Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need help with computer problems (NET Framework error, long shutdowns)


  • This topic is locked This topic is locked
27 replies to this topic

#1 Windyy91

Windyy91

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 09 November 2014 - 06:45 AM

I have a nasty problem with my computer that stayed persistent for at least 2 weeks after accidentally uninstalling microsoft visual C++ redistributable program. Problems started to show up. I tried system restore but to no avail.

Symptoms include:
- Infinitely long shutdowns (This problem occurred after I did this thing, I enabled something too as well but I am able to see the OS is able to end the windows update as well as the processes. It is stuck in the "Shutting down" though.

- Unable to run certain programs (Includes Audacity, Windows Media Player and certain games like Dota 2, is there a connection to this problem?)

- Shockwave plug-in crashing on Chrome. (I am unable to watch videos from youtube and most websites cannot load because of this pop-up)

and what I did is to push the power off button and then back on again to start the computer. Can anyone help please? I really like windows 7 and I don't want to reformat my computer. I did almost everything including malware scan, disk cleanup, as well as re-installing of shockwave flash. Nothing worked.

 

I have these installed as well:

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable x86 - 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable x64 - 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (I have reinstalled this through system restore, but it doesn't solve the issue)

Now I know that there are required for many instances, hence all those problems surfacing up. Do you have any ideas how to fix this?

I don't have a install disk by the way.
I have tried using cmd sfc /scannow, but it has no avail too.

 

Can someone show me where to start on this? This is really getting on my nerves, I'm sure I will spoil my computer soon if I keep switching off the computer using power off button.


Edited by hamluis, 17 November 2014 - 12:48 PM.
Moved from Win 7 to MRL - Hamluis.


BC AdBot (Login to Remove)

 


#2 Windyy91

Windyy91
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 09 November 2014 - 06:49 AM

Error on event viewer:

 

.NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 6960.  Message ID: [0x2509].

 

The program dota.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 Process ID: d54
 Start Time: 01cffc0122284add
 Termination Time: 31
 Application Path: F:\SteamLibrary\steamapps\common\dota 2 beta\dota.exe
 Report Id: 747e0c2a-67f4-11e4-808a-00acb1075a56
 
D:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe:
could not open error log file: CreateFile() "logs/error.log" failed (3: The system cannot find the path specified)

 

Warning on event viewer:

 

The content source <csc://{S-1-5-21-1071986836-1509940244-186786003-1000}/> cannot be accessed.
 
Context:  Application, SystemIndex Catalog
 
Details:
The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add.  (HRESULT : 0x80040d0d) (0x80040d0d)


#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 10 November 2014 - 07:28 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 Windyy91

Windyy91
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 11 November 2014 - 10:23 AM

Thank you so much Marius !

 

Here are the results for the 1st step:

