Uninstaller (HKLM\...\Canon UFR II Printer Driver) (Version: 6, 1, 0, 0 - Canon Inc.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0404-0000-0000000FF1CE}_Office14.SingleImage_{832CEEA7-2B99-4345-8497-440E2E8E595D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0404-0000-0000000FF1CE}_Office14.SingleImage_{3B211212-22E0-4E41-A6D3-7C881759CEF8}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
USB2.0 UVC 2M WebCam (HKLM\...\USB2.0 UVC 2M WebCam) (Version: 5.8.55133.208 - Sonix)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-10-2014 07:15:35 Removed COMODO Internet Security Premium Beta
20-10-2014 07:30:11 Installing COMODO Internet Security Premium Beta
20-10-2014 07:31:26 裝置驅動程式套件安裝: COMODO Network Service
20-10-2014 08:18:44 Removed COMODO Internet Security Premium Beta
20-10-2014 08:40:46 裝置驅動程式套件安裝: COMODO Network Service
22-10-2014 12:08:54 Installed PrivDog
23-10-2014 06:43:04 Removed Java 7 Update 67

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2014-10-17 10:28 - 00000747 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01EC2AAF-DE34-44B3-A893-082218DDE060} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-05-31] (ASUS)
Task: {36419487-C348-44AB-A029-EC5F89A9E873} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {4A382306-34D9-4605-9748-2A7D9315D4A2} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2011-09-08] (ASUSTek Computer Inc.)
Task: {4B02D414-52EA-4EA5-9428-CC1626614962} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-23] (Adobe Systems Incorporated)
Task: {54543F00-D1E7-4684-9FE8-A1681C065400} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => D:\CIS 7\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)
Task: {67294013-1931-44EE-8E54-8A67DE560D48} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-16] (ASUS)
Task: {6FCB5E32-8671-4A67-A3BD-7B9CB22F1958} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => D:\CIS 7\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)
Task: {7FD54A6F-5B8A-479A-B675-55B6EBD4476F} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)
Task: {B5D91C37-15EF-4867-83F2-CCBE454E2C57} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C91F6037-E17F-45BA-BEEF-81F6ACFC1BEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D30853EB-51B8-4159-A130-2EB2A6978511} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2010-11-24] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-11-21 10:14 - 2013-11-21 10:14 - 00089232 _____ () C:\Program Files (x86)\EMET 4.1\EMET_CE64.DLL
2014-10-20 15:39 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2014-10-20 15:39 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2012-04-09 12:34 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2014-05-21 18:22 - 2014-05-21 18:22 - 02135232 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
2014-09-04 18:13 - 2014-09-04 18:13 - 01960448 _____ () C:\Program Files\AdTrustMedia\PrivDog\3.0.36.0\UtilsDll.dll
2014-09-11 16:56 - 2014-09-11 16:56 - 00102400 _____ () C:\Program Files\AdTrustMedia\PrivDog\3.0.36.0\PrivDogManager\Plugins\nfapi.dll
2014-09-11 16:57 - 2014-09-11 16:57 - 00529920 _____ () C:\Program Files\AdTrustMedia\PrivDog\3.0.36.0\PrivDogManager\Plugins\ProtocolFilters.dll
2014-06-08 17:13 - 2012-08-08 21:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2011-03-26 09:55 - 2011-03-26 09:55 - 00091464 _____ () C:\ExpressGateUtil\VAWinService.exe
2010-07-15 08:11 - 2010-07-15 08:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2011-09-22 10:01 - 2011-01-27 08:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-09-24 08:53 - 2010-09-24 08:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2011-04-08 13:26 - 2011-04-08 13:26 - 00045448 _____ () C:\ExpressGateUtil\VAWinAgent.exe
2013-11-21 10:14 - 2013-11-21 10:14 - 00114176 _____ () C:\Program Files (x86)\EMET 4.1\HelperLib.dll
2013-11-12 09:22 - 2013-11-12 09:22 - 00028672 _____ () C:\Program Files (x86)\EMET 4.1\ReportingSubsystem.dll
2013-11-21 10:14 - 2013-11-21 10:14 - 00348160 _____ () C:\Program Files (x86)\EMET 4.1\DevExpress.UserSkins.HighContrast.dll
2013-11-21 10:14 - 2013-11-21 10:14 - 00023040 _____ () C:\Program Files (x86)\EMET 4.1\TrayIconSubsystem.dll
2013-11-21 10:14 - 2013-11-21 10:14 - 00042496 _____ () C:\Program Files (x86)\EMET 4.1\PKIPinningSubsystem.dll
2014-07-10 02:06 - 2014-07-10 02:06 - 00113664 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\lzo2.dll
2014-05-30 01:31 - 2014-05-30 01:31 - 01034752 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\libxml2.dll
2011-03-26 09:55 - 2011-03-26 09:55 - 00157000 _____ () C:\ExpressGateUtil\libexpat.dll
2011-03-26 09:55 - 2011-03-26 09:55 - 00061768 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2011-05-31 05:48 - 2011-05-31 05:48 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-08-21 01:57 - 2010-08-21 01:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-21 01:57 - 2010-08-21 01:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-09-21 15:58 - 2014-09-18 15:16 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

========================= Accounts: ==========================

123 (S-1-5-21-4001696799-3722537429-2969441357-1005 - Administrator - Enabled) => C:\Users\123
Administrator (S-1-5-21-4001696799-3722537429-2969441357-500 - Administrator - Disabled)
ASUS (S-1-5-21-4001696799-3722537429-2969441357-1001 - Administrator - Enabled) => C:\Users\ASUS
Guest (S-1-5-21-4001696799-3722537429-2969441357-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4001696799-3722537429-2969441357-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: TAP Adapter V9 for Private Tunnel #2
Description: TAP Adapter V9 for Private Tunnel
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP Provider V9 for Private Tunnel
Service: ptun0901
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: TAP Adapter V9 for Private Tunnel
Description: TAP Adapter V9 for Private Tunnel
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP Provider V9 for Private Tunnel
Service: ptun0901
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: 標準 VGA 繪圖卡
Description: 標準 VGA 繪圖卡
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (標準顯示類型)
Service: vga
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/25/2014 07:52:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: 解除載入服務 WmiApRpl (WmiApRpl) 的效能計數器字串失敗。Data 區段中的第一個 DWORD 包含錯誤碼。

Error: (10/25/2014 07:52:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: 處理 Performance 延伸計數器提供者時Performance 登錄值中的效能字串已損毀。Performance 登錄中的 BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD而 LastHelp 值則是 Data 區段中的第三個 DWORD。

Error: (10/25/2014 07:52:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: 處理 Performance 延伸計數器提供者時Performance 登錄值中的效能字串已損毀。Performance 登錄中的 BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD而 LastHelp 值則是 Data 區段中的第三個 DWORD。

Error: (10/25/2014 02:04:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: 解除載入服務 WmiApRpl (WmiApRpl) 的效能計數器字串失敗。Data 區段中的第一個 DWORD 包含錯誤碼。

Error: (10/25/2014 02:04:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: 處理 Performance 延伸計數器提供者時Performance 登錄值中的效能字串已損毀。Performance 登錄中的 BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD而 LastHelp 值則是 Data 區段中的第三個 DWORD。

Error: (10/25/2014 02:04:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: 處理 Performance 延伸計數器提供者時Performance 登錄值中的效能字串已損毀。Performance 登錄中的 BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD而 LastHelp 值則是 Data 區段中的第三個 DWORD。

Error: (10/25/2014 01:58:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 加密編譯服務初始 VSS 備份「系統寫入器」物件失敗。


Details:
Could not query the status of the EventSystem service.

