Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows 7 running painfully slow [Solved]

Started by AlanY , Nov 16 2014 12:04 PM
malware virus slow windows 7

  • This topic is locked This topic is locked

#16
zep516
Posted 02 December 2014 - 10:41 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

I want to look at another scan, make sure you download this to the desktop or it will not work. Post both log reports FRST.txt and the addition.txt.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

Advertisements

#17
AlanY
Posted 03 December 2014 - 08:52 AM

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Joe, 

 

Here are log files you requested from Farbar scan.

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-12-2014
Ran by YaoTheHong (ATTENTION: The logged in user is not administrator) on BOMBOMCHA on 03-12-2014 22:44:40
Running from C:\Users\YaoTheHong\Downloads
Loaded Profile: YaoTheHong (Available profiles: admin & YaoTheHong & Ajnim & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Flux Software LLC) C:\Users\YaoTheHong\AppData\Local\FluxSoftware\Flux\flux.exe
(Safer-Networking Ltd.) C:\Users\YaoTheHong\Documents\Appendical Programs\Spybot SD 1.6.2\Spybot - Search & Destroy\TeaTimer.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
(Sensible Vision) C:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3206816 2010-08-04] (Dell Inc.)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [93832 2010-11-02] (Sensible Vision )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FAStartup] => [X]
Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\...\Run: [F.lux] => C:\Users\YaoTheHong\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\...\Run: [Google Update] => C:\Users\YaoTheHong\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\...\Run: [SpybotSD TeaTimer] => C:\Users\YaoTheHong\Documents\Appendical Programs\Spybot SD 1.6.2\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\...\Policies\Explorer: [] 
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\YaoTheHong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\YaoTheHong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ap.dell....c=my&l=en&s=gen
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
URLSearchHook: HKU\S-1-5-21-3057907370-1423405045-2432694329-1001 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3057907370-1423405045-2432694329-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKU\S-1-5-21-3057907370-1423405045-2432694329-1001 -> {8E1AF467-5FE7-4E58-9631-B63F1BA5F025} URL = http://malaysia.sear...p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3057907370-1423405045-2432694329-1001 -> {B58CCC0A-8F7E-48C7-811F-F4ACF1F24E30} URL = http://search.yahoo....erms}&fr=mkg114
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-3057907370-1423405045-2432694329-1001 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{78A71A00-BC74-4F42-904C-6612B42C1F19}: [NameServer] 208.67.222.222,208.67.220.220
 