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by KianFoong (administrator) on KIANFOONG-PC on 11-11-2014 23:16:42
Running from C:\Users\KianFoong\Desktop
Loaded Profile: KianFoong (Available profiles: KianFoong)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(PostgreSQL Global Development Group) D:\metasploit\postgresql\bin\pg_ctl.exe
(http://www.ruby-lang.org/) D:\metasploit\ruby\bin\ruby.exe
(http://www.ruby-lang.org/) D:\metasploit\ruby\bin\ruby.exe
(http://www.ruby-lang.org/) D:\metasploit\ruby\bin\ruby.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(PostgreSQL Global Development Group) D:\metasploit\postgresql\bin\postgres.exe
(PostgreSQL Global Development Group) D:\metasploit\postgresql\bin\postgres.exe
(PostgreSQL Global Development Group) D:\metasploit\postgresql\bin\postgres.exe
(PostgreSQL Global Development Group) D:\metasploit\postgresql\bin\postgres.exe
(PostgreSQL Global Development Group) D:\metasploit\postgresql\bin\postgres.exe
(PostgreSQL Global Development Group) D:\metasploit\postgresql\bin\postgres.exe
(PostgreSQL Global Development Group) D:\metasploit\postgresql\bin\postgres.exe
(SoftEther Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(PostgreSQL Global Development Group) D:\metasploit\postgresql\bin\postgres.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Google Inc.) C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() D:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe
() D:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe
(PostgreSQL Global Development Group) D:\metasploit\postgresql\bin\postgres.exe
(PostgreSQL Global Development Group) D:\metasploit\postgresql\bin\postgres.exe
(PostgreSQL Global Development Group) D:\metasploit\postgresql\bin\postgres.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(PostgreSQL Global Development Group) D:\metasploit\postgresql\bin\postgres.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SXMaple) C:\Users\KianFoong\Desktop\MapleStorySEA\Alchemy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Wizet) C:\Users\KianFoong\Desktop\MapleStorySEA\MapleStory.exe
(NEXON Korea Corporation) C:\Users\KianFoong\Desktop\MapleStorySEA\BlackCipher\BlackCipher.aes
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-10-24] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-1071986836-1509940244-186786003-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938624 2014-10-22] (Valve Corporation)
HKU\S-1-5-21-1071986836-1509940244-186786003-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1071986836-1509940244-186786003-1000\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2587136 2012-12-29] ()
HKU\S-1-5-21-1071986836-1509940244-186786003-1000\...\Run: [MusicManager] => C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631360 2014-10-09] (Google Inc.)
HKU\S-1-5-21-1071986836-1509940244-186786003-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1071986836-1509940244-186786003-1000\...\Run: [GoogleChromeAutoLaunch_3E78563A9C7A828FC58D3714FC5622EE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-22] (Google Inc.)
HKU\S-1-5-21-1071986836-1509940244-186786003-1000\...\MountPoints2: F - F:\Setup.exe
Startup: C:\Users\KianFoong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: proxy2.singnet.com.sg:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?rd=1&ucc=SG&dcc=SG&opt=0&ocid=iehp&tc=2
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: beautydeals -> {5299ab05-62ab-4efc-bb43-b3189403c8a8} -> C:\ProgramData\beautydeals\DNZfACMMe3G0oa.x64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: beautydeals -> {5299ab05-62ab-4efc-bb43-b3189403c8a8} -> C:\ProgramData\beautydeals\DNZfACMMe3G0oa.dll ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: 127.0.0.1 launcher01.kalypsomedia.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\KianFoong\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKU\S-1-5-21-1071986836-1509940244-186786003-1000: @tools.google.com/Google Update;version=3 -> C:\Users\KianFoong\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1071986836-1509940244-186786003-1000: @tools.google.com/Google Update;version=9 -> C:\Users\KianFoong\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://searchou.com/?id=5828c06b000000000000bcaec5e4f564
CHR StartupUrls: Default -> "hxxp://my-snowfield.livejournal.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-13]
CHR Extension: (Google Drive) - C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-13]
CHR Extension: (Google Search) - C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-13]
CHR Extension: (Download Youtube as mp3) - C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default\Extensions\mepapnoaejebkkpkpacihjlfekoggahp [2013-09-13]
CHR Extension: (Tom's Hardware - My Threads) - C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nddbmgcnelmmhlfibkmfnhnfeccaliip [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [938776 2013-05-13] (BitRaider, LLC)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 metasploitPostgreSQL; D:\metasploit\postgresql\bin\pg_ctl.exe [76800 2014-04-11] (PostgreSQL Global Development Group) [File not signed]
R2 metasploitProSvc; D:\metasploit\ruby\bin\ruby.exe [70239 2014-06-06] (http://www.ruby-lang.org/) [File not signed]
R2 metasploitThin; D:\metasploit\ruby\bin\ruby.exe [70239 2014-06-06] (http://www.ruby-lang.org/) [File not signed]
R2 metasploitWorker; D:\metasploit\ruby\bin\ruby.exe [70239 2014-06-06] (http://www.ruby-lang.org/) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-08-22] ()
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-05-30] (Seagate Technology LLC)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4308024 2013-10-10] (SoftEther Project at University of Tsukuba, Japan.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-10-09] (Company) [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671000 2014-11-05] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 L6PODLV; C:\Windows\System32\Drivers\L6PODLV64.sys [772864 2013-07-12] (Line 6)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [20352 2009-09-30] (Razer USA Ltd.)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0108.sys [28768 2013-10-10] (SoftEther Project at University of Tsukuba, Japan.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2013-07-29] (CACE Technologies, Inc.)
R3 RDID1116; C:\Windows\System32\Drivers\rdwm1116.sys [157696 2010-12-01] (Roland Corporation)
R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [40104 2014-09-05] (Razer Inc)
R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-05] (Razer Inc)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-02] ()
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
R3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S0 lbmvoc; System32\drivers\yeib.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-11 23:16 - 2014-11-11 23:17 - 00019639 _____ () C:\Users\KianFoong\Desktop\FRST.txt
2014-11-11 23:16 - 2014-11-11 23:16 - 00000000 ____D () C:\FRST
2014-11-11 23:15 - 2014-11-11 23:15 - 02116096 _____ (Farbar) C:\Users\KianFoong\Desktop\FRST64.exe
2014-11-11 23:15 - 2014-11-11 23:15 - 00380416 _____ () C:\Users\KianFoong\Desktop\95cjdmrb.exe
2014-11-11 23:14 - 2014-11-11 23:15 - 04163057 _____ () C:\Users\KianFoong\Desktop\tdsskiller.zip
2014-11-11 01:19 - 2014-11-11 01:19 - 00000000 _____ () C:\STFB646.tmp
2014-11-10 09:02 - 2014-11-10 09:02 - 00000000 _____ () C:\STF8B9B.tmp
2014-11-10 04:15 - 2014-11-10 04:15 - 00000000 _____ () C:\STF8E05.tmp
2014-11-09 18:59 - 2014-11-09 18:59 - 00000000 ____D () C:\Users\KianFoong\AppData\Local\SXMaple
2014-11-09 18:52 - 2014-11-09 18:57 - 00000000 ____D () C:\Users\KianFoong\Desktop\MapleStorySEA
2014-11-09 18:14 - 2014-11-09 20:00 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_KianFoong
2014-11-09 17:03 - 2014-11-09 17:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-09 17:03 - 2014-11-09 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-09 12:03 - 2014-11-09 12:03 - 00000000 ____D () C:\Users\KianFoong\AppData\Roaming\WTablet
2014-11-09 11:59 - 2014-11-09 11:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2014-11-09 11:59 - 2014-11-09 11:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2014-11-09 11:59 - 2014-11-09 11:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf
2014-11-09 11:59 - 2014-11-09 11:59 - 00000000 ____D () C:\Program Files\TabletPlugins
2014-11-09 11:59 - 2014-11-09 11:59 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2014-11-09 11:59 - 2014-10-07 07:54 - 00015160 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomrouterfilter.sys
2014-11-09 11:58 - 2014-11-09 11:59 - 00000000 ____D () C:\Program Files\Tablet
2014-11-09 11:58 - 2014-11-05 02:49 - 02029336 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2014-11-09 11:58 - 2014-11-05 02:49 - 01995544 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2014-11-09 11:58 - 2014-11-05 02:49 - 01988888 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2014-11-09 11:58 - 2014-11-05 02:49 - 01863448 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2014-11-09 11:58 - 2014-11-05 02:49 - 01626392 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2014-11-09 11:58 - 2014-11-05 02:49 - 01617176 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
2014-11-09 11:58 - 2014-11-05 02:49 - 01610008 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2014-11-09 11:58 - 2014-11-05 02:49 - 01497368 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2014-11-09 11:58 - 2014-10-07 07:54 - 00100664 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2014-11-09 11:58 - 2014-10-07 07:54 - 00014136 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2014-11-09 11:58 - 2012-12-12 06:12 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wdfcoinstaller01009.dll
2014-11-09 11:30 - 2014-11-09 11:30 - 00000000 _____ () C:\STF684D.tmp
2014-11-09 09:57 - 2014-11-09 09:57 - 00000000 _____ () C:\STF1FF5.tmp
2014-11-09 04:44 - 2014-11-09 04:44 - 00018826 _____ () C:\Users\KianFoong\Desktop\Trainingscalculator.zip
2014-11-09 03:07 - 2014-11-09 03:07 - 00000000 _____ () C:\STFC234.tmp
2014-11-08 19:23 - 2014-11-08 19:23 - 00000000 _____ () C:\STF5E79.tmp
2014-11-08 18:15 - 2014-11-08 18:15 - 00000000 _____ () C:\STFF430.tmp
2014-11-08 16:58 - 2014-11-08 16:58 - 00000000 _____ () C:\STFE2FE.tmp
2014-11-08 15:33 - 2014-11-08 15:33 - 00000000 _____ () C:\STF751F.tmp
2014-11-08 14:54 - 2014-11-06 06:14 - 01706939 _____ (Thisisu) C:\Users\KianFoong\Desktop\JRT_NEW.exe
2014-11-08 14:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-11-08 13:58 - 2014-11-08 13:58 - 01375089 _____ () C:\Users\KianFoong\Desktop\adwcleaner_3.311.exe
2014-11-08 03:22 - 2014-11-08 03:22 - 00000000 _____ () C:\STF7DA7.tmp
2014-11-08 01:19 - 2014-11-08 01:19 - 00000000 _____ () C:\STFD352.tmp
2014-11-08 01:09 - 2014-11-08 01:09 - 00000000 _____ () C:\STF3389.tmp
2014-11-07 23:27 - 2014-11-07 23:27 - 00000000 _____ () C:\STF64E3.tmp
2014-11-07 15:34 - 2014-11-07 15:34 - 00000000 _____ () C:\STFF1A2.tmp
2014-11-07 07:33 - 2014-11-07 07:33 - 00000000 _____ () C:\STF5BDF.tmp
2014-11-06 14:32 - 2014-11-06 14:32 - 00000000 _____ () C:\STF7756.tmp
2014-11-06 13:44 - 2014-11-06 13:44 - 00000000 _____ () C:\STFEF03.tmp
2014-11-06 01:26 - 2014-11-06 01:26 - 00000000 _____ () C:\STF14.tmp
2014-11-05 11:39 - 2014-11-05 11:39 - 00000000 _____ () C:\STF862E.tmp
2014-11-05 02:16 - 2014-11-05 02:16 - 00000000 _____ () C:\STFD145.tmp
2014-11-05 01:58 - 2014-11-05 01:58 - 00000000 _____ () C:\STF1C57.tmp
2014-11-04 23:54 - 2014-11-04 23:54 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-11-04 12:13 - 2014-11-04 12:13 - 00000000 _____ () C:\STF91F.tmp
2014-11-04 11:30 - 2014-11-04 11:30 - 00000000 _____ () C:\STFF521.tmp
2014-11-03 22:39 - 2014-09-05 10:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-03 22:39 - 2014-09-05 09:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-03 22:24 - 2014-11-03 22:24 - 00000000 ____D () C:\Users\KianFoong\AppData\Local\Razer
2014-11-03 22:17 - 2014-11-03 22:17 - 00000000 ____D () C:\Users\KianFoong\AppData\Local\Razer_Inc
2014-11-03 22:04 - 2014-11-03 22:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-11-03 22:00 - 2014-11-03 22:04 - 00064902 _____ () C:\Windows\DPINST.LOG
2014-11-03 22:00 - 2014-11-03 22:00 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzp1endpt_01009.Wdf
2014-11-03 21:56 - 2014-11-03 21:59 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-11-03 21:55 - 2013-10-02 09:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-11-03 21:54 - 2013-10-02 10:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-11-03 21:54 - 2013-10-02 10:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-03 21:54 - 2013-10-02 10:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-03 21:54 - 2013-10-02 09:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-11-03 21:54 - 2013-10-02 09:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-11-03 21:54 - 2013-10-02 09:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-11-03 21:54 - 2013-10-02 08:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-11-03 21:54 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-11-03 21:54 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-11-03 21:54 - 2013-10-02 08:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-11-03 21:54 - 2013-10-02 08:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-11-03 21:54 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-11-03 21:54 - 2013-10-02 07:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-03 21:54 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-11-03 21:54 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-03 04:01 - 2014-11-03 04:01 - 00000426 __RSH () C:\ProgramData\ntuser.pol
2014-11-02 09:59 - 2014-11-02 09:59 - 00000000 ____D () C:\ProgramData\takeitcheap
2014-11-02 09:59 - 2014-11-02 09:59 - 00000000 ____D () C:\ProgramData\beautydeals
2014-11-02 09:59 - 2014-11-02 09:59 - 00000000 ____D () C:\ProgramData\2b2882e763a8f307
2014-11-01 15:38 - 2014-11-08 14:09 - 00008862 _____ () C:\Windows\PFRO.log
2014-10-31 16:29 - 2014-10-31 16:29 - 00007604 _____ () C:\Users\KianFoong\AppData\Local\Resmon.ResmonCfg
2014-10-30 10:18 - 2014-11-10 07:33 - 00009519 _____ () C:\Windows\setupact.log
2014-10-30 10:18 - 2014-10-30 10:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-23 11:46 - 2014-11-05 21:32 - 00000000 ____D () C:\Users\KianFoong\Desktop\Shirohae Project
2014-10-23 09:14 - 2014-10-23 09:14 - 00118945 _____ () C:\Users\KianFoong\Desktop\Baume and Mercier Watch Services Pending Approval Quotations RO  0218428.zip
2014-10-21 05:51 - 2014-10-21 05:51 - 00468261 _____ () C:\Users\KianFoong\Desktop\God Knows.zip
2014-10-19 17:34 - 2014-10-19 17:34 - 00008982 _____ () C:\Users\KianFoong\Desktop\shirohae.gp5
2014-10-16 04:23 - 2014-10-10 10:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 04:23 - 2014-10-10 10:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 04:23 - 2014-10-10 10:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 04:23 - 2014-10-07 10:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 04:23 - 2014-10-07 10:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 04:23 - 2014-09-29 08:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 04:23 - 2014-09-26 06:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 04:23 - 2014-09-26 06:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 04:23 - 2014-09-26 06:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 04:23 - 2014-09-26 06:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 04:23 - 2014-09-26 06:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 04:23 - 2014-09-26 06:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 04:23 - 2014-09-26 06:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 04:23 - 2014-09-19 10:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 04:23 - 2014-09-19 09:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 04:23 - 2014-09-19 09:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 04:23 - 2014-09-19 09:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 04:23 - 2014-09-19 09:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 04:23 - 2014-09-19 09:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 04:23 - 2014-09-19 09:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 04:23 - 2014-09-19 09:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 04:23 - 2014-09-19 09:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 04:23 - 2014-09-19 09:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 04:23 - 2014-09-19 09:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 04:23 - 2014-09-19 09:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 04:23 - 2014-09-19 09:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 04:23 - 2014-09-19 09:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 04:23 - 2014-09-19 09:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 04:23 - 2014-09-19 09:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 04:23 - 2014-09-19 09:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 04:23 - 2014-09-19 09:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 04:23 - 2014-09-19 09:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 04:23 - 2014-09-19 09:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 04:23 - 2014-09-19 09:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 04:23 - 2014-09-19 09:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 04:23 - 2014-09-19 09:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 04:23 - 2014-09-19 09:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 04:23 - 2014-09-19 09:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 04:23 - 2014-09-19 09:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 04:23 - 2014-09-19 08:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 04:23 - 2014-09-19 08:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 04:23 - 2014-09-19 08:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 04:23 - 2014-09-19 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 04:23 - 2014-09-19 08:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 04:23 - 2014-09-19 08:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 04:23 - 2014-09-19 08:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 04:23 - 2014-09-19 08:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 04:23 - 2014-09-19 08:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 04:23 - 2014-09-19 08:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 04:23 - 2014-09-19 08:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 04:23 - 2014-09-19 08:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 04:23 - 2014-09-19 08:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 04:23 - 2014-09-19 08:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 04:23 - 2014-09-19 08:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 04:23 - 2014-09-19 08:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 04:23 - 2014-09-19 08:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 04:23 - 2014-09-19 07:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 04:23 - 2014-09-19 07:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 04:23 - 2014-09-19 07:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 04:23 - 2014-09-19 07:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 04:23 - 2014-09-18 10:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 04:23 - 2014-09-18 09:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 04:23 - 2014-09-13 09:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 04:23 - 2014-09-13 09:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 04:23 - 2014-09-04 13:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 04:23 - 2014-09-04 13:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 04:23 - 2014-07-17 10:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 04:23 - 2014-07-17 10:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 04:23 - 2014-07-17 10:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 04:23 - 2014-07-17 10:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 04:23 - 2014-07-17 10:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 04:23 - 2014-07-17 10:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 04:23 - 2014-07-17 09:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 04:23 - 2014-07-17 09:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 04:23 - 2014-07-17 09:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 04:23 - 2014-07-17 09:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 04:23 - 2014-07-17 09:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 04:23 - 2014-06-19 06:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 04:23 - 2014-06-19 06:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 04:23 - 2014-06-19 06:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 04:23 - 2014-06-19 06:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 04:23 - 2014-06-19 06:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 04:23 - 2014-06-19 06:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-11 23:00 - 2013-02-23 02:10 - 00000000 ____D () C:\Users\KianFoong\AppData\Roaming\Skype
2014-11-11 22:58 - 2013-09-15 19:12 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071986836-1509940244-186786003-1000UA.job
2014-11-11 22:57 - 2013-01-13 22:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-11 22:21 - 2013-02-14 18:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-11 16:57 - 2013-01-13 22:42 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 06:36 - 2013-01-14 07:53 - 02060087 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 04:58 - 2013-09-15 19:12 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071986836-1509940244-186786003-1000Core.job
2014-11-10 08:56 - 2013-02-15 01:22 - 00000000 ____D () C:\Users\KianFoong\AppData\Local\Adobe
2014-11-10 08:43 - 2013-02-10 03:57 - 00000000 ___RD () C:\Users\KianFoong\Dropbox
2014-11-09 20:10 - 2009-07-14 12:45 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-09 20:10 - 2009-07-14 12:45 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-09 20:03 - 2013-02-10 03:30 - 00000000 ____D () C:\Users\KianFoong\AppData\Roaming\Dropbox
2014-11-09 20:01 - 2013-02-05 12:05 - 00000000 ____D () C:\Users\KianFoong\.rainlendar2
2014-11-09 20:00 - 2013-10-10 05:06 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2014-11-09 20:00 - 2013-01-18 21:27 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-09 19:58 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-09 18:08 - 2013-01-13 22:40 - 00000000 ____D () C:\Users\KianFoong\AppData\Roaming\Audacity
2014-11-09 17:17 - 2009-07-14 13:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-09 17:02 - 2013-12-31 07:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-09 12:14 - 2013-12-31 07:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-09 12:13 - 2014-08-06 20:50 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-09 12:13 - 2014-08-06 20:50 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-09 12:13 - 2014-08-06 20:50 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-08 14:09 - 2009-07-14 13:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-08 14:01 - 2014-08-08 06:29 - 00000000 ____D () C:\AdwCleaner
2014-11-07 18:17 - 2013-09-01 00:46 - 00000000 ____D () C:\Users\KianFoong\AppData\Local\Game Dev Tycoon - Steam
2014-11-04 23:54 - 2013-02-14 18:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-04 23:54 - 2013-02-14 18:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-04 23:54 - 2013-02-14 18:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-04 16:54 - 2013-02-14 23:25 - 00000000 ____D () C:\Users\KianFoong\AppData\Roaming\vlc
2014-11-04 04:55 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-11-03 22:26 - 2013-01-13 21:29 - 00065264 _____ () C:\Users\KianFoong\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-03 22:22 - 2009-07-14 11:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-03 22:21 - 2009-07-14 12:45 - 00294848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-03 22:00 - 2014-05-03 06:14 - 00000000 ____D () C:\ProgramData\Razer
2014-11-03 22:00 - 2014-05-03 06:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-11-03 22:00 - 2013-01-13 19:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-03 04:41 - 2014-07-29 03:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-03 04:00 - 2009-07-14 11:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-02 20:19 - 2014-07-09 18:16 - 01107408 _____ () C:\Windows\SysWOW64\Accurate.lic
2014-10-30 00:51 - 2013-01-13 15:55 - 00000000 ____D () C:\Users\KianFoong
2014-10-30 00:49 - 2013-12-25 04:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-30 00:49 - 2009-07-14 15:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-30 00:49 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\registration
2014-10-29 19:17 - 2013-02-23 02:10 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-29 19:17 - 2013-02-23 02:10 - 00000000 ____D () C:\ProgramData\Skype
2014-10-28 06:34 - 2013-01-13 21:36 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 19:55 - 2013-11-30 18:47 - 00000000 ____D () C:\Windows\Minidump
2014-10-22 18:24 - 2013-11-25 17:25 - 00022618 _____ () C:\Windows\system32\lvcoinst.log
2014-10-22 18:23 - 2013-11-25 17:25 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-10-22 17:53 - 2013-07-28 18:51 - 00065588 _____ () C:\Users\KianFoong\AppData\Roaming\Camdata.ini
2014-10-22 17:53 - 2013-07-28 18:51 - 00004512 _____ () C:\Users\KianFoong\AppData\Roaming\CamStudio.cfg
2014-10-22 17:53 - 2013-07-28 18:51 - 00000408 _____ () C:\Users\KianFoong\AppData\Roaming\CamShapes.ini
2014-10-22 17:53 - 2013-07-28 18:51 - 00000408 _____ () C:\Users\KianFoong\AppData\Roaming\CamLayout.ini
2014-10-22 04:53 - 2013-09-15 19:12 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1071986836-1509940244-186786003-1000UA
2014-10-22 04:53 - 2013-09-15 19:12 - 00003510 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1071986836-1509940244-186786003-1000Core
2014-10-19 16:52 - 2013-01-13 22:42 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 16:52 - 2013-01-13 22:42 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 03:28 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 03:08 - 2013-07-14 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 03:00 - 2013-01-13 21:56 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\KianFoong\AppData\Local\Temp\amd64.exe
C:\Users\KianFoong\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj0vycf.dll
C:\Users\KianFoong\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpplxyjk.dll
C:\Users\KianFoong\AppData\Local\Temp\Quarantine.exe
C:\Users\KianFoong\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-05 06:22
 
