Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help please!


  • This topic is locked This topic is locked
8 replies to this topic

#1 Taolan

Taolan

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 23 November 2014 - 05:31 PM

Everytime I turn on my PC before I open anything I get a chrome popup window with a bunch of ads and it's in Russian. Also whenever I open normal pages, half the time whenever I click anywhere I get a popup for another window, usually a Russian one with some bad spam.
I was about to give up and just re-install... even my antivirus doesn't detect anything...
My scan from FRST is below. what advice can you give me?
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Taolan01 (administrator) on TAOLAN on 23-11-2014 17:23:49
Running from C:\Users\Taolan01\Desktop\malware
Loaded Profile: Taolan01 (Available profiles: Taolan01)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Google Inc.) C:\Users\Taolan01\AppData\Local\Google\Update\GoogleUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\...\Run: [Google Update] => C:\Users\Taolan01\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-05] (Google Inc.)
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-21] (Valve Corporation)
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\...\Run: [Spotify Web Helper] => C:\Users\Taolan01\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-28] (Spotify Ltd)
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\...\Run: [AceStream] => C:\Users\Taolan01\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-13] ()
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\...\Run: [CMD] => cmd.exe /c start http://adverttraff.org && exit <===== ATTENTION
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\...\MountPoints2: {09c7846b-9285-11e3-8261-24fd521f9c2d} - "F:\setup.exe"
Startup: C:\Users\Taolan01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Taolan01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=282369&fr=spigot-yhp-ie
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD79944002C21CF01
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKU\S-1-5-21-4118273251-1091692796-4070430108-1001 -> DefaultScope {344CDFA3-3084-49C1-9230-73F70F75B7F7} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4118273251-1091692796-4070430108-1001 -> {344CDFA3-3084-49C1-9230-73F70F75B7F7} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: fastncheap -> {6b957ddc-45d9-4fe0-8ffc-0791a881301a} -> C:\ProgramData\fastncheap\Ss6D6cakNtnXQj.x64.dll ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: fastncheap -> {6b957ddc-45d9-4fe0-8ffc-0791a881301a} -> C:\ProgramData\fastncheap\Ss6D6cakNtnXQj.dll ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Taolan01\AppData\Roaming\Mozilla\Firefox\Profiles\v54ccyxr.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=
FF Homepage: https://search.yahoo.com/?type=282369&fr=spigot-yhp-ff
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-4118273251-1091692796-4070430108-1001: @acestream.net/acestreamplugin,version=2.2.5-next -> C:\Users\Taolan01\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-4118273251-1091692796-4070430108-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Taolan01\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-4118273251-1091692796-4070430108-1001: @talk.google.com/O1DPlugin -> C:\Users\Taolan01\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-4118273251-1091692796-4070430108-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Taolan01\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4118273251-1091692796-4070430108-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Taolan01\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4118273251-1091692796-4070430108-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Taolan01\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Taolan01\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Taolan01\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Taolan01\AppData\Roaming\Mozilla\Firefox\Profiles\v54ccyxr.default\searchplugins\yahoo_ff.xml
FF HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\Taolan01\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\Taolan01\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2014-06-26]

Chrome:
=======
CHR HomePage: Default -> https://search.yahoo.com/?type=282369&fr=spigot-yhp-ch
CHR Profile: C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Africa) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\afoojfkkgppaceckklbflieagpfijcoi [2014-02-04]
CHR Extension: (Google Docs) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-04]
CHR Extension: (Google Drive) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-04]
CHR Extension: (Google Cast) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-25]
CHR Extension: (Google Search) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-04]
CHR Extension: (Hola Better Internet) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-02-04]
CHR Extension: (Crackle) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-02-04]
CHR Extension: (Poppit!) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-02-04]
CHR Extension: (LocalChromecast Player) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmladpigjlinmngadjgfogblnmddndcp [2014-06-17]
CHR Extension: (Google Wallet) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR Extension: (Gmail) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-04]