System Error:
系統關機進行中。


Error: (10/25/2014 10:47:15 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: 解除載入服務 WmiApRpl (WmiApRpl) 的效能計數器字串失敗。Data 區段中的第一個 DWORD 包含錯誤碼。

Error: (10/25/2014 10:47:15 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: 處理 Performance 延伸計數器提供者時Performance 登錄值中的效能字串已損毀。Performance 登錄中的 BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD而 LastHelp 值則是 Data 區段中的第三個 DWORD。

Error: (10/25/2014 10:47:15 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: 處理 Performance 延伸計數器提供者時Performance 登錄值中的效能字串已損毀。Performance 登錄中的 BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD而 LastHelp 值則是 Data 區段中的第三個 DWORD。


System errors:
=============
Error: (10/25/2014 07:46:51 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Windows Update 服務在接收到關機前控制之後未正確關機。

Error: (10/25/2014 02:40:26 PM) (Source: bowser) (EventID: 8003) (User: )
Description: 主瀏覽器從電腦 USER 收到
認為它是傳輸 NetBT_Tcpip_{F4A2FC8E-77EF-476A-A47D-62299D31A988} 網域主瀏覽器的伺服器宣告。
主瀏覽器已中止或已強制選擇。

Error: (10/25/2014 02:04:26 PM) (Source: bowser) (EventID: 8003) (User: )
Description: 主瀏覽器從電腦 USER 收到
認為它是傳輸 NetBT_Tcpip_{F4A2FC8E-77EF-476A-A47D-62299D31A988} 網域主瀏覽器的伺服器宣告。
主瀏覽器已中止或已強制選擇。

Error: (10/25/2014 01:57:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer Browser 服務依存的 Server 服務因為發生下列錯誤而無法啟動:
%%1068

Error: (10/25/2014 01:57:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer Browser 服務依存的 Server 服務因為發生下列錯誤而無法啟動:
%%1068

Error: (10/25/2014 01:57:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer Browser 服務依存的 Server 服務因為發生下列錯誤而無法啟動:
%%1068

Error: (10/25/2014 01:57:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/25/2014 01:57:36 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/25/2014 01:57:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/25/2014 01:57:29 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office Sessions:
=========================
Error: (10/25/2014 07:52:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (10/25/2014 07:52:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (10/25/2014 07:52:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (10/25/2014 02:04:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (10/25/2014 02:04:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (10/25/2014 02:04:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (10/25/2014 01:58:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
系統關機進行中。

Error: (10/25/2014 10:47:15 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (10/25/2014 10:47:15 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (10/25/2014 10:47:15 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000


CodeIntegrity Errors:
===================================
  Date: 2014-10-25 09:30:42.669
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-25 09:30:42.513
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-25 09:30:42.357
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-25 09:30:42.201
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-25 07:19:22.340
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-25 07:19:22.184
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-25 07:19:22.028
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-25 07:19:21.872
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-24 15:38:59.166
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-24 15:38:59.010
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 33%
Total physical RAM: 8102.77 MB
Available physical RAM: 5359.02 MB
Total Pagefile: 16503.72 MB
Available Pagefile: 13621.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:200 GB) (Free:111.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:240.76 GB) (Free:210.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 007203DB)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=240.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:31 AM

Posted 28 October 2014 - 09:45 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:31 PM

Posted 29 October 2014 - 03:22 PM

This topic has been re-opened at the request of the person who originally posted.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#6 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 29 October 2014 - 07:57 PM

Waiting for your review and instruction.



#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:31 AM

Posted 30 October 2014 - 07:24 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi WinBMY,
 
You do not look to be infected, but I can suggest some stuff which may be able to help.
 
You are running Bitdefender as your antivirus, but Comodo as extra protection and a firewall?
 
Are you familiar with these folders?:
C:\Windows\SysWOW64\鑿蠉鑿videace
C:\Windows\SysWOW64\Bw蠉Bwvideace
C:\Windows\SysWOW64\喦蠉喦xu沔videace
C:\Windows\SysWOW64\tw蠉twxu餐videace
 
xXToffeeXx~


Edited by xXToffeeXx, 30 October 2014 - 07:25 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 30 October 2014 - 08:40 AM

Hi, xXToffeeXx~

 

Yes, I adopt Bitdefender as my antivirus, and Comodo as firewall.

 

You point out those files that I don't know what they are.

While I look at the log, there are lots of files with "videace" as ending in this folder.

 

2014-10-25 09:50 - 2014-10-25 09:50 - 00000000 ____D () C:\Windows\SysWOW64\鑿蠉鑿videace
2014-10-24 15:39 - 2014-10-24 15:39 - 00000000 ____D () C:\Windows\SysWOW64\Bw蠉Bwvideace
2014-10-23 14:24 - 2014-10-23 14:24 - 00000000 ____D () C:\Windows\SysWOW64\喦蠉喦xu沔videace
2014-10-22 21:22 - 2014-10-22 21:22 - 00000000 ____D () C:\Windows\SysWOW64\tw蠉twxu餐videace
2014-10-22 11:15 - 2014-10-22 11:15 - 00000000 ____D () C:\Windows\SysWOW64\泡蠉泡xu娉videace
2014-10-22 09:35 - 2014-10-22 09:35 - 00000000 ____D () C:\Windows\SysWOW64\髯蠉髯xu苒videace
2014-10-21 10:09 - 2014-10-21 10:09 - 00000000 ____D () C:\Windows\SysWOW64\Bw蠉Bwxu胐videace
2014-10-20 16:44 - 2014-10-20 16:44 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu孀videace
2014-10-19 09:48 - 2014-10-19 09:48 - 00000000 ____D () C:\Windows\SysWOW64\dw蠉dwxu珮videace
2014-10-19 08:34 - 2014-10-19 08:34 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu暝videace
2014-10-18 21:34 - 2014-10-18 21:34 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu餐videace
2014-10-18 17:19 - 2014-10-18 17:19 - 00000000 ____D () C:\Windows\SysWOW64\Pw蠉Pwxu珮videace
2014-10-17 22:38 - 2014-10-17 22:38 - 00000000 ____D () C:\Windows\SysWOW64\鑿蠉鑿xu墦videace
2014-10-17 12:54 - 2014-10-17 12:54 - 00000000 ____D () C:\Windows\SysWOW64\{w蠉{wxuvideace
2014-10-17 10:33 - 2014-10-17 10:33 - 00000000 ____D () C:\Windows\SysWOW64\iw蠉iwxu嫹videace
2014-10-17 08:47 - 2014-10-17 08:47 - 00000000 ____D () C:\Windows\SysWOW64\Iw蠉Iwxu蓋videace
2014-10-16 20:18 - 2014-10-16 20:18 - 00000000 ____D () C:\Windows\SysWOW64\捵蠉捵xu鈾videace
2014-10-15 15:55 - 2014-10-15 15:55 - 00000000 ____D () C:\Windows\SysWOW64\宨蠉宨xu許videace
2014-10-15 08:39 - 2014-10-15 08:39 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu沔videace
2014-10-14 18:45 - 2014-10-14 18:45 - 00000000 ____D () C:\Windows\SysWOW64\蠉xuvideace
2014-10-14 14:16 - 2014-10-14 14:16 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu兝videace
2014-10-13 19:32 - 2014-10-13 19:32 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu髏videace
2014-10-12 15:04 - 2014-10-12 15:04 - 00000000 ____D () C:\Windows\SysWOW64\yw蠉ywxu狖videace
2014-10-09 21:14 - 2014-10-09 21:14 - 00000000 ____D () C:\Windows\SysWOW64\w蠉wxu兝videace
2014-10-09 20:37 - 2014-10-09 20:37 - 00000000 ____D () C:\Windows\SysWOW64\%w蠉%wxuvideace
2014-10-08 17:29 - 2014-10-08 17:29 - 00000000 ____D () C:\Windows\SysWOW64\Rw蠉Rwxu惝videace
2014-10-08 17:07 - 2014-10-08 17:07 - 00000000 ____D () C:\Windows\SysWOW64\針蠉針xu踊videace
2014-10-08 16:21 - 2014-10-08 16:21 - 00000000 ____D () C:\Windows\SysWOW64\蠉xuvideace
2014-10-07 20:25 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\SysWOW64\Pw蠉Pwxu娖videace
2014-10-03 11:02 - 2014-10-03 11:02 - 00000000 ____D () C:\Windows\SysWOW64\蠉xuvideace
2014-10-03 10:22 - 2014-10-03 10:22 - 00000000 ____D () C:\Windows\SysWOW64\繗蠉繗xuvideace
2014-09-30 22:01 - 2014-09-30 22:01 - 00000000 ____D () C:\Windows\SysWOW64\aw蠉awxu縷videace
2014-09-28 08:57 - 2014-09-28 08:57 - 00000000 ____D () C:\Windows\SysWOW64\庪蠉庪xuvideace
2014-09-27 05:51 - 2014-09-27 05:51 - 00000000 ____D () C:\Windows\SysWOW64\宨蠉宨xu涂videace
2014-09-25 22:33 - 2014-09-25 22:33 - 00000000 ____D () C:\Windows\SysWOW64\hw蠉hwxuvideace
2014-09-25 22:06 - 2014-09-25 22:06 - 00000000 ____D () C:\Windows\SysWOW64\Gw蠉Gwxu豹videace
2014-09-25 22:01 - 2014-09-25 22:01 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu柦videace

 

It seems that the ??videace folder were created everyday.