==================== End Of Log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by KianFoong at 2014-11-11 23:17:37
Running from C:\Users\KianFoong\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\Adobe Photoshop CS5) (Version:  - )
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Agarest: Generations of War (HKLM-x32\...\Steam App 237890) (Version:  - Idea Factory)
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.33 - Atheros Communications Inc.)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB)
beautydeals (HKLM-x32\...\{AED1B7A5-67A5-84A5-B646-E3541CE0BB5F}) (Version:  - "")
BitComet 1.35 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.35 - CometNetwork)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.6.1 - BitRaider, LLC)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Broomstick Bass 1.0.0 (HKLM-x32\...\broomstickbass-1.0.0) (Version:  - )
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID HWMonitor 1.24 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-1071986836-1509940244-186786003-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DUO-CAPTURE Driver (HKLM\...\RolandRDID0116) (Version:  - Roland Corporation)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.1.1.426 - DVDVideoSoft Ltd.)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Garena - League of Legends (HKLM-x32\...\LoL) (Version:  - Garena Online Pte Ltd.)
GnuCash 2.6.3 (HKLM-x32\...\GnuCash_is1) (Version:  - GnuCash Development Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
GunZ 2: The Second Duel (HKLM-x32\...\Steam App 242720) (Version:  - MAIET Entertainment)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{73B1AC18-614F-42CD-A798-4BA214586406}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
La Tale (HKLM-x32\...\{08C5815C-2C6E-44f8-8748-0E61BC9AFB06}) (Version:  - )
La Tale (HKLM-x32\...\Steam App 264360) (Version:  - Actoz Soft)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvel Heroes (HKLM-x32\...\Steam App 226320) (Version:  - Gazillion Entertainment)
Metasploit (HKLM-x32\...\Metasploit 4.9.3) (Version: 4.9.3 - Rapid7)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Music Manager (HKU\S-1-5-21-1071986836-1509940244-186786003-1000\...\MusicManager) (Version:  - Google, Inc.)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher US) (Version: 1.0.0 - OGPlanet, Inc.)
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher) (Version: 1.0.0 - OGPlanet, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - Overkill)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
Ragnarok Online (HKLM-x32\...\{181579B5-0028-4E01-AC27-97ED80352279}) (Version: 14.2.1 - Gravity Interactive, Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.0-1.0.10926.49 - raidcall.com)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.17.22879 - Razer Inc.)
Real Warfare 2: Northern Crusades (HKLM-x32\...\Steam App 202860) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.2.29.0 - Seagate)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version:  - Sega)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 2.00.9387 - SoftEther Project)
SONAR X1 LE (HKLM-x32\...\SONARX1LE_is1) (Version: 18.0 - Cakewalk Music Software)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Streaming Audio Recorder version 3.4.0 (HKLM-x32\...\{B6D9D06B-4B4D-4B41-B963-C056B627F704}_is1) (Version: 3.4.0 - APOWERSOFT LIMITED)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Torchlight (HKLM-x32\...\GOGPACKTORCHLIGHT_is1) (Version: 2.0.0.12 - GOG.com)
Tower Wars (HKLM-x32\...\Steam App 214360) (Version:  - )
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)
TuxGuitar (HKLM-x32\...\{03534DA5-2F88-4B8E-A978-849B979E1B8F}) (Version: 1.2 - Herac)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.10w2 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WmpSkype (HKLM-x32\...\{5ED2987A-56AF-4240-A854-3EF153B27145}) (Version: 1.0.0 - Wakusei)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\KianFoong\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\KianFoong\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
07-11-2014 14:09:03 Windows Update
09-11-2014 04:15:50 Removed Java 8 Update 25
09-11-2014 09:01:40 Removed Java 8 Update 25
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2014-08-17 05:12 - 00000863 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 launcher01.kalypsomedia.com
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02796ED9-E3E1-4A80-BC40-02AD07F59FCD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1071986836-1509940244-186786003-1000Core => C:\Users\KianFoong\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-15] (Google Inc.)
Task: {0F23A625-C9BF-4865-9093-50C85593F9E3} - System32\Tasks\gg_uac_daemon_KianFoong => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2014-04-03] ()
Task: {4AF322A4-481A-484C-91E9-212AC34F8EBD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-13] (Google Inc.)
Task: {4BC817C7-7B15-483A-BC0F-6D6B089C1D0E} - System32\Tasks\KianFoong DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2013-05-30] (Seagate Technology LLC)
Task: {79164E4E-1A81-4118-9C34-3BBBD8CC9828} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1071986836-1509940244-186786003-1000UA => C:\Users\KianFoong\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-15] (Google Inc.)
Task: {9DFD3EF0-9B49-4307-8DF1-1304BB28A859} - System32\Tasks\KianFoong => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30] (Seagate Technology LLC)
Task: {B39C50C4-BE94-4A7C-94E6-76A736DD10DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-04] (Adobe Systems Incorporated)
Task: {DFBD8BEC-C440-4AC8-834F-79D56F2AF781} - System32\Tasks\KianFoong Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\nbcore.exe [2013-05-30] (Seagate Technology LLC)
Task: {F2597683-3E61-4D91-927E-442EA11611BB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {F3DE5B15-5D50-442A-9BCC-90223A333768} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-13] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071986836-1509940244-186786003-1000Core.job => C:\Users\KianFoong\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071986836-1509940244-186786003-1000UA.job => C:\Users\KianFoong\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-22 02:41 - 2013-08-22 02:41 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-09 11:58 - 2014-11-05 02:49 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00049456 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2012-12-29 17:28 - 2012-12-29 17:28 - 02587136 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2014-07-17 23:29 - 2014-06-06 13:22 - 02702848 _____ () D:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe
2014-07-17 23:28 - 2014-04-11 06:47 - 00138752 _____ () D:\metasploit\postgresql\bin\LIBPQ.dll
2014-07-17 23:28 - 2014-06-06 13:47 - 00012800 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00010240 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00014848 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00009216 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00013824 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2014-07-17 23:27 - 2014-06-06 13:47 - 00095744 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00016384 _____ () D:\metasploit\ruby\lib\ruby\gems\1.9.1\extensions\x86-mingw32\1.9.1\win32-service-0.7.2\win32\daemon.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00009216 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\etc.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00033792 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\pathname.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00013824 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\io\console.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00008704 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\digest\sha1.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00016384 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\digest.so
2014-07-17 23:27 - 2014-06-06 13:47 - 00124416 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\socket.so
2014-07-17 23:27 - 2014-06-06 13:47 - 00071680 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\zlib.so
2014-07-17 23:27 - 2014-06-06 13:25 - 00083968 _____ () D:\metasploit\ruby\bin\zlib1.dll
2014-07-17 23:28 - 2014-06-06 13:47 - 00028672 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\stringio.so
2014-07-17 23:27 - 2014-06-06 13:47 - 00200192 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\date_core.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00008192 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2014-07-17 23:27 - 2014-06-06 13:47 - 00287744 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\openssl.so
2014-07-17 23:27 - 2014-06-06 13:47 - 00088576 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\dl.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00016896 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2014-07-17 23:27 - 2014-06-06 13:25 - 00127316 _____ () D:\metasploit\ruby\bin\libffi-6.dll
2014-07-17 23:28 - 2014-06-06 13:47 - 00021504 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\strscan.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00024064 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\psych.so
2014-07-17 23:27 - 2014-06-06 13:25 - 00442898 _____ () D:\metasploit\ruby\bin\libyaml-0-2.dll
2014-07-17 23:27 - 2014-06-06 13:47 - 00097792 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\bigdecimal.so
2014-07-18 00:28 - 2014-07-15 03:26 - 00025600 _____ () D:\metasploit\apps\pro\ui\vendor\bundle\ruby\1.9.1\extensions\x86-mingw32\1.9.1\json-1.8.1\json\ext\parser.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00009216 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00008704 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00008704 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2014-07-18 00:28 - 2014-07-15 03:26 - 00030208 _____ () D:\metasploit\apps\pro\ui\vendor\bundle\ruby\1.9.1\extensions\x86-mingw32\1.9.1\json-1.8.1\json\ext\generator.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00008704 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\digest\md5.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00008704 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\digest\sha2.so
2014-07-18 00:28 - 2014-07-15 03:26 - 00068493 _____ () D:\metasploit\apps\pro\ui\vendor\bundle\ruby\1.9.1\gems\bcrypt-3.1.7-x86-mingw32\lib\1.9\bcrypt_ext.so
2014-07-18 00:28 - 2014-07-15 03:27 - 00049152 _____ () D:\metasploit\apps\pro\ui\vendor\bundle\ruby\1.9.1\bundler\gems\pcaprub-c18d552b3095\lib\pcaprub.so
2014-07-18 00:28 - 2014-07-15 03:26 - 06313319 _____ () D:\metasploit\apps\pro\ui\vendor\bundle\ruby\1.9.1\gems\eventmachine-1.0.3-x86-mingw32\lib\1.9\rubyeventmachine.so
2014-07-18 00:28 - 2014-07-15 03:27 - 00022528 _____ () D:\metasploit\apps\pro\ui\vendor\bundle\ruby\1.9.1\extensions\x86-mingw32\1.9.1\thin-1.5.1\thin_parser.so
2014-07-18 00:28 - 2014-07-15 03:26 - 00033792 _____ () D:\metasploit\apps\pro\ui\vendor\bundle\ruby\1.9.1\extensions\x86-mingw32\1.9.1\network_interface-0.0.1\network_interface_ext.so
2014-07-18 00:28 - 2014-07-15 03:26 - 00126343 _____ () D:\metasploit\apps\pro\ui\vendor\bundle\ruby\1.9.1\gems\msgpack-0.4.7-x86-mingw32\lib\1.9\msgpack.so
2014-07-18 00:28 - 2014-07-15 03:26 - 03506427 _____ () D:\metasploit\apps\pro\ui\vendor\bundle\ruby\1.9.1\gems\nokogiri-1.6.1-x86-mingw32\lib\nokogiri\1.9\nokogiri.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00019456 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\racc\cparse.so
2014-07-18 00:28 - 2014-07-15 03:26 - 01812992 _____ () D:\metasploit\apps\pro\ui\vendor\bundle\ruby\1.9.1\gems\pg-0.16.0-x86-mingw32\lib\1.9\pg_ext.so
2014-07-18 00:28 - 2014-07-15 03:27 - 00726989 _____ () D:\metasploit\apps\pro\ui\vendor\bundle\ruby\1.9.1\gems\sqlite3-1.3.9-x86-mingw32\lib\sqlite3\1.9\sqlite3_native.so
2014-07-18 00:28 - 2014-07-15 03:27 - 00027648 _____ () D:\metasploit\apps\pro\ui\vendor\bundle\ruby\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00044544 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\iconv.so
2014-07-17 23:28 - 2014-06-06 13:47 - 00011776 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\enc\shift_jis.so
2014-07-17 23:27 - 2014-06-06 13:47 - 00131584 _____ () D:\metasploit\ruby\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2014-07-17 23:28 - 2014-04-11 06:47 - 01036800 _____ () D:\metasploit\postgresql\bin\libxml2.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00553776 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2014-08-29 07:21 - 2014-08-22 02:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 07:21 - 2014-08-22 02:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 07:21 - 2014-08-22 02:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-03-12 17:10 - 2014-10-02 07:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 06:41 - 2014-10-22 03:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 07:21 - 2014-08-22 02:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 07:21 - 2014-08-22 02:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-01-18 21:30 - 2014-10-22 03:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-05-17 03:01 - 2012-05-17 03:01 - 00140800 _____ () C:\Program Files (x86)\Rainlendar2\lua52.dll
2012-12-29 17:30 - 2012-12-29 17:30 - 00209408 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2012-06-17 21:22 - 2012-06-17 21:22 - 00012800 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2014-09-04 03:15 - 2014-09-04 03:15 - 10683392 _____ () C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2014-09-04 03:15 - 2014-09-04 03:15 - 07741952 _____ () C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2014-09-04 03:15 - 2014-09-04 03:15 - 02248192 _____ () C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2014-09-04 03:15 - 2014-09-04 03:15 - 01681408 _____ () C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-10-09 06:34 - 2014-10-09 06:34 - 00117248 _____ () C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-10-09 06:34 - 2014-10-09 06:34 - 00231936 _____ () C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-10-09 06:34 - 2014-10-09 06:34 - 00253440 _____ () C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-10-09 06:34 - 2014-10-09 06:34 - 00344064 _____ () C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2014-09-04 03:15 - 2014-09-04 03:15 - 00026624 _____ () C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2014-11-09 20:02 - 2014-11-09 20:02 - 00043008 _____ () c:\Users\KianFoong\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj0vycf.dll
2013-08-24 03:01 - 2013-08-24 03:01 - 25100288 _____ () C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\libcef.dll
2014-10-28 23:58 - 2014-10-22 12:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 23:58 - 2014-10-22 12:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 23:58 - 2014-10-22 12:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 23:58 - 2014-10-22 12:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2013-01-18 21:30 - 2014-09-05 07:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-15 03:22 - 2014-09-05 07:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\KianFoong\Desktop\manalyzer.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^KianFoong^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^KianFoong^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk.Startup
MSCONFIG\startupfolder: C:^Users^KianFoong^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Bdagent => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
MSCONFIG\startupreg: BitComet => "C:\Program Files\BitComet\BitComet.exe" /tray
MSCONFIG\startupreg: DBAgent => "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: Google Update => "C:\Users\KianFoong\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_3E78563A9C7A828FC58D3714FC5622EE => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Uploader => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1071986836-1509940244-186786003-500 - Administrator - Disabled)
Guest (S-1-5-21-1071986836-1509940244-186786003-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1071986836-1509940244-186786003-1002 - Limited - Enabled)
KianFoong (S-1-5-21-1071986836-1509940244-186786003-1000 - Administrator - Enabled) => C:\Users\KianFoong
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/11/2014 09:39:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MAPLESTORY.EXE, version: 7.143.5.0, time stamp: 0x5451899a
Faulting module name: MAPLESTORY.EXE, version: 7.143.5.0, time stamp: 0x5451899a
Exception code: 0x40000015
Fault offset: 0x00e5e943
Faulting process id: 0x4250
Faulting application start time: 0xMAPLESTORY.EXE0
Faulting application path: MAPLESTORY.EXE1
Faulting module path: MAPLESTORY.EXE2
Report Id: MAPLESTORY.EXE3
 