FireFox:
========
FF ProfilePath: C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default
FF DefaultSearchEngine: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://malaysia.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "124.168.86.122"
FF NetworkProxy: "http", "124.168.86.122"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "124.168.86.122"
FF NetworkProxy: "ssl", "124.168.86.122"
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3057907370-1423405045-2432694329-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\YaoTheHong\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3057907370-1423405045-2432694329-1001: @talk.google.com/O1DPlugin -> C:\Users\YaoTheHong\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3057907370-1423405045-2432694329-1001: @tools.google.com/Google Update;version=3 -> C:\Users\YaoTheHong\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3057907370-1423405045-2432694329-1001: @tools.google.com/Google Update;version=9 -> C:\Users\YaoTheHong\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3057907370-1423405045-2432694329-1001: tdameritrade.com/thinkorswim -> C:\Users\YaoTheHong\AppData\Local\thinkorswim\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKU\S-1-5-21-3057907370-1423405045-2432694329-1001: tdameritrade.com/tossc -> C:\Users\YaoTheHong\AppData\Local\thinkorswim\nptossc.dll (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\YaoTheHong\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\YaoTheHong\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Bitdefender QuickScan - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012-07-24]
FF Extension: Tab Scope - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default\Extensions\[email protected] [2011-03-27]
FF Extension: MacOSX Theme (Firefox 4+) - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default\Extensions\{03A4A97B-1A44-4a3b-8A41-D982F0B6E73F}.xpi [2011-04-06]
FF Extension: ImTranslator - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-03-27]
FF Extension: Adblock Plus - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Tab Mix Plus - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso
FF Extension: FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso [2011-01-18]
FF Extension: No Name - C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\addons\OneClickYouTubeDownloader [Not Found]
FF Extension: No Name - C:\Users\YaoTheHong\Documents\Appendical Programs\FreeMake Video Converter v2.1.3.0\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [Not Found]
FF Extension: No Name - C:\Users\YaoTheHong\Documents\Appendical Programs\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.my/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Orbit Downloader) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\YaoTheHong\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (TrafficLight) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2013-06-02]
CHR Extension: (Google Search) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (PicMonkey Extension) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhipmoghimfdldnocmopeoanjmoolofl [2013-01-16]
CHR Extension: (Morpheon Dark - Aero) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnbbonpgadmkipdlclghcekaklebdpi [2012-08-19]
CHR Extension: (AdBlock) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2011-12-01]
CHR Extension: (Smooth Gestures) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2011-12-01]
CHR Extension: (Google Wallet) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx []
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx []
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 FAService; C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2428552 2010-11-02] (Sensible Vision ) [File not signed]
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-11-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-11-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2013-04-08] (DT Soft Ltd)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2011-06-24] (Arainia Solutions LLC)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [158976 2010-02-26] (Intel Corporation) [File not signed]
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-03] ()
S3 nmwcdx64; system32\drivers\nmwcdx64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-03 22:44 - 2014-12-03 22:45 - 00024918 _____ () C:\Users\YaoTheHong\Downloads\FRST.txt
2014-12-03 22:43 - 2014-12-03 22:44 - 00000000 ____D () C:\FRST
2014-12-03 22:42 - 2014-12-03 22:43 - 02117120 _____ (Farbar) C:\Users\YaoTheHong\Downloads\FRST64.exe
2014-12-02 23:22 - 2014-12-02 23:22 - 00000000 ____D () C:\Windows\ERUNT
2014-12-02 23:11 - 2014-12-02 23:16 - 00000000 ____D () C:\AdwCleaner
2014-12-02 22:51 - 2014-12-02 22:51 - 00000000 ____D () C:\_OTL
2014-12-02 03:02 - 2014-12-02 03:02 - 02154496 _____ () C:\Users\YaoTheHong\Downloads\adwcleaner_4.103.exe
2014-12-02 03:02 - 2014-12-02 03:02 - 01707646 _____ (Thisisu) C:\Users\YaoTheHong\Downloads\JRT.exe
2014-12-01 03:34 - 2014-12-01 03:34 - 04443312 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-29 01:48 - 2014-11-29 01:48 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-11-26 12:40 - 2014-12-01 01:14 - 00096062 _____ () C:\Users\YaoTheHong\Downloads\Extras.Txt
2014-11-26 01:38 - 2014-12-01 01:10 - 00158658 _____ () C:\Users\YaoTheHong\Downloads\OTL.Txt
2014-11-26 01:18 - 2014-11-26 01:18 - 00013634 _____ () C:\Windows\DPINST.LOG
2014-11-26 01:17 - 2014-11-26 01:17 - 00000000 ____D () C:\Program Files\Western Digital
2014-11-26 01:11 - 2014-11-26 01:11 - 00602112 _____ (OldTimer Tools) C:\Users\YaoTheHong\Downloads\OTL.com
2014-11-22 23:19 - 2014-12-03 22:41 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-11-22 23:18 - 2014-12-02 23:17 - 00250500 _____ () C:\Windows\PFRO.log
2014-11-22 02:11 - 2014-12-03 22:39 - 00218040 _____ () C:\Windows\setupact.log
2014-11-22 02:11 - 2014-11-22 02:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-20 01:24 - 2014-11-11 11:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-20 01:24 - 2014-11-11 11:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-20 01:24 - 2014-11-11 10:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-20 01:24 - 2014-11-11 10:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-15 00:12 - 2014-11-08 03:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-15 00:12 - 2014-11-08 03:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-15 00:12 - 2014-11-06 12:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-15 00:12 - 2014-11-06 12:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-15 00:12 - 2014-11-06 11:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-15 00:12 - 2014-11-06 11:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-15 00:12 - 2014-11-06 11:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-15 00:12 - 2014-11-06 11:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-15 00:12 - 2014-11-06 11:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-15 00:12 - 2014-11-06 11:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-15 00:12 - 2014-11-06 11:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-15 00:12 - 2014-11-06 11:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-15 00:12 - 2014-11-06 11:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-15 00:12 - 2014-11-06 11:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-15 00:12 - 2014-11-06 11:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-15 00:12 - 2014-11-06 11:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-15 00:12 - 2014-11-06 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-15 00:12 - 2014-11-06 10:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-15 00:12 - 2014-11-06 10:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-15 00:12 - 2014-11-06 10:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-15 00:12 - 2014-11-06 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-15 00:12 - 2014-11-06 10:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-15 00:12 - 2014-11-06 10:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-15 00:12 - 2014-11-06 10:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-15 00:12 - 2014-11-06 10:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-15 00:12 - 2014-11-06 10:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-15 00:12 - 2014-11-06 10:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-15 00:12 - 2014-11-06 10:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-15 00:12 - 2014-11-06 10:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-15 00:12 - 2014-11-06 10:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-15 00:12 - 2014-11-06 09:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-15 00:12 - 2014-11-06 09:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-15 00:11 - 2014-11-06 12:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-15 00:11 - 2014-11-06 11:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-15 00:11 - 2014-11-06 11:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-15 00:11 - 2014-11-06 11:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-15 00:11 - 2014-11-06 11:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-15 00:11 - 2014-11-06 11:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-15 00:11 - 2014-11-06 11:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-15 00:11 - 2014-11-06 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-15 00:11 - 2014-11-06 11:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-15 00:11 - 2014-11-06 11:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-15 00:11 - 2014-11-06 11:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-15 00:11 - 2014-11-06 11:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-15 00:11 - 2014-11-06 11:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-15 00:11 - 2014-11-06 11:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-15 00:11 - 2014-11-06 11:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-15 00:11 - 2014-11-06 10:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-15 00:11 - 2014-11-06 10:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-15 00:11 - 2014-11-06 10:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-15 00:11 - 2014-11-06 10:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-15 00:11 - 2014-11-06 10:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-15 00:11 - 2014-11-06 10:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-15 00:11 - 2014-11-06 10:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-15 00:11 - 2014-11-06 09:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-15 00:11 - 2014-11-06 09:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-15 00:06 - 2014-11-06 01:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-15 00:06 - 2014-11-06 01:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-15 00:06 - 2014-11-06 01:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-15 00:06 - 2014-10-14 10:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-15 00:06 - 2014-10-14 10:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-15 00:06 - 2014-10-14 10:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-15 00:06 - 2014-10-14 10:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-15 00:06 - 2014-10-14 10:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-15 00:06 - 2014-10-14 09:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-15 00:06 - 2014-10-14 09:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-15 00:06 - 2014-10-14 09:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-15 00:06 - 2014-10-14 09:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-15 00:01 - 2014-10-03 10:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-15 00:01 - 2014-10-03 10:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-15 00:01 - 2014-10-03 10:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-15 00:01 - 2014-10-03 10:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-15 00:01 - 2014-10-03 10:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-15 00:01 - 2014-10-03 09:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-15 00:01 - 2014-10-03 09:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-15 00:01 - 2014-10-03 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-15 00:01 - 2014-09-19 17:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-15 00:01 - 2014-09-19 17:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-15 00:01 - 2014-09-19 17:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-15 00:01 - 2014-09-19 17:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-15 00:01 - 2014-08-21 14:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-15 00:01 - 2014-08-21 14:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-15 00:01 - 2014-08-21 14:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-15 00:01 - 2014-08-21 14:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-15 00:01 - 2014-08-12 10:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-15 00:01 - 2014-08-12 09:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-15 00:00 - 2014-10-25 09:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-15 00:00 - 2014-10-25 09:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-15 00:00 - 2014-10-14 10:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-15 00:00 - 2014-10-14 09:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-15 00:00 - 2014-10-10 08:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-15 00:00 - 2014-09-19 17:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-15 00:00 - 2014-09-19 17:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-15 00:00 - 2014-09-19 17:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-15 00:00 - 2014-09-19 17:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-15 00:00 - 2014-09-19 17:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-15 00:00 - 2014-09-19 17:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-15 00:00 - 2014-09-19 17:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-15 00:00 - 2014-09-19 17:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-14 23:59 - 2014-10-18 10:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-14 23:59 - 2014-10-18 09:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-07 01:20 - 2014-11-07 01:20 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
2014-11-05 00:59 - 2014-11-05 00:59 - 00205286 _____ () C:\ProgramData\1415120111.bdinstall.bin
2014-11-05 00:59 - 2014-11-05 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2014-11-05 00:56 - 2014-11-05 00:59 - 00000000 ____D () C:\Program Files\Bitdefender
2014-11-05 00:56 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-11-05 00:56 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-11-05 00:55 - 2014-11-05 00:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\QuickScan
2014-11-05 00:55 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-11-05 00:55 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-03 22:45 - 2009-07-14 12:45 - 00026784 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-03 22:45 - 2009-07-14 12:45 - 00026784 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-03 22:44 - 2014-08-18 12:42 - 01353992 _____ () C:\Windows\WindowsUpdate.log
2014-12-03 22:40 - 2013-01-30 22:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-03 22:40 - 2011-01-18 03:49 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-12-03 22:39 - 2013-04-02 13:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-03 22:39 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-03 00:39 - 2011-02-10 18:54 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001UA.job
2014-12-03 00:37 - 2013-01-30 22:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-03 00:34 - 2012-04-02 09:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-02 23:39 - 2009-07-14 13:13 - 00782720 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-02 23:34 - 2013-04-02 14:27 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-12-02 23:34 - 2013-04-02 14:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-12-02 23:16 - 2013-04-02 13:10 - 00000000 ____D () C:\Users\admin
2014-12-02 23:06 - 2011-01-18 04:03 - 00000000 ____D () C:\ProgramData\Sonic
2014-12-02 22:47 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-02 02:49 - 2009-07-14 12:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-12-01 03:34 - 2012-04-02 09:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-01 03:34 - 2011-05-17 19:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-01 01:37 - 2011-01-24 03:31 - 00000000 ____D () C:\Users\YaoTheHong\AppData\Roaming\vlc
2014-12-01 00:56 - 2013-04-04 03:16 - 00127296 _____ () C:\Users\YaoTheHong\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-01 00:54 - 2013-04-03 14:50 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-12-01 00:54 - 2012-04-22 02:28 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-01 00:54 - 2009-07-14 12:45 - 00464632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-01 00:52 - 2013-11-09 17:05 - 00000000 ____D () C:\Users\Ajnim\AppData\Roaming\Panda Security
2014-12-01 00:52 - 2012-04-22 13:12 - 00000000 ____D () C:\Users\YaoTheHong\AppData\Roaming\Panda Security
2014-12-01 00:52 - 2012-04-22 02:30 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Panda Security
2014-11-26 01:19 - 2014-08-15 00:59 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-26 01:17 - 2014-08-13 01:14 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-11-26 01:17 - 2014-08-13 01:13 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-11-26 01:17 - 2014-08-13 01:11 - 00000000 ____D () C:\ProgramData\Western Digital
2014-11-26 00:38 - 2011-02-10 18:54 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001Core.job
2014-11-24 13:03 - 2011-11-29 15:37 - 00000000 ____D () C:\Users\YaoTheHong\AppData\Roaming\DAEMON Tools Lite
2014-11-22 23:16 - 2012-05-15 02:48 - 00000000 ____D () C:\Windows\ShellNew
2014-11-16 03:16 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-11-15 22:30 - 2014-05-07 02:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-15 02:20 - 2011-05-01 00:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-15 02:11 - 2013-10-24 17:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-15 02:00 - 2012-05-10 20:05 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-15 00:34 - 2011-01-22 16:18 - 00000000 ____D () C:\Users\YaoTheHong\AppData\Roaming\Mozilla
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.
 