Edited by WinBMY, 30 October 2014 - 08:49 AM.


#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:31 AM

Posted 30 October 2014 - 11:37 AM

Hi WinBMY,
 
Indeed, I shall create a script to remove them:
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
2014-10-25 09:50 - 2014-10-25 09:50 - 00000000 ____D () C:\Windows\SysWOW64\鑿蠉鑿videace
2014-10-24 15:39 - 2014-10-24 15:39 - 00000000 ____D () C:\Windows\SysWOW64\Bw蠉Bwvideace
2014-10-23 14:24 - 2014-10-23 14:24 - 00000000 ____D () C:\Windows\SysWOW64\喦蠉喦xu沔videace
2014-10-22 21:22 - 2014-10-22 21:22 - 00000000 ____D () C:\Windows\SysWOW64\tw蠉twxu餐videace
2014-10-22 11:15 - 2014-10-22 11:15 - 00000000 ____D () C:\Windows\SysWOW64\泡蠉泡xu娉videace
2014-10-22 09:35 - 2014-10-22 09:35 - 00000000 ____D () C:\Windows\SysWOW64\髯蠉髯xu苒videace
2014-10-21 10:09 - 2014-10-21 10:09 - 00000000 ____D () C:\Windows\SysWOW64\Bw蠉Bwxu胐videace
2014-10-20 16:44 - 2014-10-20 16:44 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu孀videace
2014-10-19 20:26 - 2014-10-19 20:26 - 00000000 ____D () C:\Windows\SysWOW64\已蠉已xuvideace
2014-10-19 09:48 - 2014-10-19 09:48 - 00000000 ____D () C:\Windows\SysWOW64\dw蠉dwxu珮videace
2014-10-19 08:34 - 2014-10-19 08:34 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu暝videace
2014-10-18 21:34 - 2014-10-18 21:34 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu餐videace
2014-10-18 17:19 - 2014-10-18 17:19 - 00000000 ____D () C:\Windows\SysWOW64\Pw蠉Pwxu珮videace
2014-10-17 22:38 - 2014-10-17 22:38 - 00000000 ____D () C:\Windows\SysWOW64\鑿蠉鑿xu墦videace
2014-10-17 12:54 - 2014-10-17 12:54 - 00000000 ____D () C:\Windows\SysWOW64\{w蠉{wxuvideace
2014-10-17 10:33 - 2014-10-17 10:33 - 00000000 ____D () C:\Windows\SysWOW64\iw蠉iwxu嫹videace
2014-10-17 08:47 - 2014-10-17 08:47 - 00000000 ____D () C:\Windows\SysWOW64\Iw蠉Iwxu蓋videace
2014-10-16 20:18 - 2014-10-16 20:18 - 00000000 ____D () C:\Windows\SysWOW64\捵蠉捵xu鈾videace
2014-10-15 15:55 - 2014-10-15 15:55 - 00000000 ____D () C:\Windows\SysWOW64\宨蠉宨xu許videace
2014-10-15 08:39 - 2014-10-15 08:39 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu沔videace
2014-10-14 18:45 - 2014-10-14 18:45 - 00000000 ____D () C:\Windows\SysWOW64\蠉xuvideace
2014-10-14 14:16 - 2014-10-14 14:16 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu兝videace
2014-10-13 19:32 - 2014-10-13 19:32 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu髏videace
2014-10-12 15:04 - 2014-10-12 15:04 - 00000000 ____D () C:\Windows\SysWOW64\yw蠉ywxu狖videace
2014-10-09 21:14 - 2014-10-09 21:14 - 00000000 ____D () C:\Windows\SysWOW64\w蠉wxu兝videace
2014-10-09 20:37 - 2014-10-09 20:37 - 00000000 ____D () C:\Windows\SysWOW64\%w蠉%wxuvideace
2014-10-08 17:29 - 2014-10-08 17:29 - 00000000 ____D () C:\Windows\SysWOW64\Rw蠉Rwxu惝videace
2014-10-08 17:07 - 2014-10-08 17:07 - 00000000 ____D () C:\Windows\SysWOW64\針蠉針xu踊videace
2014-10-08 16:21 - 2014-10-08 16:21 - 00000000 ____D () C:\Windows\SysWOW64\蠉xuvideace
2014-10-07 20:25 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\SysWOW64\Pw蠉Pwxu娖videace
2014-10-03 11:02 - 2014-10-03 11:02 - 00000000 ____D () C:\Windows\SysWOW64\蠉xuvideace
2014-10-03 10:22 - 2014-10-03 10:22 - 00000000 ____D () C:\Windows\SysWOW64\繗蠉繗xuvideace
2014-09-30 22:01 - 2014-09-30 22:01 - 00000000 ____D () C:\Windows\SysWOW64\aw蠉awxu縷videace
2014-09-28 08:57 - 2014-09-28 08:57 - 00000000 ____D () C:\Windows\SysWOW64\庪蠉庪xuvideace
2014-09-27 05:51 - 2014-09-27 05:51 - 00000000 ____D () C:\Windows\SysWOW64\宨蠉宨xu涂videace
2014-09-25 22:33 - 2014-09-25 22:33 - 00000000 ____D () C:\Windows\SysWOW64\hw蠉hwxuvideace
2014-09-25 22:06 - 2014-09-25 22:06 - 00000000 ____D () C:\Windows\SysWOW64\Gw蠉Gwxu豹videace
2014-09-25 22:01 - 2014-09-25 22:01 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu柦videace
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 30 October 2014 - 08:43 PM

Hi, xXToffeeXx~

 