Error: (11/09/2014 08:02:18 PM) (Source: nginx) (EventID: 3299) (User: )
Description: D:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe:
could not open error log file: CreateFile() "logs/error.log" failed (3: The system cannot find the path specified)
        .
 
Error: (11/09/2014 06:39:37 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 6960.  Message ID: [0x2509].
 
Error: (11/09/2014 06:36:31 PM) (Source: nginx) (EventID: 3299) (User: )
Description: D:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe:
could not open error log file: CreateFile() "logs/error.log" failed (3: The system cannot find the path specified)
        .
 
Error: (11/09/2014 06:18:30 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 6124.  Message ID: [0x2509].
 
Error: (11/09/2014 06:16:48 PM) (Source: nginx) (EventID: 3299) (User: )
Description: D:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe:
could not open error log file: CreateFile() "logs/error.log" failed (3: The system cannot find the path specified)
        .
 
Error: (11/09/2014 05:56:12 PM) (Source: nginx) (EventID: 3299) (User: )
Description: D:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe:
could not open error log file: CreateFile() "logs/error.log" failed (3: The system cannot find the path specified)
        .
 
Error: (11/09/2014 05:56:01 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 6092.  Message ID: [0x2509].
 
Error: (11/09/2014 05:48:59 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 1304.  Message ID: [0x2509].
 
Error: (11/09/2014 05:46:57 PM) (Source: nginx) (EventID: 3299) (User: )
Description: D:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe:
could not open error log file: CreateFile() "logs/error.log" failed (3: The system cannot find the path specified)
        .
 
 
System errors:
=============
Error: (11/09/2014 07:59:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
lbmvoc
 
Error: (11/09/2014 06:35:52 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
 
Error: (11/09/2014 06:35:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
lbmvoc
 
Error: (11/09/2014 06:33:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:30:51 PM on ‎11/‎9/‎2014 was unexpected.
 
Error: (11/09/2014 06:15:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
lbmvoc
 
Error: (11/09/2014 06:13:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Skype Click to Call Updater service failed to start due to the following error: 
%%1053
 
Error: (11/09/2014 06:13:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Skype Click to Call Updater service to connect.
 
Error: (11/09/2014 05:55:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
lbmvoc
 
Error: (11/09/2014 05:52:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Skype Click to Call Updater service failed to start due to the following error: 
%%1053
 
Error: (11/09/2014 05:52:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Skype Click to Call Updater service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (11/11/2014 09:39:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MAPLESTORY.EXE7.143.5.05451899aMAPLESTORY.EXE7.143.5.05451899a4000001500e5e943425001cffd695b72bab7C:\Users\KianFoong\Desktop\MapleStorySEA\MAPLESTORY.EXEC:\Users\KianFoong\Desktop\MapleStorySEA\MAPLESTORY.EXE2436cb85-69a8-11e4-8c9a-00acb1075a56
 
Error: (11/09/2014 08:02:18 PM) (Source: nginx) (EventID: 3299) (User: )
Description: D:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe:
could not open error log file: CreateFile() "logs/error.log" failed (3: The system cannot find the path specified)
 
Error: (11/09/2014 06:39:37 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 6960.  Message ID: [0x2509].
 
Error: (11/09/2014 06:36:31 PM) (Source: nginx) (EventID: 3299) (User: )
Description: D:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe:
could not open error log file: CreateFile() "logs/error.log" failed (3: The system cannot find the path specified)
 
Error: (11/09/2014 06:18:30 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 6124.  Message ID: [0x2509].
 
Error: (11/09/2014 06:16:48 PM) (Source: nginx) (EventID: 3299) (User: )
Description: D:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe:
could not open error log file: CreateFile() "logs/error.log" failed (3: The system cannot find the path specified)
 
Error: (11/09/2014 05:56:12 PM) (Source: nginx) (EventID: 3299) (User: )
Description: D:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe:
could not open error log file: CreateFile() "logs/error.log" failed (3: The system cannot find the path specified)
 
Error: (11/09/2014 05:56:01 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 6092.  Message ID: [0x2509].
 
Error: (11/09/2014 05:48:59 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 1304.  Message ID: [0x2509].
 
Error: (11/09/2014 05:46:57 PM) (Source: nginx) (EventID: 3299) (User: )
Description: D:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe:
could not open error log file: CreateFile() "logs/error.log" failed (3: The system cannot find the path specified)
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 59%
Total physical RAM: 8173.2 MB
Available physical RAM: 3301.3 MB
Total Pagefile: 16344.58 MB
Available Pagefile: 9059.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.83 GB) (Free:12.59 GB) NTFS
Drive d: () (Fixed) (Total:193.82 GB) (Free:86.23 GB) NTFS
Drive f: (Local Disk) (Fixed) (Total:931.51 GB) (Free:829.91 GB) NTFS
Drive g: (CROWS) (CDROM) (Total:0.25 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: EC8BDFC6)
Partition 1: (Not Active) - (Size=193.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: 1549F232)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 33207A5D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 Windyy91

Windyy91
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 11 November 2014 - 10:25 AM

As for the second step,

 

An error occurred.

 

"C:\Windows\system32\config\system: The process cannot access the file because it is being used by another process."

 

The program then closes by itself.

 

I did not continue with step 3.


Edited by Windyy91, 11 November 2014 - 10:25 AM.


#6 technonymous

technonymous

  • Members
  • 2,480 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:07 AM

Posted 11 November 2014 - 11:49 AM

Having metasploit framework on your pc probably isn't helping much.



#7 Windyy91

Windyy91
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 11 November 2014 - 11:57 AM

I don't know how to disable it, it is eating up so much memory and so many processes. Do you have any idea how to disable this thing?



#8 Torvald

Torvald

  • Members
  • 366 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX USA
  • Local time:07:07 AM

Posted 11 November 2014 - 02:28 PM

You can try uninstalling Metasploit by going to Control Panel, Programs and Features, selecting Metasploit, and then clicking "uninstall" from the top menu.

 

Your MiniToolBox report shows that you only have 12GB free space left on your C: drive, which is less than the recommended 10-15% free space for Windows to operate normally.  Recommend you clear out unneeded files to free up some space there.  You can start that process by running the Ccleaner program you currently have installed.

 

Also, I may have missed it, but did not see an antivirus program installed on your computer.  You do have one, right?


Google is my friend. Make Google your friend too.


#9 Windyy91

Windyy91
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 11 November 2014 - 03:28 PM

Thanks Torvald ! Deleted Metasploit and freed up some of my disk space.

 

Initially, I intend to use metasploit program to deter virus attacks. It didnt go so well because it is not user-friendly.

 

Besides that, I have Windows Defender running.



#10 Torvald

Torvald

  • Members
  • 366 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX USA
  • Local time:07:07 AM

Posted 11 November 2014 - 05:05 PM

According to Microsoft, if your computer is running the Windows 8 operating system, Windows Defender will help protect you from viruses, spyware, and other malicious software. You don’t need to buy or install anything else.

 

However, if your computer is running Windows 7, Windows Vista, or Windows XP, Windows Defender removes spyware, but to protect yourself from viruses, you’ll need to install antivirus software. You can purchase it from a third party, install the free versions from various vendors, or you can download Microsoft Security Essentials for free.