==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations) [File not signed]
R2 fa6789c5; c:\Program Files (x86)\VideoCnv\Zet.dll [3752448 2014-11-01] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-09-13] (Company) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-04-04] (Disc Soft Ltd)
R1 dvdfabio; C:\Windows\system32\drivers\dvdfabio.sys [9976 2013-11-06] (Fengtao Software Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2014-05-19] (Razer Inc)
S3 SaiK0CFA; C:\Windows\system32\DRIVERS\SaiK0CFA.sys [180544 2012-09-20] (Saitek)
S3 SaiU0CFA; C:\Windows\System32\drivers\SaiU0CFA.sys [47168 2012-09-20] (Saitek)
S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R3 vdrive; C:\Windows\system32\DRIVERS\vdrive.sys [45544 2012-11-13] (Fengtao Software Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-23 17:23 - 2014-11-23 17:23 - 00000000 ____D () C:\FRST
2014-11-23 17:22 - 2014-11-23 17:23 - 00000000 ____D () C:\Users\Taolan01\Desktop\malware
2014-11-23 17:16 - 2014-11-23 17:16 - 00000000 ____D () C:\Users\Taolan01\AppData\Roaming\Oracle
2014-11-23 16:53 - 2014-11-23 16:53 - 00000000 __SHD () C:\Users\Taolan01\AppData\Local\EmieBrowserModeList
2014-11-23 16:15 - 2014-11-23 16:15 - 00000000 ____D () C:\Windows\LastGood
2014-11-23 16:15 - 2014-10-03 14:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-23 16:15 - 2014-10-03 14:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-17 12:00 - 2014-11-17 12:00 - 00000004 _____ () C:\Users\Taolan01\AppData\Roaming\appdataFr2.bin
2014-11-16 07:54 - 2014-11-16 08:39 - 00000000 ____D () C:\Users\Taolan01\Desktop\LG G2 backup all files
2014-11-15 14:48 - 2014-11-16 16:49 - 00000000 ____D () C:\Users\Taolan01\Downloads\Jennifers Body UNRATED (2009)
2014-11-13 06:15 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-13 06:15 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-13 06:15 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-13 06:15 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-13 06:15 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-11-13 06:15 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-13 06:15 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-13 06:15 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-13 06:15 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-11-13 06:15 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-13 06:15 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-13 06:15 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-13 06:15 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-13 06:15 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-13 06:15 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-13 06:15 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-13 06:15 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 06:15 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 06:15 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-13 06:15 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 06:15 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 06:15 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 06:15 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-13 06:15 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-13 06:15 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 06:15 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 06:15 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-13 06:15 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-13 06:15 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-13 06:15 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-13 06:15 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-11-13 06:15 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 06:15 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 06:15 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-13 06:15 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-13 06:15 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 06:15 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-13 06:15 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-13 06:15 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-13 06:15 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-13 06:15 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-13 06:15 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 06:15 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-11-13 06:15 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 06:15 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-13 06:15 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-13 06:15 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-11-13 06:15 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-13 06:15 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-13 06:15 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2014-11-13 06:15 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2014-11-13 06:14 - 2014-11-23 16:22 - 00004960 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for TAOLAN-Taolan01 Taolan
2014-11-13 06:14 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 06:14 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-11-13 06:14 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-13 06:14 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-11-13 06:14 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-11-13 06:14 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-13 06:14 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 06:14 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-13 06:14 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 06:14 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 06:14 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 06:14 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-11-13 06:14 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 06:14 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 06:14 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 06:14 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-11-13 06:14 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 06:14 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2014-11-13 06:14 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-13 06:14 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 06:14 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 06:14 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 06:14 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 06:14 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-11-13 06:14 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 06:14 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 06:14 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-13 06:14 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-11-13 06:14 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-11-13 06:14 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 06:14 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 06:14 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-13 06:14 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-11-13 06:14 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 06:14 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-11-13 06:14 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-11-13 06:14 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-11-13 06:14 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 06:14 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 06:14 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 06:14 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 06:14 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 06:14 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 06:14 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-13 06:14 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 06:14 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-11-13 06:14 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 06:14 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-11-13 06:14 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-13 06:14 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-11-13 06:14 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-11-13 06:14 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-13 06:14 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 06:14 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-13 06:14 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 06:14 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-11-13 06:14 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 06:14 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 06:14 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 06:14 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 06:14 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 06:14 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 06:14 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-13 06:14 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 06:14 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2014-11-13 06:14 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-13 06:14 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 06:14 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 06:14 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-11-13 06:14 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 06:14 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 06:14 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-11-13 06:14 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-13 06:14 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-11-13 06:14 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 06:14 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-13 06:14 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 06:14 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-11-13 06:14 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 06:14 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-11-13 06:14 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 06:14 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-11-13 06:14 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-11-13 06:14 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 06:14 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 06:14 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 06:14 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 06:14 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-13 06:14 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-11-13 06:14 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 06:14 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 06:14 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 06:13 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 06:13 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 06:13 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 06:13 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 06:13 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 06:13 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-13 06:13 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 06:13 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 06:13 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 06:13 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 06:13 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 06:13 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-13 06:13 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 06:13 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-11-13 06:13 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-13 06:13 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-13 06:13 - 2014-09-07 17:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-13 06:13 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-13 06:13 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-13 06:13 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-11-13 06:13 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-11-13 06:13 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-11-13 06:13 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-11-13 06:13 - 2014-08-30 19:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-11-13 06:13 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-13 06:13 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-13 06:13 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-13 06:13 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-13 06:13 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-11-13 06:13 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-13 06:13 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-11-13 06:13 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-13 06:13 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-13 06:13 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-13 06:13 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 06:13 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-13 06:13 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-13 06:13 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 06:13 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-11-13 06:13 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-11-13 06:13 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 31891784 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 24555208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 20923712 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 17259848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 14031448 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 13943904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 13207184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-10 14:29 - 2014-11-03 19:04 - 11397208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 11335408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 04289168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 04009672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 02849736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434465.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434465.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 00962704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 00922256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 00898192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 00870624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 00833864 _____ () C:\Windows\system32\nvmcumd.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 00391824 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 00349504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-10 14:29 - 2014-11-03 19:04 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-09 23:32 - 2014-11-10 07:09 - 00000000 ____D () C:\Users\Taolan01\Downloads\Tomcats 720p BRrip_sujaidr
2014-11-09 23:23 - 2014-11-10 07:09 - 00000000 ____D () C:\Users\Taolan01\Downloads\Left.Behind.2014.HDRip.XviD.MP3-RARBG
2014-11-05 07:43 - 2014-11-03 19:04 - 18514080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-05 07:43 - 2014-10-29 23:53 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434460.dll
2014-11-05 07:43 - 2014-10-29 23:53 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434460.dll
2014-11-03 18:50 - 2014-11-05 14:29 - 00000000 ____D () C:\Users\Taolan01\Downloads\The.Sims.4-RELOADED[rarbg]
2014-11-01 23:31 - 2014-11-01 23:31 - 00000000 ____D () C:\Users\Taolan01\AppData\Roaming\fullflush
2014-11-01 23:21 - 2014-11-01 23:21 - 00002051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Full Flush Poker 8.2.lnk
2014-11-01 23:21 - 2014-11-01 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Flush Poker 8.2
2014-11-01 23:21 - 2014-11-01 23:21 - 00000000 ____D () C:\Program Files (x86)\Full Flush Poker 8.2
2014-11-01 23:18 - 2014-11-01 23:21 - 20581976 _____ (Full Flush Poker) C:\Users\Taolan01\Downloads\FullFlushPokerSetup.exe
2014-11-01 23:05 - 2014-11-01 23:06 - 00000000 ____D () C:\Users\Taolan01\Downloads\Games
2014-11-01 17:26 - 2014-11-01 17:26 - 00000000 ____D () C:\ProgramData\takeitcheap
2014-11-01 17:26 - 2014-11-01 17:26 - 00000000 ____D () C:\ProgramData\fastncheap
2014-11-01 17:26 - 2014-11-01 17:26 - 00000000 ____D () C:\ProgramData\d589878c6092e5b3
2014-11-01 17:05 - 2014-11-01 17:05 - 00000000 ____D () C:\Program Files (x86)\VideoCnv