Here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 01
Ran by ASUS at 2014-10-31 09:31:49 Run:3
Running from C:\Users\ASUS\Desktop
Loaded Profile: ASUS (Available profiles: ASUS & 123)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2014-10-31 09:17 - 2014-10-31 09:17 - 00000000 ____D () C:\Windows\SysWOW64\$w蠉$wvideace
2014-10-30 08:23 - 2014-10-30 08:23 - 00000000 ____D () C:\Windows\SysWOW64\蠉枯videace
2014-10-29 22:25 - 2014-10-29 22:25 - 00000000 ____D () C:\Windows\SysWOW64\綩蠉綩αvideace
2014-10-29 08:24 - 2014-10-29 08:24 - 00000000 ____D () C:\Windows\SysWOW64\jw蠉jwvideace
2014-10-28 22:05 - 2014-10-28 22:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-27 08:20 - 2014-10-27 08:20 - 00000000 ____D () C:\Windows\SysWOW64\煂蠉煂videace
2014-10-26 17:38 - 2014-10-26 17:38 - 00000000 ____D () C:\Windows\SysWOW64\.w蠉.wvideace
2014-10-26 08:54 - 2014-10-26 08:54 - 00000000 ____D () C:\Windows\SysWOW64\蠉videace
2014-10-25 21:58 - 2014-10-25 21:58 - 00000000 ____D () C:\Windows\SysWOW64\彽蠉彽videace
2014-10-25 09:50 - 2014-10-25 09:50 - 00000000 ____D () C:\Windows\SysWOW64\鑿蠉鑿videace
2014-10-24 15:39 - 2014-10-24 15:39 - 00000000 ____D () C:\Windows\SysWOW64\Bw蠉Bwvideace
2014-10-23 14:24 - 2014-10-23 14:24 - 00000000 ____D () C:\Windows\SysWOW64\喦蠉喦xu沔videace
2014-10-22 21:22 - 2014-10-22 21:22 - 00000000 ____D () C:\Windows\SysWOW64\tw蠉twxu餐videace
2014-10-22 11:15 - 2014-10-22 11:15 - 00000000 ____D () C:\Windows\SysWOW64\泡蠉泡xu娉videace
2014-10-22 09:35 - 2014-10-22 09:35 - 00000000 ____D () C:\Windows\SysWOW64\髯蠉髯xu苒videace
2014-10-21 10:09 - 2014-10-21 10:09 - 00000000 ____D () C:\Windows\SysWOW64\Bw蠉Bwxu胐videace
2014-10-20 16:44 - 2014-10-20 16:44 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu孀videace
2014-10-19 20:26 - 2014-10-19 20:26 - 00000000 ____D () C:\Windows\SysWOW64\已蠉已xuvideace
2014-10-19 09:48 - 2014-10-19 09:48 - 00000000 ____D () C:\Windows\SysWOW64\dw蠉dwxu珮videace
2014-10-19 08:34 - 2014-10-19 08:34 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu暝videace
2014-10-18 21:34 - 2014-10-18 21:34 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu餐videace
2014-10-18 17:19 - 2014-10-18 17:19 - 00000000 ____D () C:\Windows\SysWOW64\Pw蠉Pwxu珮videace
2014-10-17 22:38 - 2014-10-17 22:38 - 00000000 ____D () C:\Windows\SysWOW64\鑿蠉鑿xu墦videace
2014-10-17 12:54 - 2014-10-17 12:54 - 00000000 ____D () C:\Windows\SysWOW64\{w蠉{wxuvideace
2014-10-17 10:33 - 2014-10-17 10:33 - 00000000 ____D () C:\Windows\SysWOW64\iw蠉iwxu嫹videace
2014-10-17 08:47 - 2014-10-17 08:47 - 00000000 ____D () C:\Windows\SysWOW64\Iw蠉Iwxu蓋videace
2014-10-16 20:18 - 2014-10-16 20:18 - 00000000 ____D () C:\Windows\SysWOW64\捵蠉捵xu鈾videace
2014-10-15 15:55 - 2014-10-15 15:55 - 00000000 ____D () C:\Windows\SysWOW64\宨蠉宨xu許videace
2014-10-15 08:39 - 2014-10-15 08:39 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu沔videace
2014-10-14 18:45 - 2014-10-14 18:45 - 00000000 ____D () C:\Windows\SysWOW64\蠉xuvideace
2014-10-14 14:16 - 2014-10-14 14:16 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu兝videace
2014-10-13 19:32 - 2014-10-13 19:32 - 00000000 ____D () C:\Windows\SysWOW64\蠉xu髏videace
2014-10-12 15:04 - 2014-10-12 15:04 - 00000000 ____D () C:\Windows\SysWOW64\yw蠉ywxu狖videace
2014-10-09 21:14 - 2014-10-09 21:14 - 00000000 ____D () C:\Windows\SysWOW64\w蠉wxu兝videace
2014-10-09 20:37 - 2014-10-09 20:37 - 00000000 ____D () C:\Windows\SysWOW64\%w蠉%wxuvideace
2014-10-08 17:29 - 2014-10-08 17:29 - 00000000 ____D () C:\Windows\SysWOW64\Rw蠉Rwxu惝videace
2014-10-08 17:07 - 2014-10-08 17:07 - 00000000 ____D () C:\Windows\SysWOW64\針蠉針xu踊videace
2014-10-08 16:21 - 2014-10-08 16:21 - 00000000 ____D () C:\Windows\SysWOW64\蠉xuvideace
2014-10-07 20:25 - 2014-10-07 20:25 - 00000000 ____D () C:\Windows\SysWOW64\Pw蠉Pwxu娖videace
2014-10-03 11:02 - 2014-10-03 11:02 - 00000000 ____D () C:\Windows\SysWOW64\蠉xuvideace
2014-10-03 10:22 - 2014-10-03 10:22 - 00000000 ____D () C:\Windows\SysWOW64\繗蠉繗xuvideace

*****************

C:\Windows\SysWOW64\$w蠉$wvideace => Moved successfully.
C:\Windows\SysWOW64\蠉枯videace => Moved successfully.
C:\Windows\SysWOW64\綩蠉綩αvideace => Moved successfully.
C:\Windows\SysWOW64\jw蠉jwvideace => Moved successfully.
C:\Program Files (x86)\ESET => Moved successfully.
C:\Windows\SysWOW64\煂蠉煂videace => Moved successfully.
C:\Windows\SysWOW64\.w蠉.wvideace => Moved successfully.
C:\Windows\SysWOW64\蠉videace => Moved successfully.
C:\Windows\SysWOW64\彽蠉彽videace => Moved successfully.
C:\Windows\SysWOW64\鑿蠉鑿videace => Moved successfully.
C:\Windows\SysWOW64\Bw蠉Bwvideace => Moved successfully.
C:\Windows\SysWOW64\喦蠉喦xu沔videace => Moved successfully.
C:\Windows\SysWOW64\tw蠉twxu餐videace => Moved successfully.
C:\Windows\SysWOW64\泡蠉泡xu娉videace => Moved successfully.
C:\Windows\SysWOW64\髯蠉髯xu苒videace => Moved successfully.
C:\Windows\SysWOW64\Bw蠉Bwxu胐videace => Moved successfully.
C:\Windows\SysWOW64\蠉xu孀videace => Moved successfully.
C:\Windows\SysWOW64\已蠉已xuvideace => Moved successfully.
C:\Windows\SysWOW64\dw蠉dwxu珮videace => Moved successfully.
C:\Windows\SysWOW64\蠉xu暝videace => Moved successfully.
C:\Windows\SysWOW64\蠉xu餐videace => Moved successfully.
C:\Windows\SysWOW64\Pw蠉Pwxu珮videace => Moved successfully.
C:\Windows\SysWOW64\鑿蠉鑿xu墦videace => Moved successfully.
C:\Windows\SysWOW64\{w蠉{wxuvideace => Moved successfully.
C:\Windows\SysWOW64\iw蠉iwxu嫹videace => Moved successfully.
C:\Windows\SysWOW64\Iw蠉Iwxu蓋videace => Moved successfully.
C:\Windows\SysWOW64\捵蠉捵xu鈾videace => Moved successfully.
C:\Windows\SysWOW64\宨蠉宨xu許videace => Moved successfully.
C:\Windows\SysWOW64\蠉xu沔videace => Moved successfully.
C:\Windows\SysWOW64\蠉xuvideace => Moved successfully.
C:\Windows\SysWOW64\蠉xu兝videace => Moved successfully.
C:\Windows\SysWOW64\蠉xu髏videace => Moved successfully.
C:\Windows\SysWOW64\yw蠉ywxu狖videace => Moved successfully.
C:\Windows\SysWOW64\w蠉wxu兝videace => Moved successfully.
C:\Windows\SysWOW64\%w蠉%wxuvideace => Moved successfully.
C:\Windows\SysWOW64\Rw蠉Rwxu惝videace => Moved successfully.
C:\Windows\SysWOW64\針蠉針xu踊videace => Moved successfully.
C:\Windows\SysWOW64\蠉xuvideace => Moved successfully.
C:\Windows\SysWOW64\Pw蠉Pwxu娖videace => Moved successfully.
C:\Windows\SysWOW64\蠉xuvideace => Moved successfully.
C:\Windows\SysWOW64\繗蠉繗xuvideace => Moved successfully.