Edited by Torvald, 11 November 2014 - 05:07 PM.

Google is my friend. Make Google your friend too.


#11 Windyy91

Windyy91
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 12 November 2014 - 10:49 AM

I am running on Windows 7, maybe I will take a look at AVG free version after I solve this issue.

 

Thank you so much for the tips Torvald, I appreciated it much !



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 12 November 2014 - 11:09 AM

@Torvald and technonymous: Don´t post into other user´s topics!

 

@Windyy91: As you´ve applied some changes, please rescan with FRST and post the log.

 

 

Please rescan with FRST (create a new addition.txt as well) and post the logs.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 Windyy91

Windyy91
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 12 November 2014 - 11:40 PM

Rescanned.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by KianFoong (administrator) on KIANFOONG-PC on 13-11-2014 12:37:43
Running from C:\Users\KianFoong\Desktop
Loaded Profile: KianFoong (Available profiles: KianFoong)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(SoftEther Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
(Google Inc.) C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SXMaple) C:\Users\KianFoong\Desktop\MapleStorySEA\Alchemy.exe
(Wizet) C:\Users\KianFoong\Desktop\MapleStorySEA\MapleStory.exe
(NEXON Korea Corporation) C:\Users\KianFoong\Desktop\MapleStorySEA\BlackCipher\BlackCipher.aes
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2014-10-24] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-1071986836-1509940244-186786003-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938624 2014-10-22] (Valve Corporation)
HKU\S-1-5-21-1071986836-1509940244-186786003-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1071986836-1509940244-186786003-1000\...\Run: [Rainlendar2] => C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe [2587136 2012-12-29] ()
HKU\S-1-5-21-1071986836-1509940244-186786003-1000\...\Run: [MusicManager] => C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631360 2014-10-09] (Google Inc.)
HKU\S-1-5-21-1071986836-1509940244-186786003-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1071986836-1509940244-186786003-1000\...\Run: [GoogleChromeAutoLaunch_3E78563A9C7A828FC58D3714FC5622EE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-22] (Google Inc.)
HKU\S-1-5-21-1071986836-1509940244-186786003-1000\...\MountPoints2: F - F:\Setup.exe
Startup: C:\Users\KianFoong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: proxy2.singnet.com.sg:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?rd=1&ucc=SG&dcc=SG&opt=0&ocid=iehp&tc=2
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: beautydeals -> {5299ab05-62ab-4efc-bb43-b3189403c8a8} -> C:\ProgramData\beautydeals\DNZfACMMe3G0oa.x64.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: beautydeals -> {5299ab05-62ab-4efc-bb43-b3189403c8a8} -> C:\ProgramData\beautydeals\DNZfACMMe3G0oa.dll ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: 127.0.0.1 launcher01.kalypsomedia.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\KianFoong\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKU\S-1-5-21-1071986836-1509940244-186786003-1000: @tools.google.com/Google Update;version=3 -> C:\Users\KianFoong\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1071986836-1509940244-186786003-1000: @tools.google.com/Google Update;version=9 -> C:\Users\KianFoong\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://searchou.com/?id=5828c06b000000000000bcaec5e4f564
CHR StartupUrls: Default -> "hxxp://my-snowfield.livejournal.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-13]
CHR Extension: (Google Drive) - C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-13]
CHR Extension: (Google Search) - C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-13]
CHR Extension: (Download Youtube as mp3) - C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default\Extensions\mepapnoaejebkkpkpacihjlfekoggahp [2013-09-13]
CHR Extension: (Tom's Hardware - My Threads) - C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nddbmgcnelmmhlfibkmfnhnfeccaliip [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\KianFoong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [938776 2013-05-13] (BitRaider, LLC)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-08-22] ()
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-05-30] (Seagate Technology LLC)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4308024 2013-10-10] (SoftEther Project at University of Tsukuba, Japan.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-10-09] (Company) [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671000 2014-11-05] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 L6PODLV; C:\Windows\System32\Drivers\L6PODLV64.sys [772864 2013-07-12] (Line 6)
S3 Lycosa; C:\Windows\System32\drivers\Lycosa.sys [20352 2009-09-30] (Razer USA Ltd.)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0108.sys [28768 2013-10-10] (SoftEther Project at University of Tsukuba, Japan.)
R3 RDID1116; C:\Windows\System32\Drivers\rdwm1116.sys [157696 2010-12-01] (Roland Corporation)
R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [40104 2014-09-05] (Razer Inc)
R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [31912 2014-09-05] (Razer Inc)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-02] ()
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
R3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S0 lbmvoc; System32\drivers\yeib.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-13 03:22 - 2014-11-13 03:22 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_KianFoong
2014-11-12 20:16 - 2014-11-06 01:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 20:16 - 2014-11-06 01:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 20:16 - 2014-11-06 01:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 20:16 - 2014-09-19 17:42 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 20:16 - 2014-09-19 17:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 20:16 - 2014-08-21 14:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 20:16 - 2014-08-21 14:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 20:16 - 2014-08-21 14:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 20:16 - 2014-08-21 14:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 20:16 - 2014-08-12 10:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 20:16 - 2014-08-12 09:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 20:15 - 2014-09-19 17:46 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 20:15 - 2014-09-19 17:46 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-11-12 20:15 - 2014-09-19 17:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 20:15 - 2014-09-19 17:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 20:15 - 2014-09-19 17:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 20:15 - 2014-09-19 17:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 20:15 - 2014-09-19 17:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-11-12 20:15 - 2014-09-19 17:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 20:15 - 2014-09-19 17:42 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-11-12 20:15 - 2014-09-19 17:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-11-12 20:15 - 2014-09-19 17:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-11-12 20:15 - 2014-09-19 17:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 20:15 - 2014-09-19 17:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 20:15 - 2014-09-19 17:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 20:15 - 2014-09-19 17:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 20:15 - 2014-09-19 17:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 20:15 - 2014-09-19 17:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 20:15 - 2014-09-19 17:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 20:15 - 2014-09-19 17:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 20:15 - 2014-09-19 17:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 20:15 - 2014-09-19 17:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 20:14 - 2014-10-25 09:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 20:14 - 2014-10-25 09:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 20:14 - 2014-10-18 10:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 20:14 - 2014-10-18 09:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 07:21 - 2014-11-12 07:21 - 04918960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-12 04:33 - 2014-11-12 04:33 - 00000000 _____ () C:\STF22F0.tmp
2014-11-11 23:16 - 2014-11-13 12:37 - 00017377 _____ () C:\Users\KianFoong\Desktop\FRST.txt
2014-11-11 23:16 - 2014-11-13 12:37 - 00000000 ____D () C:\FRST
2014-11-11 23:15 - 2014-11-11 23:15 - 02116096 _____ (Farbar) C:\Users\KianFoong\Desktop\FRST64.exe
2014-11-11 23:15 - 2014-11-11 23:15 - 00380416 _____ () C:\Users\KianFoong\Desktop\95cjdmrb.exe
2014-11-11 23:14 - 2014-11-11 23:15 - 04163057 _____ () C:\Users\KianFoong\Desktop\tdsskiller.zip
2014-11-11 01:19 - 2014-11-11 01:19 - 00000000 _____ () C:\STFB646.tmp
2014-11-10 09:02 - 2014-11-10 09:02 - 00000000 _____ () C:\STF8B9B.tmp
2014-11-10 04:15 - 2014-11-10 04:15 - 00000000 _____ () C:\STF8E05.tmp
2014-11-09 18:59 - 2014-11-09 18:59 - 00000000 ____D () C:\Users\KianFoong\AppData\Local\SXMaple
2014-11-09 18:52 - 2014-11-09 18:57 - 00000000 ____D () C:\Users\KianFoong\Desktop\MapleStorySEA
2014-11-09 17:03 - 2014-11-09 17:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-09 17:03 - 2014-11-09 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-09 12:03 - 2014-11-09 12:03 - 00000000 ____D () C:\Users\KianFoong\AppData\Roaming\WTablet
2014-11-09 11:59 - 2014-11-09 11:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2014-11-09 11:59 - 2014-11-09 11:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_wacomrouterfilter_01009.Wdf
2014-11-09 11:59 - 2014-11-09 11:59 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_wachidrouter_01009.Wdf
2014-11-09 11:59 - 2014-11-09 11:59 - 00000000 ____D () C:\Program Files\TabletPlugins
2014-11-09 11:59 - 2014-11-09 11:59 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2014-11-09 11:59 - 2014-10-07 07:54 - 00015160 _____ (Wacom Technology) C:\Windows\system32\Drivers\wacomrouterfilter.sys
2014-11-09 11:58 - 2014-11-09 11:59 - 00000000 ____D () C:\Program Files\Tablet
2014-11-09 11:58 - 2014-11-05 02:49 - 02029336 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2014-11-09 11:58 - 2014-11-05 02:49 - 01995544 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2014-11-09 11:58 - 2014-11-05 02:49 - 01988888 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2014-11-09 11:58 - 2014-11-05 02:49 - 01863448 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2014-11-09 11:58 - 2014-11-05 02:49 - 01626392 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2014-11-09 11:58 - 2014-11-05 02:49 - 01617176 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
2014-11-09 11:58 - 2014-11-05 02:49 - 01610008 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2014-11-09 11:58 - 2014-11-05 02:49 - 01497368 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2014-11-09 11:58 - 2014-10-07 07:54 - 00100664 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2014-11-09 11:58 - 2014-10-07 07:54 - 00014136 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2014-11-09 11:58 - 2012-12-12 06:12 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wdfcoinstaller01009.dll
2014-11-09 11:30 - 2014-11-09 11:30 - 00000000 _____ () C:\STF684D.tmp
2014-11-09 09:57 - 2014-11-09 09:57 - 00000000 _____ () C:\STF1FF5.tmp
2014-11-09 04:44 - 2014-11-09 04:44 - 00018826 _____ () C:\Users\KianFoong\Desktop\Trainingscalculator.zip
2014-11-09 03:07 - 2014-11-09 03:07 - 00000000 _____ () C:\STFC234.tmp
2014-11-08 19:23 - 2014-11-08 19:23 - 00000000 _____ () C:\STF5E79.tmp
2014-11-08 18:15 - 2014-11-08 18:15 - 00000000 _____ () C:\STFF430.tmp
2014-11-08 16:58 - 2014-11-08 16:58 - 00000000 _____ () C:\STFE2FE.tmp
2014-11-08 15:33 - 2014-11-08 15:33 - 00000000 _____ () C:\STF751F.tmp
2014-11-08 14:54 - 2014-11-06 06:14 - 01706939 _____ (Thisisu) C:\Users\KianFoong\Desktop\JRT_NEW.exe
2014-11-08 14:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-11-08 13:58 - 2014-11-08 13:58 - 01375089 _____ () C:\Users\KianFoong\Desktop\adwcleaner_3.311.exe
2014-11-08 03:22 - 2014-11-08 03:22 - 00000000 _____ () C:\STF7DA7.tmp
2014-11-08 01:19 - 2014-11-08 01:19 - 00000000 _____ () C:\STFD352.tmp
2014-11-08 01:09 - 2014-11-08 01:09 - 00000000 _____ () C:\STF3389.tmp
2014-11-07 23:27 - 2014-11-07 23:27 - 00000000 _____ () C:\STF64E3.tmp
2014-11-07 15:34 - 2014-11-07 15:34 - 00000000 _____ () C:\STFF1A2.tmp
2014-11-07 07:33 - 2014-11-07 07:33 - 00000000 _____ () C:\STF5BDF.tmp
2014-11-06 14:32 - 2014-11-06 14:32 - 00000000 _____ () C:\STF7756.tmp
2014-11-06 13:44 - 2014-11-06 13:44 - 00000000 _____ () C:\STFEF03.tmp
2014-11-06 01:26 - 2014-11-06 01:26 - 00000000 _____ () C:\STF14.tmp
2014-11-05 11:39 - 2014-11-05 11:39 - 00000000 _____ () C:\STF862E.tmp
2014-11-05 02:16 - 2014-11-05 02:16 - 00000000 _____ () C:\STFD145.tmp
2014-11-05 01:58 - 2014-11-05 01:58 - 00000000 _____ () C:\STF1C57.tmp
2014-11-04 23:54 - 2014-11-04 23:54 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-11-04 12:13 - 2014-11-04 12:13 - 00000000 _____ () C:\STF91F.tmp
2014-11-04 11:30 - 2014-11-04 11:30 - 00000000 _____ () C:\STFF521.tmp
2014-11-03 22:39 - 2014-09-05 10:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-03 22:39 - 2014-09-05 09:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-03 22:24 - 2014-11-03 22:24 - 00000000 ____D () C:\Users\KianFoong\AppData\Local\Razer
2014-11-03 22:17 - 2014-11-03 22:17 - 00000000 ____D () C:\Users\KianFoong\AppData\Local\Razer_Inc
2014-11-03 22:04 - 2014-11-03 22:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2014-11-03 22:00 - 2014-11-03 22:04 - 00064902 _____ () C:\Windows\DPINST.LOG