==================== End Of Log ============================
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2014
Ran by YaoTheHong at 2014-12-03 22:46:28
Running from C:\Users\YaoTheHong\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.15 - STMicroelectronics)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
COMSOL 4.1 (HKLM-x32\...\COMSOL41) (Version: COMSOL Multiphysics 4.1 - COMSOL)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
f.lux (HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\...\Flux) (Version:  - )
Face Recognition (HKLM\...\{2C5BEF49-4219-4751-9106-39604462939D}) (Version: 3.0.85.1 - Sensible Vision)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.41.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MATLAB R2009a (HKLM\...\MatlabR2009a) (Version: 7.8 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5939 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.8.5 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.4.0 - Synaptics Incorporated)
thinkorswim (HKLM-x32\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
thinkorswim from TD AMERITRADE (HKLM-x32\...\thinkorswim from TD AMERITRADE) (Version:  - TD AMERITRADE, Inc.)
Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version:  - )
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{2A3862B1-F0C6-49F3-AB9A-C53D7C4EEBEA}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{5A6ABA38-E8D6-4B52-B0BF-44081833E1D2}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{e502616c-37a2-498e-a9ee-cd1234ccc820}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-06-22 02:53 - 2014-12-02 22:56 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001Core.job => C:\Users\YaoTheHong\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001UA.job => C:\Users\YaoTheHong\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-11-05 00:59 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2014-10-19 03:03 - 2014-10-19 03:03 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\fccbf4d4987de0de0981bc81b08ee26c\VistaBridgeLibrary.ni.dll
2010-11-02 12:40 - 2010-11-02 12:40 - 00092808 _____ () C:\Windows\system32\FAIEExtension.DLL
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-11-27 01:38 - 2014-11-25 14:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-27 01:38 - 2014-11-25 14:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-27 01:38 - 2014-11-25 14:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-27 01:38 - 2014-11-25 14:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:BDU
AlternateDataStreams: C:\Users\YaoTheHong\Downloads\adwcleaner_4.103.exe:BDU
AlternateDataStreams: C:\Users\YaoTheHong\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\YaoTheHong\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\YaoTheHong\Downloads\OTL.com:BDU
AlternateDataStreams: C:\Users\YaoTheHong\AppData\Roaming\default.rss:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: M4-Service => 2
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Users\YaoTheHong\Documents\Appendical Programs\Spybot SD 1.6.2\Spybot - Search & Destroy\TeaTimer.exe
 