==== End of Fixlog ====

And here is the Fresh Scan log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01
Ran by ASUS (administrator) on ASUS-PC on 31-10-2014 09:35:05
Running from C:\Users\ASUS\Desktop
Loaded Profile: ASUS (Available profiles: ASUS & 123)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: 中文 (繁體台灣)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(COMODO) D:\CIS 7\COMODO\COMODO Internet Security\cmdagent.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
(AdTrustMedia) C:\Program Files\AdTrustMedia\PrivDog\3.0.36.0\PrivDogService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(COMODO) D:\CIS 7\COMODO\COMODO Internet Security\cavwp.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(COMODO) D:\CIS 7\COMODO\COMODO Internet Security\CisTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(COMODO) D:\CIS 7\COMODO\COMODO Internet Security\cmdvirth.exe
(COMODO) D:\CIS 7\COMODO\COMODO Internet Security\cis.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 4.1\EMET_Agent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2168424 2010-10-13] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-14] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-14] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [IME14 CHT Setup] => C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE [110896 2012-03-14] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] => D:\CIS 7\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2011-10-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-18] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-04-08] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2010-11-25] (CyberLink Corp.)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [48128 2012-01-16] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [IME14 CHT Setup] => C:\Program Files (x86)\Common Files\microsoft shared\IME14\SHARED\IMEKLMG.EXE [81200 2012-03-14] (Microsoft Corporation)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333712 2012-10-11] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [EMET 4.1 Agent] => C:\Program Files (x86)\EMET 4.1\EMET_agent.exe [78992 2013-11-21] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4001696799-3722537429-2969441357-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-10-08] (Sandboxie Holdings, LLC)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1DF37C2486E3CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = zh-TW
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\ndvqsvu8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR Profile: C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-14] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-14] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 CmdAgent; D:\CIS 7\COMODO\COMODO Internet Security\cmdagent.exe [6812400 2014-03-25] (COMODO)
R3 cmdvirth; D:\CIS 7\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [83312 2010-10-20] (Microsoft Corporation)
R2 PrivDogService; C:\Program Files\AdTrustMedia\PrivDog\3.0.36.0\PrivDogService.exe [2097152 2014-09-11] (AdTrustMedia) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-10-08] (Sandboxie Holdings, LLC)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-26] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-10-25] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-03-25] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-03-25] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-03-25] (COMODO)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [65024 2012-01-10] (Fresco Logic)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-03-25] (COMODO)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R1 netfilter2; C:\Windows\system32\Drivers\netfilter2.sys [49024 2014-08-04] (Windows ® Win 7 DDK provider)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-30] (Sandboxie Holdings, LLC)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-10-17] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-20] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-31 09:22 - 2014-10-31 09:34 - 00014709 _____ () C:\Users\ASUS\Desktop\Addition.txt
2014-10-31 09:20 - 2014-10-31 09:35 - 00015889 _____ () C:\Users\ASUS\Desktop\FRST.txt
2014-10-31 09:19 - 2014-10-31 09:35 - 00000000 ____D () C:\FRST
2014-10-31 09:18 - 2014-10-31 09:18 - 00000000 ___RD () C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-10-31 09:09 - 2014-10-31 09:09 - 02113536 _____ (Farbar) C:\Users\ASUS\Desktop\FRST64.exe
2014-10-30 13:29 - 2014-10-30 21:52 - 00014594 _____ () C:\Users\ASUS\Documents\建達國際基本面分析.xlsx
2014-10-25 20:17 - 2014-10-07 10:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-25 20:17 - 2014-10-07 10:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-25 20:17 - 2014-09-29 08:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-25 20:17 - 2014-09-26 06:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-25 20:17 - 2014-09-26 06:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-25 20:17 - 2014-09-26 06:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-25 20:17 - 2014-09-26 06:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-25 20:17 - 2014-09-26 06:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-25 20:17 - 2014-09-26 06:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-25 20:17 - 2014-09-26 06:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-25 20:17 - 2014-09-19 10:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-25 20:17 - 2014-09-19 09:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-25 20:17 - 2014-09-19 09:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-25 20:17 - 2014-09-19 09:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-25 20:17 - 2014-09-19 09:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-25 20:17 - 2014-09-19 09:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-25 20:17 - 2014-09-19 09:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-25 20:17 - 2014-09-19 09:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-25 20:17 - 2014-09-19 09:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-25 20:17 - 2014-09-19 09:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-25 20:17 - 2014-09-19 09:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-25 20:17 - 2014-09-19 09:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-25 20:17 - 2014-09-19 09:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-25 20:17 - 2014-09-19 09:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-25 20:17 - 2014-09-19 09:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-25 20:17 - 2014-09-19 09:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-25 20:17 - 2014-09-19 09:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-25 20:17 - 2014-09-19 09:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-25 20:17 - 2014-09-19 09:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-25 20:17 - 2014-09-19 09:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-25 20:17 - 2014-09-19 09:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-25 20:17 - 2014-09-19 09:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-25 20:17 - 2014-09-19 09:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-25 20:17 - 2014-09-19 09:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-25 20:17 - 2014-09-19 09:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-25 20:17 - 2014-09-19 09:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-25 20:17 - 2014-09-19 08:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-25 20:17 - 2014-09-19 08:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-25 20:17 - 2014-09-19 08:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-25 20:17 - 2014-09-19 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-25 20:17 - 2014-09-19 08:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-25 20:17 - 2014-09-19 08:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-25 20:17 - 2014-09-19 08:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-25 20:17 - 2014-09-19 08:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-25 20:17 - 2014-09-19 08:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-25 20:17 - 2014-09-19 08:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-25 20:17 - 2014-09-19 08:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-25 20:17 - 2014-09-19 08:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-25 20:17 - 2014-09-19 08:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-25 20:17 - 2014-09-19 08:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-25 20:17 - 2014-09-19 08:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-25 20:17 - 2014-09-19 08:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-25 20:17 - 2014-09-19 08:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-25 20:17 - 2014-09-19 07:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-25 20:17 - 2014-09-19 07:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-25 20:17 - 2014-09-19 07:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-25 20:17 - 2014-09-19 07:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-25 20:17 - 2014-07-09 10:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-25 20:17 - 2014-07-09 10:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-25 20:17 - 2014-07-09 10:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-25 20:17 - 2014-07-09 10:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-25 20:17 - 2014-07-09 10:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-25 20:17 - 2014-07-09 09:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-25 20:17 - 2014-07-09 09:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-25 20:17 - 2014-07-09 09:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-25 20:17 - 2014-07-09 09:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-25 20:17 - 2014-07-09 09:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-25 20:17 - 2014-07-09 06:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-25 20:17 - 2014-07-09 06:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-25 20:17 - 2014-06-19 06:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-25 20:17 - 2014-06-19 06:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-25 20:17 - 2014-06-19 06:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-25 20:17 - 2014-06-19 06:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-25 20:17 - 2014-06-19 06:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-25 20:17 - 2014-06-19 06:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-25 20:16 - 2014-09-18 10:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-25 20:16 - 2014-09-18 09:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-25 20:16 - 2014-09-13 09:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-25 20:16 - 2014-09-13 09:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-25 20:16 - 2014-09-04 13:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-25 20:16 - 2014-09-04 13:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-25 20:16 - 2014-07-17 10:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-25 20:16 - 2014-07-17 10:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-25 20:16 - 2014-07-17 10:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-25 20:16 - 2014-07-17 10:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-25 20:16 - 2014-07-17 10:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-25 20:16 - 2014-07-17 10:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-25 20:16 - 2014-07-17 10:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-25 20:16 - 2014-07-17 10:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-25 20:16 - 2014-07-17 09:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-25 20:16 - 2014-07-17 09:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-25 20:16 - 2014-07-17 09:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-25 20:16 - 2014-07-17 09:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-25 20:16 - 2014-07-17 09:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-25 20:16 - 2014-07-17 09:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-25 20:16 - 2014-07-17 09:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-25 20:16 - 2014-07-17 09:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-25 14:09 - 2014-10-25 14:09 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-10-23 14:48 - 2014-10-30 21:52 - 00000526 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-23 14:48 - 2014-10-23 14:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-23 14:48 - 2014-10-23 14:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-23 14:48 - 2014-10-23 14:48 - 00003464 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-23 14:46 - 2014-10-23 14:29 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-23 14:46 - 2014-10-23 14:29 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-23 14:46 - 2014-10-23 14:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-23 14:28 - 2014-10-23 14:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-23 13:30 - 2014-10-23 13:29 - 00638888 _____ (Oracle Corporation) C:\Users\ASUS\Desktop\jxpiinstall.exe
2014-10-22 21:07 - 2014-10-25 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-22 20:46 - 2014-10-22 20:46 - 00204496 _____ (Malwarebytes) C:\Users\ASUS\Desktop\startuplite-setup-1.07.exe
2014-10-22 20:46 - 2014-10-22 20:43 - 14349744 _____ (Malwarebytes Corp.) C:\Users\ASUS\Desktop\mbar-1.07.0.1012.exe
2014-10-22 20:42 - 2014-10-22 20:42 - 04909382 _____ () C:\Users\ASUS\Desktop\mbam-chameleon-3.1.7.0.zip
2014-10-22 20:10 - 2014-10-22 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdTrustMedia
2014-10-20 16:48 - 2014-10-31 09:18 - 00733800 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-10-20 16:41 - 2014-10-25 13:59 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-10-20 16:41 - 2014-10-20 16:41 - 00001615 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2014-10-20 16:37 - 2014-10-21 22:10 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-10-20 16:37 - 2014-10-20 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-10-20 16:37 - 2014-10-20 16:37 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2014-10-20 16:37 - 2014-10-20 16:37 - 00001122 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2014-10-20 16:37 - 2014-10-20 16:37 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Comodo
2014-10-20 16:37 - 2014-10-20 16:37 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-10-20 15:39 - 2014-10-20 15:39 - 00002178 _____ () C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
2014-10-20 15:39 - 2014-10-20 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2014-10-20 15:39 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-10-20 15:39 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-10-20 15:37 - 2014-10-20 15:39 - 00000000 ____D () C:\Program Files\Bitdefender
2014-10-20 15:37 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-10-20 15:37 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-10-20 09:16 - 2014-10-20 09:16 - 00000079 _____ () C:\Users\ASUS\Desktop\Problem Shooting 2014 10 19.txt
2014-10-17 09:48 - 2014-10-17 09:48 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\ASUS\Desktop\ADSSpy.exe
2014-10-08 19:48 - 2014-10-19 15:14 - 00001290 _____ () C:\Users\ASUS\Desktop\Sandboxed Web Browser.lnk
2014-10-08 19:48 - 2014-10-08 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-10-08 19:46 - 2014-10-08 19:46 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\ASUS\Desktop\SandboxieInstall.exe
2014-10-03 11:57 - 2014-10-03 11:57 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-03 11:57 - 2014-10-03 11:57 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-31 09:22 - 2011-02-19 11:23 - 04545054 _____ () C:\Windows\system32\prfh0404.dat
2014-10-31 09:22 - 2011-02-19 11:23 - 04060296 _____ () C:\Windows\system32\prfc0404.dat
2014-10-31 09:22 - 2009-07-14 13:13 - 00006254 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-31 09:22 - 2009-07-14 12:45 - 00014816 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-31 09:22 - 2009-07-14 12:45 - 00014816 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-31 09:20 - 2012-11-07 04:42 - 01888218 _____ () C:\Windows\WindowsUpdate.log
2014-10-31 09:17 - 2013-12-15 22:23 - 00045187 _____ () C:\Windows\setupact.log
2014-10-31 09:17 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-30 08:23 - 2012-11-06 14:33 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-10-29 22:24 - 2013-12-25 17:12 - 00448574 _____ () C:\Windows\PFRO.log
2014-10-29 22:15 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-28 19:48 - 2014-09-05 11:45 - 00001584 _____ () C:\Windows\Sandboxie.ini
2014-10-26 18:23 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-10-26 08:53 - 2014-05-23 19:05 - 00352904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-25 23:35 - 2012-04-07 18:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-25 21:40 - 2013-07-14 07:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-25 21:39 - 2012-04-07 18:48 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-25 17:25 - 2014-06-10 11:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-25 10:45 - 2014-06-10 11:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-23 14:48 - 2012-06-20 22:37 - 00000000 ____D () C:\Users\ASUS\AppData\Local\Adobe
2014-10-23 14:46 - 2014-08-05 21:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-23 14:29 - 2014-08-05 21:34 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-23 14:29 - 2014-08-05 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-22 18:08 - 2012-04-09 12:35 - 00000000 ____D () C:\Users\ASUS\AppData\Local\CutePDF Writer
2014-10-20 16:41 - 2012-10-10 14:32 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-10-20 16:41 - 2012-09-30 16:00 - 00000000 ____D () C:\ProgramData\Comodo
2014-10-20 15:38 - 2013-06-17 17:11 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\QuickScan
2014-10-19 09:58 - 2014-09-25 13:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-10-18 19:57 - 2013-07-13 07:47 - 00000033 _____ () C:\ATKPF.ini
2014-10-17 22:18 - 2013-11-07 08:57 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Skype
2014-10-17 10:24 - 2014-07-14 10:48 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-17 09:43 - 2012-11-07 15:25 - 00000000 ____D () C:\Users\ASUS\AppData\Roaming\Mozilla
2014-10-14 14:22 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-09 12:17 - 2012-11-06 14:35 - 00000000 ____D () C:\Users\ASUS\Documents\Bluetooth Folder