2014-11-03 22:00 - 2014-11-03 22:00 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_rzp1endpt_01009.Wdf
2014-11-03 21:56 - 2014-11-03 21:59 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-11-03 21:55 - 2013-10-02 09:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-11-03 21:54 - 2013-10-02 10:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-11-03 21:54 - 2013-10-02 10:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-03 21:54 - 2013-10-02 10:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-03 21:54 - 2013-10-02 09:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-11-03 21:54 - 2013-10-02 09:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-11-03 21:54 - 2013-10-02 09:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-11-03 21:54 - 2013-10-02 08:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-11-03 21:54 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-11-03 21:54 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-11-03 21:54 - 2013-10-02 08:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-11-03 21:54 - 2013-10-02 08:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-11-03 21:54 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-11-03 21:54 - 2013-10-02 07:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-03 21:54 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-11-03 21:54 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-03 04:01 - 2014-11-03 04:01 - 00000426 __RSH () C:\ProgramData\ntuser.pol
2014-11-02 09:59 - 2014-11-02 09:59 - 00000000 ____D () C:\ProgramData\takeitcheap
2014-11-02 09:59 - 2014-11-02 09:59 - 00000000 ____D () C:\ProgramData\beautydeals
2014-11-02 09:59 - 2014-11-02 09:59 - 00000000 ____D () C:\ProgramData\2b2882e763a8f307
2014-11-01 15:38 - 2014-11-13 00:27 - 00066366 _____ () C:\Windows\PFRO.log
2014-10-31 16:29 - 2014-10-31 16:29 - 00007604 _____ () C:\Users\KianFoong\AppData\Local\Resmon.ResmonCfg
2014-10-30 10:18 - 2014-11-13 03:20 - 00010023 _____ () C:\Windows\setupact.log
2014-10-30 10:18 - 2014-10-30 10:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-23 11:46 - 2014-11-05 21:32 - 00000000 ____D () C:\Users\KianFoong\Desktop\Shirohae Project
2014-10-23 09:14 - 2014-10-23 09:14 - 00118945 _____ () C:\Users\KianFoong\Desktop\Baume and Mercier Watch Services Pending Approval Quotations RO  0218428.zip
2014-10-21 05:51 - 2014-10-21 05:51 - 00468261 _____ () C:\Users\KianFoong\Desktop\God Knows.zip
2014-10-19 17:34 - 2014-10-19 17:34 - 00008982 _____ () C:\Users\KianFoong\Desktop\shirohae.gp5
2014-10-16 04:23 - 2014-10-07 10:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 04:23 - 2014-10-07 10:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 04:23 - 2014-09-29 08:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 04:23 - 2014-09-26 06:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 04:23 - 2014-09-26 06:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 04:23 - 2014-09-26 06:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 04:23 - 2014-09-26 06:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 04:23 - 2014-09-26 06:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 04:23 - 2014-09-26 06:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 04:23 - 2014-09-26 06:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 04:23 - 2014-09-19 10:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 04:23 - 2014-09-19 09:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 04:23 - 2014-09-19 09:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 04:23 - 2014-09-19 09:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 04:23 - 2014-09-19 09:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 04:23 - 2014-09-19 09:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 04:23 - 2014-09-19 09:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 04:23 - 2014-09-19 09:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 04:23 - 2014-09-19 09:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 04:23 - 2014-09-19 09:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 04:23 - 2014-09-19 09:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 04:23 - 2014-09-19 09:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 04:23 - 2014-09-19 09:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 04:23 - 2014-09-19 09:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 04:23 - 2014-09-19 09:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 04:23 - 2014-09-19 09:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 04:23 - 2014-09-19 09:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 04:23 - 2014-09-19 09:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 04:23 - 2014-09-19 09:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 04:23 - 2014-09-19 09:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 04:23 - 2014-09-19 09:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 04:23 - 2014-09-19 09:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 04:23 - 2014-09-19 09:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 04:23 - 2014-09-19 09:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 04:23 - 2014-09-19 09:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 04:23 - 2014-09-19 09:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 04:23 - 2014-09-19 08:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 04:23 - 2014-09-19 08:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 04:23 - 2014-09-19 08:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 04:23 - 2014-09-19 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 04:23 - 2014-09-19 08:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 04:23 - 2014-09-19 08:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 04:23 - 2014-09-19 08:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 04:23 - 2014-09-19 08:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 04:23 - 2014-09-19 08:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 04:23 - 2014-09-19 08:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 04:23 - 2014-09-19 08:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 04:23 - 2014-09-19 08:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 04:23 - 2014-09-19 08:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 04:23 - 2014-09-19 08:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 04:23 - 2014-09-19 08:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 04:23 - 2014-09-19 08:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 04:23 - 2014-09-19 08:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 04:23 - 2014-09-19 07:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 04:23 - 2014-09-19 07:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 04:23 - 2014-09-19 07:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 04:23 - 2014-09-19 07:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 04:23 - 2014-09-18 10:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 04:23 - 2014-09-18 09:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 04:23 - 2014-09-04 13:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 04:23 - 2014-09-04 13:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 04:23 - 2014-07-17 10:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 04:23 - 2014-07-17 10:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 04:23 - 2014-07-17 10:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 04:23 - 2014-07-17 10:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 04:23 - 2014-07-17 09:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 04:23 - 2014-07-17 09:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 04:23 - 2014-07-17 09:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 04:23 - 2014-06-19 06:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 04:23 - 2014-06-19 06:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 04:23 - 2014-06-19 06:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 04:23 - 2014-06-19 06:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 04:23 - 2014-06-19 06:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 04:23 - 2014-06-19 06:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-13 12:23 - 2013-02-23 02:10 - 00000000 ____D () C:\Users\KianFoong\AppData\Roaming\Skype
2014-11-13 12:21 - 2013-02-14 18:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-13 11:58 - 2013-09-15 19:12 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071986836-1509940244-186786003-1000UA.job
2014-11-13 11:57 - 2013-01-13 22:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-13 05:19 - 2013-01-14 07:53 - 01267413 _____ () C:\Windows\WindowsUpdate.log
2014-11-13 04:58 - 2013-09-15 19:12 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071986836-1509940244-186786003-1000Core.job
2014-11-13 04:22 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 03:53 - 2009-07-14 12:45 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-13 03:53 - 2009-07-14 12:45 - 00026144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-13 03:27 - 2013-02-10 03:57 - 00000000 ___RD () C:\Users\KianFoong\Dropbox
2014-11-13 03:26 - 2013-02-10 03:30 - 00000000 ____D () C:\Users\KianFoong\AppData\Roaming\Dropbox
2014-11-13 03:22 - 2013-10-10 05:06 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2014-11-13 03:22 - 2013-02-05 12:05 - 00000000 ____D () C:\Users\KianFoong\.rainlendar2
2014-11-13 03:21 - 2013-01-18 21:27 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-13 03:21 - 2013-01-13 22:42 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-13 03:21 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-13 03:19 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 03:03 - 2013-07-14 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 03:01 - 2013-01-13 21:56 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 07:21 - 2013-02-14 18:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 07:21 - 2013-02-14 18:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 07:21 - 2013-02-14 18:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 04:22 - 2014-07-17 23:28 - 00000000 ____D () C:\Program Files\WinPcap
2014-11-10 08:56 - 2013-02-15 01:22 - 00000000 ____D () C:\Users\KianFoong\AppData\Local\Adobe
2014-11-09 18:08 - 2013-01-13 22:40 - 00000000 ____D () C:\Users\KianFoong\AppData\Roaming\Audacity
2014-11-09 17:17 - 2009-07-14 13:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-09 17:02 - 2013-12-31 07:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-09 12:14 - 2013-12-31 07:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-09 12:13 - 2014-08-06 20:50 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-09 12:13 - 2014-08-06 20:50 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-09 12:13 - 2014-08-06 20:50 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-08 14:09 - 2009-07-14 13:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-08 14:01 - 2014-08-08 06:29 - 00000000 ____D () C:\AdwCleaner
2014-11-07 18:17 - 2013-09-01 00:46 - 00000000 ____D () C:\Users\KianFoong\AppData\Local\Game Dev Tycoon - Steam
2014-11-04 16:54 - 2013-02-14 23:25 - 00000000 ____D () C:\Users\KianFoong\AppData\Roaming\vlc
2014-11-03 22:26 - 2013-01-13 21:29 - 00065264 _____ () C:\Users\KianFoong\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-03 22:22 - 2009-07-14 11:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-03 22:21 - 2009-07-14 12:45 - 00294848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-03 22:00 - 2014-05-03 06:14 - 00000000 ____D () C:\ProgramData\Razer
2014-11-03 22:00 - 2014-05-03 06:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-11-03 22:00 - 2013-01-13 19:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-03 04:41 - 2014-07-29 03:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-03 04:00 - 2009-07-14 11:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-02 20:19 - 2014-07-09 18:16 - 01107408 _____ () C:\Windows\SysWOW64\Accurate.lic
2014-10-30 00:51 - 2013-01-13 15:55 - 00000000 ____D () C:\Users\KianFoong
2014-10-30 00:49 - 2013-12-25 04:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-30 00:49 - 2009-07-14 15:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-30 00:49 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\registration
2014-10-29 19:17 - 2013-02-23 02:10 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-29 19:17 - 2013-02-23 02:10 - 00000000 ____D () C:\ProgramData\Skype
2014-10-28 06:34 - 2013-01-13 21:36 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 19:55 - 2013-11-30 18:47 - 00000000 ____D () C:\Windows\Minidump
2014-10-22 18:24 - 2013-11-25 17:25 - 00022618 _____ () C:\Windows\system32\lvcoinst.log
2014-10-22 18:23 - 2013-11-25 17:25 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-10-22 17:53 - 2013-07-28 18:51 - 00065588 _____ () C:\Users\KianFoong\AppData\Roaming\Camdata.ini
2014-10-22 17:53 - 2013-07-28 18:51 - 00004512 _____ () C:\Users\KianFoong\AppData\Roaming\CamStudio.cfg
2014-10-22 17:53 - 2013-07-28 18:51 - 00000408 _____ () C:\Users\KianFoong\AppData\Roaming\CamShapes.ini
2014-10-22 17:53 - 2013-07-28 18:51 - 00000408 _____ () C:\Users\KianFoong\AppData\Roaming\CamLayout.ini
2014-10-22 04:53 - 2013-09-15 19:12 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1071986836-1509940244-186786003-1000UA
2014-10-22 04:53 - 2013-09-15 19:12 - 00003510 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1071986836-1509940244-186786003-1000Core
2014-10-19 16:52 - 2013-01-13 22:42 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 16:52 - 2013-01-13 22:42 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
Some content of TEMP:
====================
C:\Users\KianFoong\AppData\Local\Temp\amd64.exe
C:\Users\KianFoong\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe7wrub.dll
C:\Users\KianFoong\AppData\Local\Temp\Quarantine.exe
C:\Users\KianFoong\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-05 06:22
 