========================= Accounts: ==========================
 
admin (S-1-5-21-3057907370-1423405045-2432694329-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3057907370-1423405045-2432694329-500 - Administrator - Disabled)
Ajnim (S-1-5-21-3057907370-1423405045-2432694329-1005 - Limited - Enabled) => C:\Users\Ajnim
Guest (S-1-5-21-3057907370-1423405045-2432694329-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3057907370-1423405045-2432694329-1007 - Limited - Enabled)
UpdatusUser (S-1-5-21-3057907370-1423405045-2432694329-1008 - Limited - Enabled)
YaoTheHong (S-1-5-21-3057907370-1423405045-2432694329-1001 - Limited - Enabled) => C:\Users\YaoTheHong
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (12/03/2014 10:40:35 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (12/02/2014 11:38:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (12/02/2014 11:37:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (12/02/2014 11:34:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (12/02/2014 11:33:50 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-01 02:40:32.076
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\admin\AppData\Local\Temp\RarSFX0\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-01 02:40:31.915
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\admin\AppData\Local\Temp\RarSFX0\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-01 02:40:31.771
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\admin\AppData\Local\Temp\RarSFX0\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-12 14:24:23.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-12 14:24:23.432
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-12 14:24:23.369
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-12 14:24:23.307
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-12 14:24:23.245
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-12 14:24:23.182
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-12 14:24:23.120
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 56%
Total physical RAM: 4028.38 MB
Available physical RAM: 1772.38 MB
Total Pagefile: 8054.94 MB
Available Pagefile: 4984.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:336.29 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================

  • 0

#18
zep516
Posted 04 December 2014 - 07:37 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

How is the computer running now ?