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-26 00:09

==================== End Of Log ============================

Additional log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014 01
Ran by ASUS at 2014-10-31 09:36:30
Running from C:\Users\ASUS\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}) (Version: 1.7.17.25416 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416 - Alcor Micro Corp.) Hidden
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.15 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.25 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS RT-N12 Wireless Router Utilities (HKLM-x32\...\{58F2F72A-B8C9-4CCC-B253-4F1509193EC3}) (Version: 4.2.6.7 - ASUS)
ASUS RT-N12C1 Wireless Router Utilities (HKLM-x32\...\{611B04D4-E2E0-4536-9F39-77C41688E573}) (Version: 4.2.4.2 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0033 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4710 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4710 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
COMODO Internet Security Premium (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.0.1123_32710 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3327 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2726.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2726.0 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2312.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EMET 4.1 (HKLM-x32\...\{65BC2BDA-D828-4596-99E4-A8799C45C84C}) (Version: 4.1 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 8.0.5.3_WHQL (HKLM\...\Elantech) (Version: 8.0.5.3 - ELAN Microelectronic Corp.)
ExpressGateCloud (HKLM-x32\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 2.6.27.160 - VideACE Co.)
ExpressGateCloud (x32 Version: 2.6.27.160 - VideACE Co.) Hidden
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Fresco Logic USB3.0 Host Controller (HKLM\...\{1A4FE2D5-88B4-45EB-B58E-AB9134FEAA26}) (Version: 3.5.30.0 - Fresco Logic Inc.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LINE (HKLM-x32\...\LINE) (Version: 3.7.4.97 - LINE Corporation)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 zh-TW) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 zh-TW)) (Version: 32.0.2 - Mozilla)
Mozilla Thunderbird 31.2.0 (x86 zh-TW) (HKLM-x32\...\Mozilla Thunderbird 31.2.0 (x86 zh-TW)) (Version: 31.2.0 - Mozilla)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
Nuance PDF Reader (HKLM-x32\...\{0017FFDB-F7F3-4058-BCDF-D9204CFBDCB2}) (Version: 8.10.1302 - Nuance Communications, Inc.)
PrivDog (HKLM\...\{47AE54A8-A0C5-4A60-B89A-32F61F1CC72A}) (Version: 3.0.36.0 - AdTrustMedia)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6221 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SonicMaster (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
UFR II Printer Driver Uninstaller (HKLM\...\Canon UFR II Printer Driver) (Version: 6, 1, 0, 0 - Canon Inc.)
USB2.0 UVC 2M WebCam (HKLM\...\USB2.0 UVC 2M WebCam) (Version: 5.8.55133.208 - Sonix)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-10-2014 07:30:11 Installing COMODO Internet Security Premium Beta
20-10-2014 07:31:26 裝置驅動程式套件安裝: COMODO Network Service
20-10-2014 08:18:44 Removed COMODO Internet Security Premium Beta
20-10-2014 08:40:46 裝置驅動程式套件安裝: COMODO Network Service
22-10-2014 12:08:54 Installed PrivDog
23-10-2014 06:43:04 Removed Java 7 Update 67
25-10-2014 13:38:10 Windows Update
25-10-2014 15:11:55 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2014-10-29 22:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01EC2AAF-DE34-44B3-A893-082218DDE060} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-05-31] (ASUS)
Task: {36419487-C348-44AB-A029-EC5F89A9E873} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {4A382306-34D9-4605-9748-2A7D9315D4A2} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2011-09-08] (ASUSTek Computer Inc.)
Task: {4B02D414-52EA-4EA5-9428-CC1626614962} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-23] (Adobe Systems Incorporated)
Task: {54543F00-D1E7-4684-9FE8-A1681C065400} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => D:\CIS 7\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)
Task: {67294013-1931-44EE-8E54-8A67DE560D48} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-16] (ASUS)
Task: {6FCB5E32-8671-4A67-A3BD-7B9CB22F1958} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => D:\CIS 7\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)
Task: {7FD54A6F-5B8A-479A-B675-55B6EBD4476F} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)
Task: {B5D91C37-15EF-4867-83F2-CCBE454E2C57} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C91F6037-E17F-45BA-BEEF-81F6ACFC1BEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D30853EB-51B8-4159-A130-2EB2A6978511} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2010-11-24] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-10-20 15:39 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2014-10-20 15:39 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2012-04-09 12:34 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2014-05-21 18:22 - 2014-05-21 18:22 - 02135232 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
2014-09-04 18:13 - 2014-09-04 18:13 - 01960448 _____ () C:\Program Files\AdTrustMedia\PrivDog\3.0.36.0\UtilsDll.dll
2014-09-11 16:56 - 2014-09-11 16:56 - 00102400 _____ () C:\Program Files\AdTrustMedia\PrivDog\3.0.36.0\PrivDogManager\Plugins\nfapi.dll
2014-09-11 16:57 - 2014-09-11 16:57 - 00529920 _____ () C:\Program Files\AdTrustMedia\PrivDog\3.0.36.0\PrivDogManager\Plugins\ProtocolFilters.dll
2014-06-08 17:13 - 2012-08-08 21:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2011-03-26 09:55 - 2011-03-26 09:55 - 00091464 _____ () C:\ExpressGateUtil\VAWinService.exe
2010-07-15 08:11 - 2010-07-15 08:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2011-09-22 10:01 - 2011-01-27 08:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-09-24 08:53 - 2010-09-24 08:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2011-04-08 13:26 - 2011-04-08 13:26 - 00045448 _____ () C:\ExpressGateUtil\VAWinAgent.exe
2013-11-21 10:14 - 2013-11-21 10:14 - 00114176 _____ () C:\Program Files (x86)\EMET 4.1\HelperLib.dll
2013-11-12 09:22 - 2013-11-12 09:22 - 00028672 _____ () C:\Program Files (x86)\EMET 4.1\ReportingSubsystem.dll
2013-11-21 10:14 - 2013-11-21 10:14 - 00348160 _____ () C:\Program Files (x86)\EMET 4.1\DevExpress.UserSkins.HighContrast.dll
2013-11-21 10:14 - 2013-11-21 10:14 - 00023040 _____ () C:\Program Files (x86)\EMET 4.1\TrayIconSubsystem.dll
2013-11-21 10:14 - 2013-11-21 10:14 - 00042496 _____ () C:\Program Files (x86)\EMET 4.1\PKIPinningSubsystem.dll
2011-03-26 09:55 - 2011-03-26 09:55 - 00157000 _____ () C:\ExpressGateUtil\libexpat.dll
2011-03-26 09:55 - 2011-03-26 09:55 - 00061768 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2011-05-31 05:48 - 2011-05-31 05:48 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-08-21 01:57 - 2010-08-21 01:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-21 01:57 - 2010-08-21 01:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