==================== End Of Log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by KianFoong at 2014-11-13 12:38:14
Running from C:\Users\KianFoong\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\Adobe Photoshop CS5) (Version:  - )
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Agarest: Generations of War (HKLM-x32\...\Steam App 237890) (Version:  - Idea Factory)
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.33 - Atheros Communications Inc.)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB)
beautydeals (HKLM-x32\...\{AED1B7A5-67A5-84A5-B646-E3541CE0BB5F}) (Version:  - "")
BitComet 1.35 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.35 - CometNetwork)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.6.1 - BitRaider, LLC)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Broomstick Bass 1.0.0 (HKLM-x32\...\broomstickbass-1.0.0) (Version:  - )
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID HWMonitor 1.24 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-1071986836-1509940244-186786003-1000\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DUO-CAPTURE Driver (HKLM\...\RolandRDID0116) (Version:  - Roland Corporation)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.1.1.426 - DVDVideoSoft Ltd.)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Garena - League of Legends (HKLM-x32\...\LoL) (Version:  - Garena Online Pte Ltd.)
GnuCash 2.6.3 (HKLM-x32\...\GnuCash_is1) (Version:  - GnuCash Development Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
GunZ 2: The Second Duel (HKLM-x32\...\Steam App 242720) (Version:  - MAIET Entertainment)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{73B1AC18-614F-42CD-A798-4BA214586406}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
La Tale (HKLM-x32\...\{08C5815C-2C6E-44f8-8748-0E61BC9AFB06}) (Version:  - )
La Tale (HKLM-x32\...\Steam App 264360) (Version:  - Actoz Soft)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marvel Heroes (HKLM-x32\...\Steam App 226320) (Version:  - Gazillion Entertainment)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Music Manager (HKU\S-1-5-21-1071986836-1509940244-186786003-1000\...\MusicManager) (Version:  - Google, Inc.)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher US) (Version: 1.0.0 - OGPlanet, Inc.)
OGPlanet Game Launcher (HKLM-x32\...\OGPlanet Game Launcher) (Version: 1.0.0 - OGPlanet, Inc.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - Overkill)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
Ragnarok Online (HKLM-x32\...\{181579B5-0028-4E01-AC27-97ED80352279}) (Version: 14.2.1 - Gravity Interactive, Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.0-1.0.10926.49 - raidcall.com)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.17.22879 - Razer Inc.)
Real Warfare 2: Northern Crusades (HKLM-x32\...\Steam App 202860) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.2.29.0 - Seagate)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version:  - Sega)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 2.00.9387 - SoftEther Project)
SONAR X1 LE (HKLM-x32\...\SONARX1LE_is1) (Version: 18.0 - Cakewalk Music Software)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Streaming Audio Recorder version 3.4.0 (HKLM-x32\...\{B6D9D06B-4B4D-4B41-B963-C056B627F704}_is1) (Version: 3.4.0 - APOWERSOFT LIMITED)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Torchlight (HKLM-x32\...\GOGPACKTORCHLIGHT_is1) (Version: 2.0.0.12 - GOG.com)
Tower Wars (HKLM-x32\...\Steam App 214360) (Version:  - )
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)
TuxGuitar (HKLM-x32\...\{03534DA5-2F88-4B8E-A978-849B979E1B8F}) (Version: 1.2 - Herac)
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.10w2 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WmpSkype (HKLM-x32\...\{5ED2987A-56AF-4240-A854-3EF153B27145}) (Version: 1.0.0 - Wakusei)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\KianFoong\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\KianFoong\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1071986836-1509940244-186786003-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
11-11-2014 22:06:42 Windows Update
12-11-2014 19:00:14 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:34 - 2014-08-17 05:12 - 00000863 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 launcher01.kalypsomedia.com
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02796ED9-E3E1-4A80-BC40-02AD07F59FCD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1071986836-1509940244-186786003-1000Core => C:\Users\KianFoong\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-15] (Google Inc.)
Task: {03C979BB-0468-40E7-AD3B-7CDDE23152E7} - System32\Tasks\gg_uac_daemon_KianFoong => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2014-04-03] ()
Task: {4AF322A4-481A-484C-91E9-212AC34F8EBD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-13] (Google Inc.)
Task: {4BC817C7-7B15-483A-BC0F-6D6B089C1D0E} - System32\Tasks\KianFoong DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2013-05-30] (Seagate Technology LLC)
Task: {79164E4E-1A81-4118-9C34-3BBBD8CC9828} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1071986836-1509940244-186786003-1000UA => C:\Users\KianFoong\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-15] (Google Inc.)
Task: {9DFD3EF0-9B49-4307-8DF1-1304BB28A859} - System32\Tasks\KianFoong => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2013-05-30] (Seagate Technology LLC)
Task: {B39C50C4-BE94-4A7C-94E6-76A736DD10DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {DFBD8BEC-C440-4AC8-834F-79D56F2AF781} - System32\Tasks\KianFoong Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\nbcore.exe [2013-05-30] (Seagate Technology LLC)
Task: {F2597683-3E61-4D91-927E-442EA11611BB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {F3DE5B15-5D50-442A-9BCC-90223A333768} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-13] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071986836-1509940244-186786003-1000Core.job => C:\Users\KianFoong\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1071986836-1509940244-186786003-1000UA.job => C:\Users\KianFoong\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-22 02:41 - 2013-08-22 02:41 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-04-03 16:33 - 2014-04-03 16:33 - 00049456 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2012-12-29 17:28 - 2012-12-29 17:28 - 02587136 _____ () C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
2014-11-09 11:58 - 2014-11-05 02:49 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00553776 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2014-08-29 07:21 - 2014-08-22 02:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 07:21 - 2014-08-22 02:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 07:21 - 2014-08-22 02:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-03-12 17:10 - 2014-10-02 07:16 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 06:41 - 2014-10-22 03:22 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 07:21 - 2014-08-22 02:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 07:21 - 2014-08-22 02:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-01-18 21:30 - 2014-10-22 03:22 - 00682176 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-05-17 03:01 - 2012-05-17 03:01 - 00140800 _____ () C:\Program Files (x86)\Rainlendar2\lua52.dll
2012-12-29 17:30 - 2012-12-29 17:30 - 00209408 _____ () C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
2012-06-17 21:22 - 2012-06-17 21:22 - 00012800 _____ () C:\Program Files (x86)\Rainlendar2\lfs.dll
2014-09-04 03:15 - 2014-09-04 03:15 - 10683392 _____ () C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2014-09-04 03:15 - 2014-09-04 03:15 - 07741952 _____ () C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2014-09-04 03:15 - 2014-09-04 03:15 - 02248192 _____ () C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2014-09-04 03:15 - 2014-09-04 03:15 - 01681408 _____ () C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-10-09 06:34 - 2014-10-09 06:34 - 00117248 _____ () C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-10-09 06:34 - 2014-10-09 06:34 - 00231936 _____ () C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-10-09 06:34 - 2014-10-09 06:34 - 00253440 _____ () C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-10-09 06:34 - 2014-10-09 06:34 - 00344064 _____ () C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2014-09-04 03:15 - 2014-09-04 03:15 - 00026624 _____ () C:\Users\KianFoong\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2014-11-13 03:23 - 2014-11-13 03:23 - 00043008 _____ () c:\Users\KianFoong\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpe7wrub.dll
2013-08-24 03:01 - 2013-08-24 03:01 - 25100288 _____ () C:\Users\KianFoong\AppData\Roaming\Dropbox\bin\libcef.dll
2014-10-28 23:58 - 2014-10-22 12:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 23:58 - 2014-10-22 12:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 23:58 - 2014-10-22 12:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 23:58 - 2014-10-22 12:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2013-01-18 21:30 - 2014-09-05 07:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\KianFoong\Desktop\manalyzer.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^KianFoong^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^KianFoong^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 2050 J510 series.lnk.Startup
MSCONFIG\startupfolder: C:^Users^KianFoong^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Bdagent => C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
MSCONFIG\startupreg: BitComet => "C:\Program Files\BitComet\BitComet.exe" /tray
MSCONFIG\startupreg: DBAgent => "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: Google Update => "C:\Users\KianFoong\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_3E78563A9C7A828FC58D3714FC5622EE => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Uploader => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1071986836-1509940244-186786003-500 - Administrator - Disabled)
Guest (S-1-5-21-1071986836-1509940244-186786003-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1071986836-1509940244-186786003-1002 - Limited - Enabled)
KianFoong (S-1-5-21-1071986836-1509940244-186786003-1000 - Administrator - Enabled) => C:\Users\KianFoong
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/13/2014 00:24:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program dota.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 3d70
 
Start Time: 01cffe924943583d
 
Termination Time: 187
 
Application Path: F:\SteamLibrary\steamapps\common\dota 2 beta\dota.exe
 
Report Id: 67b5cb58-6a88-11e4-babf-00acb1075a56
 
Error: (11/12/2014 05:39:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fm.exe, version: 14.3.0.15373, time stamp: 0x530f00dd
Faulting module name: fm.exe, version: 14.3.0.15373, time stamp: 0x530f00dd
Exception code: 0xc0000005
Fault offset: 0x0063212a
Faulting process id: 0x968
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report Id: fm.exe3
 
Error: (11/12/2014 04:22:36 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: pg_ctl: service "metasploitPostgreSQL" not registered
 
Error: (11/12/2014 02:39:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MAPLESTORY.EXE, version: 7.143.5.0, time stamp: 0x5451899a
Faulting module name: MAPLESTORY.EXE, version: 7.143.5.0, time stamp: 0x5451899a
Exception code: 0xc0000005
Fault offset: 0x004854a2
Faulting process id: 0x14d0
Faulting application start time: 0xMAPLESTORY.EXE0
Faulting application path: MAPLESTORY.EXE1
Faulting module path: MAPLESTORY.EXE2
Report Id: MAPLESTORY.EXE3
 
Error: (11/11/2014 11:44:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 95cjdmrb.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: 95cjdmrb.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x1688
Faulting application start time: 0x95cjdmrb.exe0
Faulting application path: 95cjdmrb.exe1
Faulting module path: 95cjdmrb.exe2
Report Id: 95cjdmrb.exe3
 
Error: (11/11/2014 11:41:54 PM) (Source: nginx) (EventID: 3299) (User: )
Description: D:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe:
could not open error log file: CreateFile() "logs/error.log" failed (3: The system cannot find the path specified)
        .
 
Error: (11/11/2014 11:25:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 95cjdmrb.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: 95cjdmrb.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x280c
Faulting application start time: 0x95cjdmrb.exe0
Faulting application path: 95cjdmrb.exe1
Faulting module path: 95cjdmrb.exe2
Report Id: 95cjdmrb.exe3
 
Error: (11/11/2014 11:20:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 95cjdmrb.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: 95cjdmrb.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x4074
Faulting application start time: 0x95cjdmrb.exe0
Faulting application path: 95cjdmrb.exe1
Faulting module path: 95cjdmrb.exe2
Report Id: 95cjdmrb.exe3
 
Error: (11/11/2014 11:20:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 95cjdmrb.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: 95cjdmrb.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x3aa0
Faulting application start time: 0x95cjdmrb.exe0
Faulting application path: 95cjdmrb.exe1
Faulting module path: 95cjdmrb.exe2
Report Id: 95cjdmrb.exe3
 
Error: (11/11/2014 11:19:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 95cjdmrb.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: 95cjdmrb.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x844
Faulting application start time: 0x95cjdmrb.exe0
Faulting application path: 95cjdmrb.exe1
Faulting module path: 95cjdmrb.exe2
Report Id: 95cjdmrb.exe3
 
 
System errors:
=============
Error: (11/13/2014 03:27:12 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (11/13/2014 03:22:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (11/13/2014 03:22:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (11/13/2014 03:22:22 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (11/13/2014 03:21:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
lbmvoc
 
Error: (11/13/2014 02:18:34 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (11/13/2014 00:34:07 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (11/13/2014 00:28:32 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
lbmvoc
 
Error: (11/13/2014 00:27:55 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:26:02 AM on ‎11/‎13/‎2014 was unexpected.
 