==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-23 17:17 - 2014-04-15 19:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-23 17:10 - 2014-02-04 22:36 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-23 17:09 - 2014-02-05 13:31 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4118273251-1091692796-4070430108-1001UA.job
2014-11-23 17:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2014-11-23 16:57 - 2014-04-04 18:59 - 00000000 ____D () C:\Users\Taolan01\AppData\Local\CrashDumps
2014-11-23 16:38 - 2014-01-27 13:50 - 01118583 _____ () C:\Windows\WindowsUpdate.log
2014-11-23 16:20 - 2014-02-03 17:07 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4118273251-1091692796-4070430108-1001
2014-11-23 16:15 - 2013-08-22 09:46 - 00039788 _____ () C:\Windows\setupact.log
2014-11-23 16:03 - 2014-07-16 07:04 - 00003754 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-11-23 16:03 - 2014-02-04 21:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-23 16:01 - 2014-10-05 17:59 - 00000000 ____D () C:\Users\Taolan01\OneDrive
2014-11-23 16:01 - 2014-02-04 22:36 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-23 16:01 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-17 21:08 - 2013-09-09 17:10 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-17 20:09 - 2014-02-05 13:31 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4118273251-1091692796-4070430108-1001Core.job
2014-11-16 22:37 - 2014-04-04 12:30 - 00000000 ____D () C:\Users\Taolan01\AppData\Roaming\vlc
2014-11-16 14:40 - 2014-09-28 21:16 - 00000000 ____D () C:\Users\Taolan01\Downloads\Movies
2014-11-16 14:40 - 2014-02-16 20:15 - 00000000 ____D () C:\Users\Taolan01\Desktop\unused desktop icons
2014-11-16 09:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2014-11-15 23:27 - 2014-02-16 18:59 - 00000000 ____D () C:\Users\Taolan01\AppData\Roaming\uTorrent
2014-11-15 14:13 - 2014-06-21 22:42 - 00000000 ____D () C:\Users\Taolan01\AppData\Local\Apps\2.0
2014-11-15 13:54 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-15 13:54 - 2013-08-22 09:44 - 00480000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 07:15 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-14 07:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData
2014-11-14 07:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-11-14 07:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 07:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 07:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-14 07:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-14 07:12 - 2014-02-04 22:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-14 07:10 - 2014-02-04 22:21 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 06:21 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-13 06:17 - 2014-04-15 19:22 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-10 14:30 - 2014-01-27 13:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-06 12:06 - 2014-06-26 13:00 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-11-06 12:06 - 2014-06-26 13:00 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-11-06 12:06 - 2014-02-04 18:37 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-11-06 12:06 - 2014-02-04 18:37 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-11-03 19:04 - 2014-02-04 18:35 - 16884632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-03 19:04 - 2014-01-27 13:59 - 20985544 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-03 19:04 - 2014-01-27 13:59 - 03238040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-03 19:04 - 2014-01-27 13:59 - 00987520 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-11-03 19:04 - 2014-01-27 13:59 - 00027094 _____ () C:\Windows\system32\nvinfo.pb
2014-11-03 17:02 - 2014-10-23 16:39 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-03 17:02 - 2014-01-27 13:59 - 06882448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-03 17:02 - 2014-01-27 13:59 - 03531464 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-03 17:02 - 2014-01-27 13:59 - 00935232 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-03 17:02 - 2014-01-27 13:59 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-03 17:02 - 2014-01-27 13:59 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-03 08:31 - 2014-02-11 22:36 - 00000000 ____D () C:\Users\Taolan01\AppData\Local\Battle.net
2014-11-03 08:27 - 2014-02-11 11:35 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-11-03 08:25 - 2014-09-07 14:13 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Beta
2014-11-03 08:24 - 2014-06-21 19:51 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-11-03 08:22 - 2014-02-13 17:16 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-11-03 08:21 - 2014-02-11 22:36 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-03 06:58 - 2014-01-27 13:59 - 04099264 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-01 23:06 - 2014-02-07 21:35 - 00086528 ___SH () C:\Users\Taolan01\Downloads\Thumbs.db
2014-11-01 22:52 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-01 13:11 - 2014-02-04 22:36 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-01 13:09 - 2014-03-23 02:45 - 00000000 ____D () C:\Users\Taolan01\AppData\Roaming\Mozilla
2014-11-01 13:05 - 2014-02-04 22:36 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-01 13:05 - 2014-02-04 22:36 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-30 06:25 - 2014-02-04 22:20 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 19:55 - 2013-08-22 10:38 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-29 19:55 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Taolan01\AppData\Local\Temp\bitool.dll
C:\Users\Taolan01\AppData\Local\Temp\DVDFabVirtualDrive1500.exe
C:\Users\Taolan01\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Taolan01\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Taolan01\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Taolan01\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Taolan01\AppData\Local\Temp\lowproc.exe
C:\Users\Taolan01\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\Taolan01\AppData\Local\Temp\npp.6.6.9.Installer.exe
C:\Users\Taolan01\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Taolan01\AppData\Local\Temp\nvStInst.exe
C:\Users\Taolan01\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Taolan01\AppData\Local\Temp\ose00000.exe
C:\Users\Taolan01\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\Taolan01\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Taolan01\AppData\Local\Temp\sfareca00001.dll
C:\Users\Taolan01\AppData\Local\Temp\sfextra.dll
C:\Users\Taolan01\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Taolan01\AppData\Local\Temp\stubhelper.dll
C:\Users\Taolan01\AppData\Local\Temp\Uninstall.exe
C:\Users\Taolan01\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Taolan01\AppData\Local\Temp\_is9577.exe