========================= Accounts: ==========================

123 (S-1-5-21-4001696799-3722537429-2969441357-1005 - Administrator - Enabled) => C:\Users\123
Administrator (S-1-5-21-4001696799-3722537429-2969441357-500 - Administrator - Disabled)
ASUS (S-1-5-21-4001696799-3722537429-2969441357-1001 - Administrator - Enabled) => C:\Users\ASUS
Guest (S-1-5-21-4001696799-3722537429-2969441357-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4001696799-3722537429-2969441357-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: TAP Adapter V9 for Private Tunnel #2
Description: TAP Adapter V9 for Private Tunnel
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP Provider V9 for Private Tunnel
Service: ptun0901
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: TAP Adapter V9 for Private Tunnel
Description: TAP Adapter V9 for Private Tunnel
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP Provider V9 for Private Tunnel
Service: ptun0901
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: 標準 VGA 繪圖卡
Description: 標準 VGA 繪圖卡
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (標準顯示類型)
Service: vga
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2014 09:22:25 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: 解除載入服務 WmiApRpl (WmiApRpl) 的效能計數器字串失敗。Data 區段中的第一個 DWORD 包含錯誤碼。

Error: (10/31/2014 09:22:25 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: 處理 Performance 延伸計數器提供者時Performance 登錄值中的效能字串已損毀。Performance 登錄中的 BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD而 LastHelp 值則是 Data 區段中的第三個 DWORD。

Error: (10/31/2014 09:22:25 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: 處理 Performance 延伸計數器提供者時Performance 登錄值中的效能字串已損毀。Performance 登錄中的 BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD而 LastHelp 值則是 Data 區段中的第三個 DWORD。

Error: (10/31/2014 09:09:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: 解除載入服務 WmiApRpl (WmiApRpl) 的效能計數器字串失敗。Data 區段中的第一個 DWORD 包含錯誤碼。

Error: (10/31/2014 09:09:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: 處理 Performance 延伸計數器提供者時Performance 登錄值中的效能字串已損毀。Performance 登錄中的 BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD而 LastHelp 值則是 Data 區段中的第三個 DWORD。

Error: (10/31/2014 09:09:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: 處理 Performance 延伸計數器提供者時Performance 登錄值中的效能字串已損毀。Performance 登錄中的 BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD而 LastHelp 值則是 Data 區段中的第三個 DWORD。

Error: (10/30/2014 06:24:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: 解除載入服務 WmiApRpl (WmiApRpl) 的效能計數器字串失敗。Data 區段中的第一個 DWORD 包含錯誤碼。

Error: (10/30/2014 06:24:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: 處理 Performance 延伸計數器提供者時Performance 登錄值中的效能字串已損毀。Performance 登錄中的 BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD而 LastHelp 值則是 Data 區段中的第三個 DWORD。

Error: (10/30/2014 06:24:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: 處理 Performance 延伸計數器提供者時Performance 登錄值中的效能字串已損毀。Performance 登錄中的 BaseIndex 值是 Data 區段中的第一個 DWORD、LastCounter 值是 Data 區段中的第二個 DWORD而 LastHelp 值則是 Data 區段中的第三個 DWORD。

Error: (10/30/2014 04:51:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1" 的啟用內容產生失敗。在資訊清單或原則檔 "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" 的第 C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3 行發生錯誤。
應用程式所需的元件版本和另一個使用中的元件版本衝突。
衝突的元件為:
元件 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest。
元件 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest。


System errors:
=============
Error: (10/31/2014 09:16:28 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Windows Update 服務在接收到關機前控制之後未正確關機。

Error: (10/30/2014 10:41:14 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Windows Update 服務在接收到關機前控制之後未正確關機。

Error: (10/30/2014 06:16:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List Service 服務依存的 Network Location Awareness 服務因為發生下列錯誤而無法啟動:
%%1068

Error: (10/30/2014 06:16:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List Service 服務依存的 Network Location Awareness 服務因為發生下列錯誤而無法啟動:
%%1068

Error: (10/30/2014 06:16:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List Service 服務依存的 Network Location Awareness 服務因為發生下列錯誤而無法啟動:
%%1068

Error: (10/30/2014 06:16:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List Service 服務依存的 Network Location Awareness 服務因為發生下列錯誤而無法啟動:
%%1068

Error: (10/30/2014 06:16:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List Service 服務依存的 Network Location Awareness 服務因為發生下列錯誤而無法啟動:
%%1068

Error: (10/30/2014 06:16:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List Service 服務依存的 Network Location Awareness 服務因為發生下列錯誤而無法啟動:
%%1068

Error: (10/30/2014 06:16:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List Service 服務依存的 Network Location Awareness 服務因為發生下列錯誤而無法啟動:
%%1068

Error: (10/30/2014 06:16:43 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}


Microsoft Office Sessions:
=========================
Error: (10/31/2014 09:22:25 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (10/31/2014 09:22:25 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (10/31/2014 09:22:25 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (10/31/2014 09:09:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (10/31/2014 09:09:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (10/31/2014 09:09:41 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (10/30/2014 06:24:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (10/30/2014 06:24:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (10/30/2014 06:24:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (10/30/2014 04:51:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe


CodeIntegrity Errors:
===================================
  Date: 2014-10-29 22:15:32.713
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-29 22:15:32.557
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-25 09:30:42.669
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-25 09:30:42.513
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-25 09:30:42.357
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-25 09:30:42.201
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-25 07:19:22.340
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-25 07:19:22.184
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-25 07:19:22.028
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-25 07:19:21.872
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\ptun0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 25%
Total physical RAM: 8102.77 MB
Available physical RAM: 6009.95 MB
Total Pagefile: 16503.72 MB
Available Pagefile: 14228.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:200 GB) (Free:106.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:240.76 GB) (Free:210.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 007203DB)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=240.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#11 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 30 October 2014 - 11:56 PM

After fixed, I found 642 items with ???Videace ending folder. I delete them all.

The I reboot my PC for several times.

 

Some time it appear, and some some it did not appear the ???Videace ending folder under C:\Windows\SysWOW64 directory.

 

I don't know what make the ??Videace ending folder leftover.

 

Please see fixlog below:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 01
Ran by ASUS at 2014-10-31 11:03:21 Run:4
Running from C:\Users\ASUS\Desktop
Loaded Profile: ASUS (Available profiles: ASUS & 123)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2014-10-31 10:53 - 2014-10-31 10:53 - 00000000 ____D () C:\Windows\SysWOW64\矏蠉矏videace

*****************

C:\Windows\SysWOW64\矏蠉矏videace => Moved successfully.