Error: (11/12/2014 06:29:40 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
 
 
Microsoft Office Sessions:
=========================
Error: (11/13/2014 00:24:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: dota.exe0.0.0.03d7001cffe924943583d187F:\SteamLibrary\steamapps\common\dota 2 beta\dota.exe67b5cb58-6a88-11e4-babf-00acb1075a56
 
Error: (11/12/2014 05:39:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: fm.exe14.3.0.15373530f00ddfm.exe14.3.0.15373530f00ddc00000050063212a96801cffdee1c9b3e24D:\FM2014\Football Manager 2014\fm.exeD:\FM2014\Football Manager 2014\fm.exe2559a08a-69eb-11e4-babf-00acb1075a56
 
Error: (11/12/2014 04:22:36 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: pg_ctl: service "metasploitPostgreSQL" not registered
 
Error: (11/12/2014 02:39:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MAPLESTORY.EXE7.143.5.05451899aMAPLESTORY.EXE7.143.5.05451899ac0000005004854a214d001cffdcc5e6d5a77C:\Users\KianFoong\Desktop\MapleStorySEA\MAPLESTORY.EXEC:\Users\KianFoong\Desktop\MapleStorySEA\MAPLESTORY.EXE1fa598dd-69d2-11e4-babf-00acb1075a56
 
Error: (11/11/2014 11:44:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 95cjdmrb.exe2.1.19357.052e7ea8395cjdmrb.exe2.1.19357.052e7ea83c0000005000011aa168801cffdc65b82967bC:\Users\KianFoong\Desktop\95cjdmrb.exeC:\Users\KianFoong\Desktop\95cjdmrb.exeaf225d4c-69b9-11e4-babf-00acb1075a56
 
Error: (11/11/2014 11:41:54 PM) (Source: nginx) (EventID: 3299) (User: )
Description: D:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe:
could not open error log file: CreateFile() "logs/error.log" failed (3: The system cannot find the path specified)
 
Error: (11/11/2014 11:25:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 95cjdmrb.exe2.1.19357.052e7ea8395cjdmrb.exe2.1.19357.052e7ea83c0000005000011aa280c01cffdc380a9120fC:\Users\KianFoong\Desktop\95cjdmrb.exeC:\Users\KianFoong\Desktop\95cjdmrb.exeed325cd1-69b6-11e4-8c9a-00acb1075a56
 
Error: (11/11/2014 11:20:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 95cjdmrb.exe2.1.19357.052e7ea8395cjdmrb.exe2.1.19357.052e7ea83c0000005000011aa407401cffdc31075cf1cC:\Users\KianFoong\Desktop\95cjdmrb.exeC:\Users\KianFoong\Desktop\95cjdmrb.exe56c25549-69b6-11e4-8c9a-00acb1075a56
 
Error: (11/11/2014 11:20:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 95cjdmrb.exe2.1.19357.052e7ea8395cjdmrb.exe2.1.19357.052e7ea83c0000005000011aa3aa001cffdc2f800c50eC:\Users\KianFoong\Desktop\95cjdmrb.exeC:\Users\KianFoong\Desktop\95cjdmrb.exe3ccd0e3c-69b6-11e4-8c9a-00acb1075a56
 
Error: (11/11/2014 11:19:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 95cjdmrb.exe2.1.19357.052e7ea8395cjdmrb.exe2.1.19357.052e7ea83c0000005000011aa84401cffdc2e7d484afC:\Users\KianFoong\Desktop\95cjdmrb.exeC:\Users\KianFoong\Desktop\95cjdmrb.exe31832e4b-69b6-11e4-8c9a-00acb1075a56
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 37%
Total physical RAM: 8173.2 MB
Available physical RAM: 5138.52 MB
Total Pagefile: 16344.58 MB
Available Pagefile: 12221.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.83 GB) (Free:14 GB) NTFS
Drive d: () (Fixed) (Total:193.82 GB) (Free:87.02 GB) NTFS
Drive f: (Local Disk) (Fixed) (Total:931.51 GB) (Free:829.19 GB) NTFS
Drive g: (CROWS) (CDROM) (Total:0.25 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: EC8BDFC6)
Partition 1: (Not Active) - (Size=193.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 149.1 GB) (Disk ID: 1549F232)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 33207A5D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 PM

Posted 13 November 2014 - 10:13 AM

I strongly recommend NOT to trust Windows Defender and Microsoft Security Essentials due to their poor detection ratios.

I´ll provide some information about other free tools when we´ve finished.

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Windyy91

Windyy91
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 13 November 2014 - 11:57 AM

fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2014
Ran by KianFoong at 2014-11-14 00:12:32 Run:1
Running from C:\Users\KianFoong\Desktop
Loaded Profile: KianFoong (Available profiles: KianFoong)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
AlternateDataStreams: C:\Users\KianFoong\Desktop\manalyzer.exe:BDU
127.0.0.1 launcher01.kalypsomedia.com
 
2014-10-22 18:24 - 2013-11-25 17:25 - 00022618 _____ () C:\Windows\system32\lvcoinst.log
2014-10-22 18:23 - 2013-11-25 17:25 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-11-02 09:59 - 2014-11-02 09:59 - 00000000 ____D () C:\ProgramData\takeitcheap
2014-11-02 09:59 - 2014-11-02 09:59 - 00000000 ____D () C:\ProgramData\beautydeals
2014-11-02 09:59 - 2014-11-02 09:59 - 00000000 ____D () C:\ProgramData\2b2882e763a8f307
2014-11-04 12:13 - 2014-11-04 12:13 - 00000000 _____ () C:\STF91F.tmp
2014-11-04 11:30 - 2014-11-04 11:30 - 00000000 _____ () C:\STFF521.tmp
2014-11-08 03:22 - 2014-11-08 03:22 - 00000000 _____ () C:\STF7DA7.tmp
2014-11-08 01:19 - 2014-11-08 01:19 - 00000000 _____ () C:\STFD352.tmp
2014-11-08 01:09 - 2014-11-08 01:09 - 00000000 _____ () C:\STF3389.tmp
2014-11-07 23:27 - 2014-11-07 23:27 - 00000000 _____ () C:\STF64E3.tmp
2014-11-07 15:34 - 2014-11-07 15:34 - 00000000 _____ () C:\STFF1A2.tmp
2014-11-07 07:33 - 2014-11-07 07:33 - 00000000 _____ () C:\STF5BDF.tmp
2014-11-06 14:32 - 2014-11-06 14:32 - 00000000 _____ () C:\STF7756.tmp
2014-11-06 13:44 - 2014-11-06 13:44 - 00000000 _____ () C:\STFEF03.tmp
2014-11-06 01:26 - 2014-11-06 01:26 - 00000000 _____ () C:\STF14.tmp
2014-11-05 11:39 - 2014-11-05 11:39 - 00000000 _____ () C:\STF862E.tmp
2014-11-05 02:16 - 2014-11-05 02:16 - 00000000 _____ () C:\STFD145.tmp
2014-11-05 01:58 - 2014-11-05 01:58 - 00000000 _____ () C:\STF1C57.tmp
2014-11-09 03:07 - 2014-11-09 03:07 - 00000000 _____ () C:\STFC234.tmp
2014-11-08 19:23 - 2014-11-08 19:23 - 00000000 _____ () C:\STF5E79.tmp
2014-11-08 18:15 - 2014-11-08 18:15 - 00000000 _____ () C:\STFF430.tmp
2014-11-08 16:58 - 2014-11-08 16:58 - 00000000 _____ () C:\STFE2FE.tmp
2014-11-08 15:33 - 2014-11-08 15:33 - 00000000 _____ () C:\STF751F.tmp
2014-11-09 11:30 - 2014-11-09 11:30 - 00000000 _____ () C:\STF684D.tmp
2014-11-09 09:57 - 2014-11-09 09:57 - 00000000 _____ () C:\STF1FF5.tmp
2014-11-11 01:19 - 2014-11-11 01:19 - 00000000 _____ () C:\STFB646.tmp
2014-11-10 09:02 - 2014-11-10 09:02 - 00000000 _____ () C:\STF8B9B.tmp
2014-11-10 04:15 - 2014-11-10 04:15 - 00000000 _____ () C:\STF8E05.tmp
2014-11-12 04:33 - 2014-11-12 04:33 - 00000000 _____ () C:\STF22F0.tmp
C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
C:\ProgramData\beautydeals
 
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
BHO-x32: beautydeals -> {5299ab05-62ab-4efc-bb43-b3189403c8a8} -> C:\ProgramData\beautydeals\DNZfACMMe3G0oa.dll ()
BHO: beautydeals -> {5299ab05-62ab-4efc-bb43-b3189403c8a8} -> C:\ProgramData\beautydeals\DNZfACMMe3G0oa.x64.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
S0 lbmvoc; System32\drivers\yeib.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
 
EmptyTemp:
*****************
 
C:\Users\KianFoong\Desktop\manalyzer.exe => ":BDU" ADS removed successfully.
127.0.0.1 launcher01.kalypsomedia.com => Error: No automatic fix found for this entry.
C:\Windows\system32\lvcoinst.log => Moved successfully.
C:\Windows\system32\Drivers\lvuvc.hs => Moved successfully.
C:\ProgramData\takeitcheap => Moved successfully.
C:\ProgramData\beautydeals => Moved successfully.
C:\ProgramData\2b2882e763a8f307 => Moved successfully.
C:\STF91F.tmp => Moved successfully.
C:\STFF521.tmp => Moved successfully.
C:\STF7DA7.tmp => Moved successfully.
C:\STFD352.tmp => Moved successfully.
C:\STF3389.tmp => Moved successfully.
C:\STF64E3.tmp => Moved successfully.
C:\STFF1A2.tmp => Moved successfully.
C:\STF5BDF.tmp => Moved successfully.
C:\STF7756.tmp => Moved successfully.
C:\STFEF03.tmp => Moved successfully.
C:\STF14.tmp => Moved successfully.
C:\STF862E.tmp => Moved successfully.
C:\STFD145.tmp => Moved successfully.
C:\STF1C57.tmp => Moved successfully.
C:\STFC234.tmp => Moved successfully.
C:\STF5E79.tmp => Moved successfully.
C:\STFF430.tmp => Moved successfully.
C:\STFE2FE.tmp => Moved successfully.
C:\STF751F.tmp => Moved successfully.
C:\STF684D.tmp => Moved successfully.
C:\STF1FF5.tmp => Moved successfully.
C:\STFB646.tmp => Moved successfully.
C:\STF8B9B.tmp => Moved successfully.
C:\STF8E05.tmp => Moved successfully.
C:\STF22F0.tmp => Moved successfully.
C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll => Moved successfully.
"C:\ProgramData\beautydeals" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5299ab05-62ab-4efc-bb43-b3189403c8a8}" => Key not found.
"HKCR\Wow6432Node\CLSID\{5299ab05-62ab-4efc-bb43-b3189403c8a8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5299ab05-62ab-4efc-bb43-b3189403c8a8}" => Key not found.
"HKCR\CLSID\{5299ab05-62ab-4efc-bb43-b3189403c8a8}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
lbmvoc => Service deleted successfully.
X6va011 => Service deleted successfully.
X6va015 => Service deleted successfully.
X6va021 => Service deleted successfully.
EmptyTemp: => Removed 1 GB temporary data.
 
 
The system needed a reboot. 
 

 

==== End of Fixlog ====
 
Malwarebytes Antimalware
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/14/2014
Scan Time: 12:41:10 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.13.06
Rootkit Database: v2014.11.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: KianFoong
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325761
Time Elapsed: 11 min, 26 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users