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-09 23:50
==================== End Of Log ============================

Edited by Budapest, 23 November 2014 - 05:39 PM.
Moved from Win8 ~Budapest


BC AdBot (Login to Remove)

 


#2 Taolan

Taolan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 28 November 2014 - 07:48 AM

bump. is anyone able to assist?



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 PM

Posted 28 November 2014 - 05:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/557415 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Taolan

Taolan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 29 November 2014 - 09:16 AM

this is a screenshot of what i see when i turn my pc on.

http://imgur.com/S2zeWy5

I just downloaded and tried to run DDS but it says it's not designed to run in compatibility mode and shuts down.i'm running windows 8.1 and i don't have the original cd, but might be able to get it.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 29 November 2014 - 09:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#6 Taolan

Taolan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 01 December 2014 - 07:05 AM

Thanks, here is the ADWcleaner log;

# AdwCleaner v4.103 - Report created 01/12/2014 at 06:50:14
# Updated 01/12/2014 by Xplode
# Database : 2014-12-01.2 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Taolan01 - TAOLAN
# Running from : C:\Users\Taolan01\Downloads\adwcleaner_4.103 (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\d589878c6092e5b3
Folder Deleted : C:\Program Files (x86)\VideoCnv
Folder Deleted : C:\Users\Taolan01\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
Folder Deleted : C:\Users\Taolan01\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
File Deleted : C:\Users\Taolan01\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
File Deleted : C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
File Deleted : C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [magicplayer@torrentstream.org]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\kpckgflgdapkpabemgkielbefdildaio
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [cmd]
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[v54ccyxr.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxps://search.yahoo.com/?type=282369&fr=spigot-yhp-ff");
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
 
-\\ Opera v0.0.0.0
 
[C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\Taolan01\AppData\Roaming\Opera Software\Opera Stable\preferences] - Deleted [Extension] : mfhnkgpdlogbknkhlgdjlejeljbhflim
 
*************************
 
AdwCleaner[R0].txt - [4908 octets] - [01/12/2014 06:47:31]
AdwCleaner[S0].txt - [5242 octets] - [01/12/2014 06:50:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5302 octets] ##########
 
 
 
Here is the FRST log;
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
Ran by Taolan01 (administrator) on TAOLAN on 01-12-2014 07:01:02
Running from C:\Users\Taolan01\Downloads
Loaded Profile: Taolan01 (Available profiles: Taolan01)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Users\Taolan01\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\...\Run: [Google Update] => C:\Users\Taolan01\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-05] (Google Inc.)
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1940160 2014-11-25] (Valve Corporation)
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\...\Run: [Spotify Web Helper] => C:\Users\Taolan01\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-28] (Spotify Ltd)
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\...\Run: [AceStream] => C:\Users\Taolan01\AppData\Roaming\ACEStream\engine\ace_engine.exe [27904 2014-09-13] ()
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\...\MountPoints2: {09c7846b-9285-11e3-8261-24fd521f9c2d} - "F:\setup.exe" 
Startup: C:\Users\Taolan01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Taolan01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD79944002C21CF01
HKU\S-1-5-21-4118273251-1091692796-4070430108-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKU\S-1-5-21-4118273251-1091692796-4070430108-1001 -> DefaultScope {344CDFA3-3084-49C1-9230-73F70F75B7F7} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4118273251-1091692796-4070430108-1001 -> {344CDFA3-3084-49C1-9230-73F70F75B7F7} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: fastncheap -> {6b957ddc-45d9-4fe0-8ffc-0791a881301a} -> C:\ProgramData\fastncheap\Ss6D6cakNtnXQj.x64.dll ()
BHO: dealsmarket -> {70a24cb3-84ad-4ef0-bbb7-388df177b789} -> C:\ProgramData\dealsmarket\OQmbMOIhdXi6fi.x64.dll ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: fastncheap -> {6b957ddc-45d9-4fe0-8ffc-0791a881301a} -> C:\ProgramData\fastncheap\Ss6D6cakNtnXQj.dll ()
BHO-x32: dealsmarket -> {70a24cb3-84ad-4ef0-bbb7-388df177b789} -> C:\ProgramData\dealsmarket\OQmbMOIhdXi6fi.dll ()
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Taolan01\AppData\Roaming\Mozilla\Firefox\Profiles\v54ccyxr.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-4118273251-1091692796-4070430108-1001: @acestream.net/acestreamplugin,version=2.2.5-next -> C:\Users\Taolan01\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-4118273251-1091692796-4070430108-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Taolan01\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-4118273251-1091692796-4070430108-1001: @talk.google.com/O1DPlugin -> C:\Users\Taolan01\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-4118273251-1091692796-4070430108-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Taolan01\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4118273251-1091692796-4070430108-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Taolan01\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4118273251-1091692796-4070430108-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Taolan01\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Taolan01\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Taolan01\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Taolan01\AppData\Roaming\Mozilla\Firefox\Profiles\v54ccyxr.default\searchplugins\yahoo_ff.xml
 