Could you move FRST to the desktop, it's running from the downloads folder currently Running from C:\Users\YaoTheHong\Downloads
To do that:

1.Navigate to your downloads folder in the downloads folder find FRST.
2.Right click on it, choose cut.
3.Now on the desktop on an empty area.
4.Right click choose paste.
5.FRST should now be on the desktop.

Let me know when that is done
  • 0

#19
AlanY
Posted 04 December 2014 - 10:32 AM

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Hi Joe, 

 

The computer is showing no sign of serious slow down it used to. I think your instructions are working! Was the computer infected? What was causing it to slow down dramatically?

 

I have placed Farbar onto the Desktop and ran it from here. Farbar did not run smoothly both this time and last. I managed to snipped a picture of the error message:
FarbarError2.JPG

I selected "Yes" and then proceed with "Scan". We still managed to get new log files:

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by YaoTheHong (ATTENTION: The logged in user is not administrator) on BOMBOMCHA on 05-12-2014 00:15:16
Running from C:\Users\YaoTheHong\Desktop
Loaded Profile: YaoTheHong (Available profiles: admin & YaoTheHong & Ajnim & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Flux Software LLC) C:\Users\YaoTheHong\AppData\Local\FluxSoftware\Flux\flux.exe
(Safer-Networking Ltd.) C:\Users\YaoTheHong\Documents\Appendical Programs\Spybot SD 1.6.2\Spybot - Search & Destroy\TeaTimer.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
(Sensible Vision) C:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3206816 2010-08-04] (Dell Inc.)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [93832 2010-11-02] (Sensible Vision )
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FAStartup] => [X]
Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\...\Run: [F.lux] => C:\Users\YaoTheHong\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\...\Run: [Google Update] => C:\Users\YaoTheHong\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\...\Run: [SpybotSD TeaTimer] => C:\Users\YaoTheHong\Documents\Appendical Programs\Spybot SD 1.6.2\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\...\Policies\Explorer: [] 
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\YaoTheHong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\YaoTheHong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ap.dell....c=my&l=en&s=gen
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
URLSearchHook: HKU\S-1-5-21-3057907370-1423405045-2432694329-1001 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3057907370-1423405045-2432694329-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKU\S-1-5-21-3057907370-1423405045-2432694329-1001 -> {8E1AF467-5FE7-4E58-9631-B63F1BA5F025} URL = http://malaysia.sear...p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3057907370-1423405045-2432694329-1001 -> {B58CCC0A-8F7E-48C7-811F-F4ACF1F24E30} URL = http://search.yahoo....erms}&fr=mkg114
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-3057907370-1423405045-2432694329-1001 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{78A71A00-BC74-4F42-904C-6612B42C1F19}: [NameServer] 208.67.222.222,208.67.220.220
 