==== End of Fixlog ====

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 01
Ran by ASUS at 2014-10-31 12:16:59 Run:5
Running from C:\Users\ASUS\Desktop
Loaded Profile: ASUS (Available profiles: ASUS & 123)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2014-10-31 12:07 - 2014-10-31 12:07 - 00000000 ____D () C:\Windows\SysWOW64\qw蠉qwαvideace

*****************

C:\Windows\SysWOW64\qw蠉qwαvideace => Moved successfully.

==== End of Fixlog ====

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 01
Ran by ASUS at 2014-10-31 12:49:09 Run:6
Running from C:\Users\ASUS\Desktop
Loaded Profile: ASUS (Available profiles: ASUS & 123)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2014-10-31 12:40 - 2014-10-31 12:40 - 00000000 ____D () C:\Windows\SysWOW64\Hw蠉Hwvideace
*****************

C:\Windows\SysWOW64\Hw蠉Hwvideace => Moved successfully.

==== End of Fixlog ====



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:31 AM

Posted 31 October 2014 - 06:47 AM

Hi WinBMY,

 

Lets do a search for videace to see if we can find any clues.

 

  • Please download SystemLook (64-bit) by jpshortstuff and save it to your desktop
  • Double-click the program to run it, paste the entire text into the main text box:

:regfind
​videace

:filefind
*videace*

:folderfind
*videace*
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 31 October 2014 - 08:36 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 21:24 on 31/10/2014 by ASUS
Administrator - Elevation successful

========== regfind ==========

Searching for "videace"
[HKEY_CURRENT_USER\Software\VideACE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6ECC7128001673F89978C9731739C234]
"93CD0B632823BE0458788B57EC643C7A"="C:\Windows\IVG.TMP\OutlookSync\VideAceSyncOutlook2007.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93CD0B632823BE0458788B57EC643C7A\InstallProperties]
"Publisher"="VideACE Co."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93CD0B632823BE0458788B57EC643C7A\InstallProperties]
"URLInfoAbout"="http://www.videace.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ASUS\ASUS ExpressGate Cloud]
"Publisher"="VideACE Co."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ASUS\ASUS ExpressGate Cloud]
"URLInfoAbout"="http://www.videace.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}]
"Publisher"="VideACE Co."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}]
"URLInfoAbout"="http://www.videace.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{36B0DC39-3282-40EB-8587-B875CE46C3A7}]
"Publisher"="VideACE Co."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{36B0DC39-3282-40EB-8587-B875CE46C3A7}]
"URLInfoAbout"="http://www.videace.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VideACE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VideAceWindowsService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VideAceWindowsService]
"DisplayName"="VideAceWindowsService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\VideAceWindowsService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\VideAceWindowsService]
"DisplayName"="VideAceWindowsService"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VideAceWindowsService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\VideAceWindowsService]
"DisplayName"="VideAceWindowsService"
[HKEY_USERS\S-1-5-21-4001696799-3722537429-2969441357-1001\Software\VideACE]

========== filefind ==========

Searching for "*videace*"
C:\$RECYCLE.BIN\S-1-5-21-4001696799-3722537429-2969441357-1001\$I5AM4LI.wxt躡videace    --a---- 544 bytes    [01:53 31/10/2014]    [01:53 31/10/2014] D36DE2F6CFC48FABAF32405F0D566BB9
C:\$RECYCLE.BIN\S-1-5-21-4001696799-3722537429-2969441357-1001\$IJ3O98K.wvideace    --a---- 544 bytes    [01:53 31/10/2014]    [01:53 31/10/2014] 6F3F214F22AE11BCEE9AD1D3BEB18A3F
C:\$RECYCLE.BIN\S-1-5-21-4001696799-3722537429-2969441357-1001\$IJPBLYX.wxt吭videace    --a---- 544 bytes    [01:53 31/10/2014]    [01:53 31/10/2014] 73D44FA40D01313DB7618620818B315D
C:\$RECYCLE.BIN\S-1-5-21-4001696799-3722537429-2969441357-1001\$IM8L61L.wxt揊videace    --a---- 544 bytes    [01:53 31/10/2014]    [01:53 31/10/2014] 621095DADA9E9D3753C7E6DFA177FEB1

========== folderfind ==========

Searching for "*videace*"
C:\videace    d------    [07:14 07/11/2012]
C:\$RECYCLE.BIN\S-1-5-21-4001696799-3722537429-2969441357-1001\$R5AM4LI.wxt躡videace    d------    [00:07 25/06/2014]
C:\$RECYCLE.BIN\S-1-5-21-4001696799-3722537429-2969441357-1001\$RJ3O98K.wvideace    d------    [01:30 31/03/2014]
C:\$RECYCLE.BIN\S-1-5-21-4001696799-3722537429-2969441357-1001\$RJPBLYX.wxt吭videace    d------    [05:46 07/11/2012]
C:\$RECYCLE.BIN\S-1-5-21-4001696799-3722537429-2969441357-1001\$RM8L61L.wxt揊videace    d------    [10:09 03/06/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\$w蠉$wvideace    d------    [01:17 31/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\%w蠉%wxuvideace    d------    [12:37 09/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\.w蠉.wvideace    d------    [09:38 26/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\Bw蠉Bwxu胐videace    d------    [02:09 21/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\Bw蠉Bwvideace    d------    [07:39 24/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\dw蠉dwxu珮videace    d------    [01:48 19/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\Hw蠉Hwvideace    d------    [04:40 31/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\iw蠉iwxu嫹videace    d------    [02:33 17/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\Iw蠉Iwxu蓋videace    d------    [00:47 17/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\jw蠉jwvideace    d------    [00:24 29/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\Pw蠉Pwxu娖videace    d------    [12:25 07/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\Pw蠉Pwxu珮videace    d------    [09:19 18/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\qw蠉qwαvideace    d------    [04:07 31/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\Rw蠉Rwxu惝videace    d------    [09:29 08/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\tw蠉twxu餐videace    d------    [13:22 22/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\yw蠉ywxu狖videace    d------    [07:04 12/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\{w蠉{wxuvideace    d------    [04:54 17/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\w蠉wxu兝videace    d------    [13:14 09/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\喦蠉喦xu沔videace    d------    [06:24 23/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\宨蠉宨xu許videace    d------    [07:55 15/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\已蠉已xuvideace    d------    [12:26 19/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\彽蠉彽videace    d------    [13:58 25/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\捵蠉捵xu鈾videace    d------    [12:18 16/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\泡蠉泡xu娉videace    d------    [03:15 22/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\煂蠉煂videace    d------    [00:20 27/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\矏蠉矏videace    d------    [02:53 31/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\綩蠉綩αvideace    d------    [14:25 29/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\繗蠉繗xuvideace    d------    [02:22 03/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\針蠉針xu踊videace    d------    [09:07 08/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\鑿蠉鑿xu墦videace    d------    [14:38 17/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\鑿蠉鑿videace    d------    [01:50 25/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\髯蠉髯xu苒videace    d------    [01:35 22/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\蠉xu髏videace    d------    [11:32 13/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\蠉xu餐videace    d------    [13:34 18/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\蠉videace    d------    [00:54 26/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\蠉xu孀videace    d------    [08:44 20/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\蠉xu沔videace    d------    [00:39 15/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\蠉xuvideace    d------    [03:02 03/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\蠉xu兝videace    d------    [06:16 14/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\蠉xuvideace    d------    [10:45 14/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\蠉枯videace    d------    [00:23 30/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\蠉xuvideace    d------    [08:21 08/10/2014]
C:\FRST\Quarantine\C\Windows\SysWOW64\蠉xu暝videace    d------    [00:34 19/10/2014]
C:\Windows\SysWOW64\qw蠉qwαvideace    d------    [13:22 31/10/2014]

-= EOF =-



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:31 AM

Posted 31 October 2014 - 10:48 AM

Hi WinBMY,
 
Do you use this program: ExpressGateCloud? It seems that may be where the folders are coming from, and if you do not use it then we can remove it and see whether the folders still appear.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 WinBMY

WinBMY
  • Topic Starter

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 31 October 2014 - 10:11 PM

Well, My notebook PC is ASUS, I don't know if ExpressGateCloud is defaulted by ASUS?

 

But I confirm I don't use this program.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users