Chrome: 
=======
CHR Profile: C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Africa) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\afoojfkkgppaceckklbflieagpfijcoi [2014-02-04]
CHR Extension: (Google Docs) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-04]
CHR Extension: (Google Drive) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-04]
CHR Extension: (Google Cast) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-25]
CHR Extension: (Google Search) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-04]
CHR Extension: (Crackle) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-02-04]
CHR Extension: (Poppit!) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-02-04]
CHR Extension: (LocalChromecast Player) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmladpigjlinmngadjgfogblnmddndcp [2014-06-17]
CHR Extension: (Google Wallet) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
CHR Extension: (Gmail) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-09-13] (Company) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 fa6789c5; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\VideoCnv\Zet.dll",serv
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-04-04] (Disc Soft Ltd)
R1 dvdfabio; C:\Windows\system32\drivers\dvdfabio.sys [9976 2013-11-06] (Fengtao Software Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2014-11-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2014-05-19] (Razer Inc)
S3 SaiK0CFA; C:\Windows\system32\DRIVERS\SaiK0CFA.sys [180544 2012-09-20] (Saitek)
S3 SaiU0CFA; C:\Windows\System32\drivers\SaiU0CFA.sys [47168 2012-09-20] (Saitek)
S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R3 vdrive; C:\Windows\system32\DRIVERS\vdrive.sys [45544 2012-11-13] (Fengtao Software Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-01 07:01 - 2014-12-01 07:01 - 00020230 _____ () C:\Users\Taolan01\Downloads\FRST.txt
2014-12-01 07:00 - 2014-12-01 07:00 - 02117120 _____ (Farbar) C:\Users\Taolan01\Downloads\FRST64.exe
2014-12-01 06:47 - 2014-12-01 06:47 - 02154496 _____ () C:\Users\Taolan01\Downloads\adwcleaner_4.103 (1).exe
2014-11-29 10:30 - 2014-12-01 06:50 - 00000000 ____D () C:\AdwCleaner
2014-11-29 10:29 - 2014-11-29 10:29 - 02148864 _____ () C:\Users\Taolan01\Downloads\Unconfirmed 477023.crdownload
2014-11-29 10:29 - 2014-11-29 10:29 - 02148864 _____ () C:\Users\Taolan01\Downloads\Unconfirmed 380368.crdownload
2014-11-29 09:01 - 2014-11-29 09:01 - 00688992 _____ (Swearware) C:\Users\Taolan01\Downloads\dds.com
2014-11-26 08:39 - 2014-11-26 08:39 - 00000000 ____D () C:\Users\Taolan01\AppData\Roaming\NVIDIA
2014-11-26 08:37 - 2014-11-26 08:37 - 00001066 _____ () C:\Users\Taolan01\Desktop\EVGA OC Scanner X.lnk
2014-11-26 08:37 - 2014-11-26 08:37 - 00000000 ____D () C:\Program Files\EVGA
2014-11-26 08:36 - 2014-11-26 08:36 - 18447363 _____ () C:\Users\Taolan01\Downloads\ocscannerx.zip
2014-11-26 08:27 - 2014-11-17 17:18 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-11-26 08:27 - 2014-11-17 17:18 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 31893136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 24557712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 14032984 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 13944952 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 13213512 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-26 08:27 - 2014-11-12 19:20 - 11397744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 11336432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 04292416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 04011208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 02874456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434475.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 01540424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434475.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 00964928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 00923792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 00900928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 00834880 _____ () C:\Windows\system32\nvmcumd.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 00500880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 00418112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 00100496 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2014-11-26 08:27 - 2014-11-12 19:20 - 00039056 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2014-11-26 08:26 - 2014-11-26 08:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVGA
2014-11-26 08:26 - 2014-11-26 08:26 - 00002747 _____ () C:\Users\Public\Desktop\EVGA PrecisionX 16.lnk
2014-11-26 08:26 - 2014-11-26 08:26 - 00000000 ____D () C:\Program Files (x86)\EVGA
2014-11-26 08:22 - 2014-11-26 08:23 - 12544562 _____ () C:\Users\Taolan01\Downloads\EVGA_PrecisionX_16_Setup_v5.2.6.0.zip
2014-11-25 21:02 - 2014-11-26 08:26 - 00000000 ____D () C:\Program Files (x86)\EVGA Precision X
2014-11-25 21:02 - 2014-11-25 21:02 - 00001104 _____ () C:\Users\Taolan01\Desktop\EVGA Precision X.lnk
2014-11-25 21:02 - 2014-11-25 21:02 - 00000000 ____D () C:\Users\Taolan01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2014-11-25 21:02 - 2014-11-25 21:02 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2014-11-25 21:01 - 2014-11-06 12:06 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-11-25 21:01 - 2014-11-06 12:06 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-11-25 21:01 - 2014-10-03 14:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-25 21:01 - 2014-10-03 14:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-25 20:55 - 2014-11-06 12:06 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-11-25 20:55 - 2014-11-06 12:06 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-11-25 20:54 - 2014-11-25 20:56 - 00000000 ____D () C:\Users\Taolan01\AppData\Local\NVIDIA
2014-11-25 20:54 - 2014-11-25 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-25 20:54 - 2014-11-12 16:56 - 06897352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-25 20:54 - 2014-11-12 16:56 - 03534152 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-25 20:54 - 2014-11-12 16:56 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-25 20:54 - 2014-11-12 16:56 - 00934032 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-25 20:54 - 2014-11-12 16:56 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-25 20:54 - 2014-11-12 16:56 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-25 20:54 - 2014-11-11 05:29 - 04100776 _____ () C:\Windows\system32\nvcoproc.bin
2014-11-25 20:53 - 2014-11-17 17:18 - 01538880 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-11-25 20:53 - 2014-11-12 19:20 - 20986592 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-25 20:53 - 2014-11-12 19:20 - 18514616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-25 20:53 - 2014-11-12 19:20 - 16884632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-25 20:53 - 2014-11-12 19:20 - 03262784 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-25 20:53 - 2014-11-12 19:20 - 00989056 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-11-25 20:53 - 2014-11-12 19:20 - 00871648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-25 20:53 - 2014-11-12 19:20 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-25 20:53 - 2014-11-12 19:20 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-25 20:53 - 2014-11-12 19:20 - 00027094 _____ () C:\Windows\system32\nvinfo.pb
2014-11-25 20:53 - 2013-12-17 18:00 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433217.dll
2014-11-25 20:53 - 2013-12-17 18:00 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433217.dll
2014-11-25 20:46 - 2014-11-25 20:46 - 08388608 _____ () C:\Users\Taolan01\Documents\First 11-25-14.bin
2014-11-25 20:45 - 2014-11-25 20:45 - 00000000 ____D () C:\Users\Taolan01\Documents\BIOS Saves
2014-11-25 20:44 - 2014-11-25 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE
2014-11-25 20:43 - 2014-11-25 20:51 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-11-25 20:41 - 2014-11-25 20:41 - 00000000 ____D () C:\ProgramData\crazydeal
2014-11-25 20:40 - 2014-11-25 20:40 - 00000000 ____D () C:\ProgramData\dealsmarket
2014-11-25 20:40 - 2014-02-05 00:48 - 00000018 _____ () C:\Users\Taolan01\Downloads\autoexec.bat
2014-11-25 20:40 - 2014-01-20 07:00 - 08388608 _____ () C:\Users\Taolan01\Downloads\Z87HD3.F7
2014-11-25 20:40 - 2012-09-26 01:14 - 00059836 _____ () C:\Users\Taolan01\Downloads\Efiflash.exe
2014-11-25 20:39 - 2014-11-25 20:39 - 06278738 _____ (Igor Pavlov) C:\Users\Taolan01\Downloads\mb_bios_ga-z87-hd3_f7.exe
2014-11-25 20:38 - 2014-11-25 20:38 - 05420413 _____ (Igor Pavlov) C:\Users\Taolan01\Downloads\mb_utility_atbios_x79.exe
2014-11-25 20:38 - 2013-09-04 01:49 - 00000000 ____D () C:\Users\Taolan01\Downloads\atBIOS
2014-11-25 20:28 - 2014-11-25 20:28 - 00000885 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2014-11-25 20:28 - 2014-11-25 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2014-11-25 20:28 - 2014-11-25 20:28 - 00000000 ____D () C:\Program Files\CPUID
2014-11-25 20:27 - 2014-11-25 20:27 - 01577512 _____ ( ) C:\Users\Taolan01\Downloads\cpu-z_1.71-setup-en.exe
2014-11-23 21:03 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-23 21:03 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-23 21:03 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-23 21:03 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-23 17:23 - 2014-12-01 07:01 - 00000000 ____D () C:\FRST
2014-11-23 17:22 - 2014-11-23 17:24 - 00000000 ____D () C:\Users\Taolan01\Desktop\malware
2014-11-23 17:16 - 2014-11-23 17:16 - 00000000 ____D () C:\Users\Taolan01\AppData\Roaming\Oracle
2014-11-23 16:53 - 2014-11-23 16:53 - 00000000 __SHD () C:\Users\Taolan01\AppData\Local\EmieBrowserModeList
2014-11-16 07:54 - 2014-11-16 08:39 - 00000000 ____D () C:\Users\Taolan01\Desktop\LG G2 backup all files