FireFox:
========
FF ProfilePath: C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default
FF DefaultSearchEngine: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://malaysia.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "124.168.86.122"
FF NetworkProxy: "http", "124.168.86.122"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "124.168.86.122"
FF NetworkProxy: "ssl", "124.168.86.122"
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3057907370-1423405045-2432694329-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\YaoTheHong\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3057907370-1423405045-2432694329-1001: @talk.google.com/O1DPlugin -> C:\Users\YaoTheHong\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3057907370-1423405045-2432694329-1001: @tools.google.com/Google Update;version=3 -> C:\Users\YaoTheHong\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3057907370-1423405045-2432694329-1001: @tools.google.com/Google Update;version=9 -> C:\Users\YaoTheHong\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3057907370-1423405045-2432694329-1001: tdameritrade.com/thinkorswim -> C:\Users\YaoTheHong\AppData\Local\thinkorswim\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKU\S-1-5-21-3057907370-1423405045-2432694329-1001: tdameritrade.com/tossc -> C:\Users\YaoTheHong\AppData\Local\thinkorswim\nptossc.dll (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\YaoTheHong\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\YaoTheHong\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Bitdefender QuickScan - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012-07-24]
FF Extension: Tab Scope - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default\Extensions\[email protected] [2011-03-27]
FF Extension: MacOSX Theme (Firefox 4+) - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default\Extensions\{03A4A97B-1A44-4a3b-8A41-D982F0B6E73F}.xpi [2011-04-06]
FF Extension: ImTranslator - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-03-27]
FF Extension: Adblock Plus - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Tab Mix Plus - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso
FF Extension: FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso [2011-01-18]
FF Extension: No Name - C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\addons\OneClickYouTubeDownloader [Not Found]
FF Extension: No Name - C:\Users\YaoTheHong\Documents\Appendical Programs\FreeMake Video Converter v2.1.3.0\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [Not Found]
FF Extension: No Name - C:\Users\YaoTheHong\Documents\Appendical Programs\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.my/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Orbit Downloader) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\YaoTheHong\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (TrafficLight) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2013-06-02]
CHR Extension: (Google Search) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (PicMonkey Extension) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhipmoghimfdldnocmopeoanjmoolofl [2013-01-16]
CHR Extension: (Morpheon Dark - Aero) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnbbonpgadmkipdlclghcekaklebdpi [2012-08-19]
CHR Extension: (AdBlock) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2011-12-01]
CHR Extension: (Smooth Gestures) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2011-12-01]
CHR Extension: (Google Wallet) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 FAService; C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2428552 2010-11-02] (Sensible Vision ) [File not signed]
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-11-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-11-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2013-04-08] (DT Soft Ltd)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2011-06-24] (Arainia Solutions LLC)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [158976 2010-02-26] (Intel Corporation) [File not signed]
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-03] ()
S3 nmwcdx64; system32\drivers\nmwcdx64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-05 00:15 - 2014-12-05 00:15 - 00024859 _____ () C:\Users\YaoTheHong\Desktop\FRST.txt
2014-12-05 00:04 - 2014-12-05 00:04 - 00000000 ____D () C:\Users\YaoTheHong\Desktop\FRST-OlderVersion
2014-12-03 22:46 - 2014-12-03 22:52 - 00021477 _____ () C:\Users\YaoTheHong\Downloads\Addition.txt
2014-12-03 22:44 - 2014-12-03 22:46 - 00044765 _____ () C:\Users\YaoTheHong\Downloads\FRST.txt
2014-12-03 22:43 - 2014-12-05 00:15 - 00000000 ____D () C:\FRST
2014-12-03 22:42 - 2014-12-05 00:04 - 02117632 _____ (Farbar) C:\Users\YaoTheHong\Desktop\FRST64.exe
2014-12-02 23:22 - 2014-12-02 23:22 - 00000000 ____D () C:\Windows\ERUNT
2014-12-02 23:11 - 2014-12-02 23:16 - 00000000 ____D () C:\AdwCleaner
2014-12-02 22:51 - 2014-12-02 22:51 - 00000000 ____D () C:\_OTL
2014-12-02 03:02 - 2014-12-02 03:02 - 02154496 _____ () C:\Users\YaoTheHong\Downloads\adwcleaner_4.103.exe
2014-12-02 03:02 - 2014-12-02 03:02 - 01707646 _____ (Thisisu) C:\Users\YaoTheHong\Downloads\JRT.exe
2014-12-01 03:34 - 2014-12-01 03:34 - 04443312 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-29 01:48 - 2014-11-29 01:48 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-11-26 12:40 - 2014-12-01 01:14 - 00096062 _____ () C:\Users\YaoTheHong\Downloads\Extras.Txt
2014-11-26 01:38 - 2014-12-01 01:10 - 00158658 _____ () C:\Users\YaoTheHong\Downloads\OTL.Txt
2014-11-26 01:18 - 2014-11-26 01:18 - 00013634 _____ () C:\Windows\DPINST.LOG
2014-11-26 01:17 - 2014-11-26 01:17 - 00000000 ____D () C:\Program Files\Western Digital
2014-11-26 01:11 - 2014-11-26 01:11 - 00602112 _____ (OldTimer Tools) C:\Users\YaoTheHong\Downloads\OTL.com
2014-11-22 23:19 - 2014-12-05 00:04 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-11-22 23:18 - 2014-12-02 23:17 - 00250500 _____ () C:\Windows\PFRO.log
2014-11-22 02:11 - 2014-12-05 00:02 - 00232576 _____ () C:\Windows\setupact.log
2014-11-22 02:11 - 2014-11-22 02:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-20 01:24 - 2014-11-11 11:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-20 01:24 - 2014-11-11 11:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-20 01:24 - 2014-11-11 10:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-20 01:24 - 2014-11-11 10:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-15 00:12 - 2014-11-08 03:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-15 00:12 - 2014-11-08 03:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-15 00:12 - 2014-11-06 12:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-15 00:12 - 2014-11-06 12:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-15 00:12 - 2014-11-06 11:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-15 00:12 - 2014-11-06 11:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-15 00:12 - 2014-11-06 11:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-15 00:12 - 2014-11-06 11:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-15 00:12 - 2014-11-06 11:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-15 00:12 - 2014-11-06 11:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-15 00:12 - 2014-11-06 11:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-15 00:12 - 2014-11-06 11:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-15 00:12 - 2014-11-06 11:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-15 00:12 - 2014-11-06 11:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-15 00:12 - 2014-11-06 11:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-15 00:12 - 2014-11-06 11:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-15 00:12 - 2014-11-06 11:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-15 00:12 - 2014-11-06 10:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-15 00:12 - 2014-11-06 10:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-15 00:12 - 2014-11-06 10:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-15 00:12 - 2014-11-06 10:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-15 00:12 - 2014-11-06 10:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-15 00:12 - 2014-11-06 10:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-15 00:12 - 2014-11-06 10:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-15 00:12 - 2014-11-06 10:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-15 00:12 - 2014-11-06 10:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-15 00:12 - 2014-11-06 10:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-15 00:12 - 2014-11-06 10:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-15 00:12 - 2014-11-06 10:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-15 00:12 - 2014-11-06 10:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-15 00:12 - 2014-11-06 09:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-15 00:12 - 2014-11-06 09:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-15 00:11 - 2014-11-06 12:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-15 00:11 - 2014-11-06 11:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-15 00:11 - 2014-11-06 11:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-15 00:11 - 2014-11-06 11:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-15 00:11 - 2014-11-06 11:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-15 00:11 - 2014-11-06 11:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-15 00:11 - 2014-11-06 11:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-15 00:11 - 2014-11-06 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-15 00:11 - 2014-11-06 11:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-15 00:11 - 2014-11-06 11:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-15 00:11 - 2014-11-06 11:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-15 00:11 - 2014-11-06 11:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-15 00:11 - 2014-11-06 11:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-15 00:11 - 2014-11-06 11:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-15 00:11 - 2014-11-06 11:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-15 00:11 - 2014-11-06 10:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-15 00:11 - 2014-11-06 10:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-15 00:11 - 2014-11-06 10:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-15 00:11 - 2014-11-06 10:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-15 00:11 - 2014-11-06 10:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-15 00:11 - 2014-11-06 10:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-15 00:11 - 2014-11-06 10:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-15 00:11 - 2014-11-06 09:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-15 00:11 - 2014-11-06 09:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-15 00:06 - 2014-11-06 01:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-15 00:06 - 2014-11-06 01:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-15 00:06 - 2014-11-06 01:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-15 00:06 - 2014-10-14 10:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-15 00:06 - 2014-10-14 10:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-15 00:06 - 2014-10-14 10:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-15 00:06 - 2014-10-14 10:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-15 00:06 - 2014-10-14 10:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-15 00:06 - 2014-10-14 09:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-15 00:06 - 2014-10-14 09:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-15 00:06 - 2014-10-14 09:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-15 00:06 - 2014-10-14 09:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-15 00:01 - 2014-10-03 10:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-15 00:01 - 2014-10-03 10:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-15 00:01 - 2014-10-03 10:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-15 00:01 - 2014-10-03 10:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-15 00:01 - 2014-10-03 10:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-15 00:01 - 2014-10-03 09:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-15 00:01 - 2014-10-03 09:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-15 00:01 - 2014-10-03 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-15 00:01 - 2014-09-19 17:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-15 00:01 - 2014-09-19 17:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-15 00:01 - 2014-09-19 17:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-15 00:01 - 2014-09-19 17:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-15 00:01 - 2014-08-21 14:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-15 00:01 - 2014-08-21 14:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-15 00:01 - 2014-08-21 14:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-15 00:01 - 2014-08-21 14:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-15 00:01 - 2014-08-12 10:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-15 00:01 - 2014-08-12 09:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-15 00:00 - 2014-10-25 09:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-15 00:00 - 2014-10-25 09:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-15 00:00 - 2014-10-14 10:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-15 00:00 - 2014-10-14 09:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-15 00:00 - 2014-10-10 08:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-15 00:00 - 2014-09-19 17:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-15 00:00 - 2014-09-19 17:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-15 00:00 - 2014-09-19 17:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-15 00:00 - 2014-09-19 17:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-15 00:00 - 2014-09-19 17:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-15 00:00 - 2014-09-19 17:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-15 00:00 - 2014-09-19 17:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-15 00:00 - 2014-09-19 17:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-14 23:59 - 2014-10-18 10:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-14 23:59 - 2014-10-18 09:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-07 01:20 - 2014-11-07 01:20 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
2014-11-05 00:59 - 2014-11-05 00:59 - 00205286 _____ () C:\ProgramData\1415120111.bdinstall.bin
2014-11-05 00:59 - 2014-11-05 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2014-11-05 00:56 - 2014-11-05 00:59 - 00000000 ____D () C:\Program Files\Bitdefender
2014-11-05 00:56 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-11-05 00:56 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-11-05 00:55 - 2014-11-05 00:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\QuickScan
2014-11-05 00:55 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-11-05 00:55 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-05 00:08 - 2009-07-14 12:45 - 00026784 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-05 00:08 - 2009-07-14 12:45 - 00026784 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-05 00:07 - 2014-08-18 12:42 - 01373251 _____ () C:\Windows\WindowsUpdate.log
2014-12-05 00:07 - 2009-07-14 13:13 - 00782720 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-05 00:02 - 2013-04-02 13:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-05 00:02 - 2013-01-30 22:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-05 00:02 - 2011-01-18 03:49 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-12-05 00:02 - 2009-07-14 13:08 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-05 00:02 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-04 01:39 - 2011-02-10 18:54 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001UA.job
2014-12-04 01:37 - 2013-01-30 22:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-04 01:34 - 2012-04-02 09:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-02 23:34 - 2013-04-02 14:27 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-12-02 23:34 - 2013-04-02 14:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-12-02 23:16 - 2013-04-02 13:10 - 00000000 ____D () C:\Users\admin
2014-12-02 23:06 - 2011-01-18 04:03 - 00000000 ____D () C:\ProgramData\Sonic
2014-12-02 22:47 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-02 02:49 - 2009-07-14 12:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-12-01 03:34 - 2012-04-02 09:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-01 03:34 - 2011-05-17 19:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-01 01:37 - 2011-01-24 03:31 - 00000000 ____D () C:\Users\YaoTheHong\AppData\Roaming\vlc
2014-12-01 00:56 - 2013-04-04 03:16 - 00127296 _____ () C:\Users\YaoTheHong\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-01 00:54 - 2013-04-03 14:50 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-12-01 00:54 - 2012-04-22 02:28 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-01 00:54 - 2009-07-14 12:45 - 00464632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-01 00:52 - 2013-11-09 17:05 - 00000000 ____D () C:\Users\Ajnim\AppData\Roaming\Panda Security
2014-12-01 00:52 - 2012-04-22 13:12 - 00000000 ____D () C:\Users\YaoTheHong\AppData\Roaming\Panda Security
2014-12-01 00:52 - 2012-04-22 02:30 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Panda Security
2014-11-26 01:19 - 2014-08-15 00:59 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-26 01:17 - 2014-08-13 01:14 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-11-26 01:17 - 2014-08-13 01:13 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-11-26 01:17 - 2014-08-13 01:11 - 00000000 ____D () C:\ProgramData\Western Digital
2014-11-26 00:38 - 2011-02-10 18:54 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001Core.job
2014-11-24 13:03 - 2011-11-29 15:37 - 00000000 ____D () C:\Users\YaoTheHong\AppData\Roaming\DAEMON Tools Lite
2014-11-22 23:16 - 2012-05-15 02:48 - 00000000 ____D () C:\Windows\ShellNew
2014-11-16 03:16 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-11-15 22:30 - 2014-05-07 02:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-15 02:20 - 2011-05-01 00:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-15 02:11 - 2013-10-24 17:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-15 02:00 - 2012-05-10 20:05 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-15 00:34 - 2011-01-22 16:18 - 00000000 ____D () C:\Users\YaoTheHong\AppData\Roaming\Mozilla
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.
 