2014-11-15 14:48 - 2014-11-16 16:49 - 00000000 ____D () C:\Users\Taolan01\Downloads\Jennifers Body UNRATED (2009)
2014-11-13 06:15 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-13 06:15 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-13 06:15 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-13 06:15 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-13 06:15 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-11-13 06:15 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-13 06:15 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-13 06:15 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-13 06:15 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-11-13 06:15 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-13 06:15 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-13 06:15 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-13 06:15 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-13 06:15 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-13 06:15 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-13 06:15 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-13 06:15 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 06:15 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 06:15 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-13 06:15 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 06:15 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 06:15 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 06:15 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-13 06:15 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-13 06:15 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 06:15 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 06:15 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-13 06:15 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-13 06:15 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-13 06:15 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-13 06:15 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-11-13 06:15 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 06:15 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 06:15 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-13 06:15 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-13 06:15 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 06:15 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-13 06:15 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-13 06:15 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-13 06:15 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-13 06:15 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-13 06:15 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 06:15 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-11-13 06:15 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 06:15 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-13 06:15 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-13 06:15 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-11-13 06:15 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-13 06:15 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-13 06:15 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2014-11-13 06:15 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2014-11-13 06:14 - 2014-12-01 06:52 - 00004962 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for TAOLAN-Taolan01 Taolan
2014-11-13 06:14 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 06:14 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-11-13 06:14 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-13 06:14 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-11-13 06:14 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-11-13 06:14 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-13 06:14 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 06:14 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-13 06:14 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 06:14 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 06:14 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 06:14 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-11-13 06:14 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 06:14 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 06:14 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 06:14 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-11-13 06:14 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 06:14 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2014-11-13 06:14 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-13 06:14 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 06:14 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 06:14 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 06:14 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 06:14 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-11-13 06:14 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 06:14 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 06:14 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-13 06:14 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-11-13 06:14 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-11-13 06:14 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 06:14 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 06:14 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-13 06:14 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-11-13 06:14 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 06:14 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-11-13 06:14 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-11-13 06:14 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-11-13 06:14 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 06:14 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 06:14 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 06:14 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 06:14 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 06:14 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 06:14 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-13 06:14 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 06:14 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-11-13 06:14 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 06:14 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-11-13 06:14 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-13 06:14 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-11-13 06:14 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-11-13 06:14 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-13 06:14 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 06:14 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-13 06:14 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 06:14 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-11-13 06:14 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 06:14 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 06:14 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 06:14 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 06:14 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 06:14 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 06:14 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-13 06:14 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 06:14 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2014-11-13 06:14 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-13 06:14 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 06:14 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 06:14 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-11-13 06:14 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 06:14 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 06:14 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-11-13 06:14 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-13 06:14 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-11-13 06:14 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 06:14 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-13 06:14 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 06:14 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-11-13 06:14 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 06:14 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-11-13 06:14 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 06:14 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-11-13 06:14 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-11-13 06:14 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 06:14 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 06:14 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 06:14 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 06:14 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-13 06:14 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-11-13 06:14 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 06:14 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 06:14 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 06:13 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 06:13 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 06:13 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 06:13 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 06:13 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 06:13 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-13 06:13 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 06:13 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 06:13 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 06:13 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 06:13 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 06:13 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-13 06:13 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 06:13 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-11-13 06:13 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-13 06:13 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-13 06:13 - 2014-09-07 17:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-13 06:13 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-13 06:13 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-13 06:13 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-11-13 06:13 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-11-13 06:13 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-11-13 06:13 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-11-13 06:13 - 2014-08-30 19:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-11-13 06:13 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-13 06:13 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-13 06:13 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-13 06:13 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-13 06:13 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-11-13 06:13 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-13 06:13 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-11-13 06:13 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-13 06:13 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-13 06:13 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-13 06:13 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 06:13 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-13 06:13 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-13 06:13 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 06:13 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-11-13 06:13 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-11-13 06:13 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-11-09 23:23 - 2014-11-10 07:09 - 00000000 ____D () C:\Users\Taolan01\Downloads\Left.Behind.2014.HDRip.XviD.MP3-RARBG
2014-11-03 18:50 - 2014-11-05 14:29 - 00000000 ____D () C:\Users\Taolan01\Downloads\The.Sims.4-RELOADED[rarbg]
2014-11-01 23:31 - 2014-11-01 23:31 - 00000000 ____D () C:\Users\Taolan01\AppData\Roaming\fullflush
2014-11-01 23:21 - 2014-11-01 23:21 - 00002051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Full Flush Poker 8.2.lnk
2014-11-01 23:21 - 2014-11-01 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Flush Poker 8.2
2014-11-01 23:21 - 2014-11-01 23:21 - 00000000 ____D () C:\Program Files (x86)\Full Flush Poker 8.2
2014-11-01 23:18 - 2014-11-01 23:21 - 20581976 _____ (Full Flush Poker) C:\Users\Taolan01\Downloads\FullFlushPokerSetup.exe
2014-11-01 23:05 - 2014-11-01 23:06 - 00000000 ____D () C:\Users\Taolan01\Downloads\Games
2014-11-01 17:26 - 2014-11-01 17:26 - 00000000 ____D () C:\ProgramData\takeitcheap
2014-11-01 17:26 - 2014-11-01 17:26 - 00000000 ____D () C:\ProgramData\fastncheap
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-01 07:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-01 06:58 - 2013-09-09 17:10 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-01 06:52 - 2014-10-05 17:59 - 00000000 ___RD () C:\Users\Taolan01\OneDrive
2014-12-01 06:52 - 2014-07-16 07:04 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-12-01 06:52 - 2014-02-04 21:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-01 06:52 - 2014-01-27 13:50 - 01488595 _____ () C:\Windows\WindowsUpdate.log
2014-12-01 06:51 - 2014-02-04 22:36 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-01 06:51 - 2013-09-09 17:08 - 00029772 _____ () C:\Windows\PFRO.log
2014-12-01 06:51 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-01 06:50 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-30 18:17 - 2014-04-15 19:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-30 18:10 - 2014-02-04 22:36 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 18:09 - 2014-02-05 13:31 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4118273251-1091692796-4070430108-1001UA.job
2014-11-29 20:09 - 2014-02-05 13:31 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4118273251-1091692796-4070430108-1001Core.job
2014-11-29 09:07 - 2014-02-09 21:15 - 00121344 ___SH () C:\Users\Taolan01\Desktop\Thumbs.db
2014-11-27 21:50 - 2014-02-03 17:07 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4118273251-1091692796-4070430108-1001
2014-11-26 16:32 - 2014-08-09 20:54 - 00000000 ____D () C:\Users\Taolan01\Downloads\Spartacus War Of The Damned Season 3 Complete 480P Bzingaz
2014-11-26 16:32 - 2014-02-07 21:35 - 00091136 ___SH () C:\Users\Taolan01\Downloads\Thumbs.db
2014-11-26 13:34 - 2014-02-05 12:54 - 00000000 ____D () C:\Users\Taolan01\AppData\Roaming\Skype
2014-11-26 10:08 - 2014-10-12 15:23 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-26 10:08 - 2014-02-05 12:54 - 00000000 ____D () C:\ProgramData\Skype
2014-11-26 08:55 - 2014-02-28 07:42 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-11-26 08:31 - 2014-02-04 18:38 - 00000000 ____D () C:\Users\Taolan01\AppData\Local\NVIDIA Corporation
2014-11-26 08:28 - 2014-01-27 13:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-26 08:28 - 2013-08-22 09:46 - 00040715 _____ () C:\Windows\setupact.log
2014-11-26 08:27 - 2014-02-04 19:08 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-11-26 08:27 - 2014-02-04 19:08 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-11-26 08:27 - 2014-01-27 13:59 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-26 08:18 - 2014-04-15 19:22 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 21:01 - 2014-01-27 13:59 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-25 21:01 - 2013-09-27 12:57 - 00137244 _____ () C:\Windows\DirectX.log
2014-11-25 21:01 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-25 20:56 - 2014-01-27 13:59 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-11-25 20:54 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Help
2014-11-25 20:44 - 2014-02-03 20:57 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE
2014-11-25 20:44 - 2013-09-27 12:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-25 20:42 - 2014-09-28 21:16 - 00000000 ____D () C:\Users\Taolan01\Downloads\Movies
2014-11-25 20:21 - 2014-02-04 19:07 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2014-11-25 20:00 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-23 21:07 - 2014-02-11 22:36 - 00000000 ____D () C:\Users\Taolan01\AppData\Local\Battle.net
2014-11-23 16:57 - 2014-04-04 18:59 - 00000000 ____D () C:\Users\Taolan01\AppData\Local\CrashDumps
2014-11-20 15:51 - 2013-08-22 10:38 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-20 15:51 - 2013-08-22 10:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-16 22:37 - 2014-04-04 12:30 - 00000000 ____D () C:\Users\Taolan01\AppData\Roaming\vlc
2014-11-16 14:40 - 2014-02-16 20:15 - 00000000 ____D () C:\Users\Taolan01\Desktop\unused desktop icons
2014-11-16 09:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2014-11-15 23:27 - 2014-02-16 18:59 - 00000000 ____D () C:\Users\Taolan01\AppData\Roaming\uTorrent
2014-11-15 14:13 - 2014-06-21 22:42 - 00000000 ____D () C:\Users\Taolan01\AppData\Local\Apps\2.0
2014-11-15 13:54 - 2013-08-22 09:44 - 00480000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 07:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData
2014-11-14 07:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-11-14 07:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 07:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 07:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-14 07:13 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-14 07:12 - 2014-02-04 22:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-14 07:10 - 2014-02-04 22:21 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-03 08:27 - 2014-02-11 11:35 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-11-03 08:25 - 2014-09-07 14:13 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft Beta
2014-11-03 08:24 - 2014-06-21 19:51 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-11-03 08:22 - 2014-02-13 17:16 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-11-03 08:21 - 2014-02-11 22:36 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-01 22:52 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-01 13:11 - 2014-02-04 22:36 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-01 13:09 - 2014-03-23 02:45 - 00000000 ____D () C:\Users\Taolan01\AppData\Roaming\Mozilla
2014-11-01 13:05 - 2014-02-04 22:36 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-01 13:05 - 2014-02-04 22:36 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
Some content of TEMP:
====================
C:\Users\Taolan01\AppData\Local\Temp\bitool.dll
C:\Users\Taolan01\AppData\Local\Temp\DVDFabVirtualDrive1500.exe
C:\Users\Taolan01\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Taolan01\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Taolan01\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Taolan01\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Taolan01\AppData\Local\Temp\lowproc.exe
C:\Users\Taolan01\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\Taolan01\AppData\Local\Temp\npp.6.6.9.Installer.exe
C:\Users\Taolan01\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Taolan01\AppData\Local\Temp\nvStInst.exe
C:\Users\Taolan01\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Taolan01\AppData\Local\Temp\ose00000.exe
C:\Users\Taolan01\AppData\Local\Temp\Quarantine.exe
C:\Users\Taolan01\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\Taolan01\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Taolan01\AppData\Local\Temp\sfareca00001.dll
C:\Users\Taolan01\AppData\Local\Temp\sfextra.dll
C:\Users\Taolan01\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Taolan01\AppData\Local\Temp\sqlite3.dll
C:\Users\Taolan01\AppData\Local\Temp\stubhelper.dll
C:\Users\Taolan01\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Taolan01\AppData\Local\Temp\_is9577.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-24 17:54
 
==================== End Of Log ============================

 

 

So far it seems to be improved and that startup screen wasn't there. I will update this again shortly.

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 01 December 2014 - 11:17 AM

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: fastncheap -> {6b957ddc-45d9-4fe0-8ffc-0791a881301a} -> C:\ProgramData\fastncheap\Ss6D6cakNtnXQj.x64.dll ()
BHO: dealsmarket -> {70a24cb3-84ad-4ef0-bbb7-388df177b789} -> C:\ProgramData\dealsmarket\OQmbMOIhdXi6fi.x64.dll ()
BHO-x32: fastncheap -> {6b957ddc-45d9-4fe0-8ffc-0791a881301a} -> C:\ProgramData\fastncheap\Ss6D6cakNtnXQj.dll ()
BHO-x32: dealsmarket -> {70a24cb3-84ad-4ef0-bbb7-388df177b789} -> C:\ProgramData\dealsmarket\OQmbMOIhdXi6fi.dll ()
FF SearchPlugin: C:\Users\Taolan01\AppData\Roaming\Mozilla\Firefox\Profiles\v54ccyxr.default\searchplugins\yahoo_ff.xml
CHR HomePage: Default -> https://search.yahoo.com/?type=282369&fr=spigot-yhp-ch
CHR Extension: (Poppit!) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-02-04]
CHR Extension: (Google Wallet) - C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-04]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-09-13] (Company) [File not signed]
S2 fa6789c5; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\VideoCnv\Zet.dll",serv
C:\ProgramData\fastncheap
C:\ProgramData\dealsmarket
C:\Users\Taolan01\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 06 December 2014 - 09:22 AM

Are you still with me?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 12 December 2014 - 09:44 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users