==================== End Of Log ============================
 
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by YaoTheHong at 2014-12-05 00:16:12
Running from C:\Users\YaoTheHong\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.15 - STMicroelectronics)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
COMSOL 4.1 (HKLM-x32\...\COMSOL41) (Version: COMSOL Multiphysics 4.1 - COMSOL)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
f.lux (HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\...\Flux) (Version:  - )
Face Recognition (HKLM\...\{2C5BEF49-4219-4751-9106-39604462939D}) (Version: 3.0.85.1 - Sensible Vision)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D16A2127-B927-4379-B153-3DEC091E4EEB}) (Version: 13.02.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.260 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.41.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MATLAB R2009a (HKLM\...\MatlabR2009a) (Version: 7.8 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5939 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.8.5 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.4.0 - Synaptics Incorporated)
thinkorswim (HKLM-x32\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
thinkorswim from TD AMERITRADE (HKLM-x32\...\thinkorswim from TD AMERITRADE) (Version:  - TD AMERITRADE, Inc.)
Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version:  - )
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{2A3862B1-F0C6-49F3-AB9A-C53D7C4EEBEA}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{5A6ABA38-E8D6-4B52-B0BF-44081833E1D2}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{e502616c-37a2-498e-a9ee-cd1234ccc820}) (Version: 2.4.4.5 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-06-22 02:53 - 2014-12-02 22:56 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001Core.job => C:\Users\YaoTheHong\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001UA.job => C:\Users\YaoTheHong\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-11-05 00:59 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2014-10-19 03:03 - 2014-10-19 03:03 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\fccbf4d4987de0de0981bc81b08ee26c\VistaBridgeLibrary.ni.dll
2010-11-02 12:40 - 2010-11-02 12:40 - 00092808 _____ () C:\Windows\system32\FAIEExtension.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:BDU
AlternateDataStreams: C:\Users\YaoTheHong\Downloads\adwcleaner_4.103.exe:BDU
AlternateDataStreams: C:\Users\YaoTheHong\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\YaoTheHong\Downloads\OTL.com:BDU
AlternateDataStreams: C:\Users\YaoTheHong\AppData\Roaming\default.rss:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: M4-Service => 2
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Users\YaoTheHong\Documents\Appendical Programs\Spybot SD 1.6.2\Spybot - Search & Destroy\TeaTimer.exe
 
========================= Accounts: ==========================
 
admin (S-1-5-21-3057907370-1423405045-2432694329-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3057907370-1423405045-2432694329-500 - Administrator - Disabled)
Ajnim (S-1-5-21-3057907370-1423405045-2432694329-1005 - Limited - Enabled) => C:\Users\Ajnim
Guest (S-1-5-21-3057907370-1423405045-2432694329-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3057907370-1423405045-2432694329-1007 - Limited - Enabled)
UpdatusUser (S-1-5-21-3057907370-1423405045-2432694329-1008 - Limited - Enabled)
YaoTheHong (S-1-5-21-3057907370-1423405045-2432694329-1001 - Limited - Enabled) => C:\Users\YaoTheHong
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/05/2014 00:03:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sftservice.EXE, version: 1.0.82.72, time stamp: 0x4e45499a
Faulting module name: sftservice.EXE, version: 1.0.82.72, time stamp: 0x4e45499a
Exception code: 0xc0000005
Fault offset: 0x0006996b
Faulting process id: 0x92c
Faulting application start time: 0xsftservice.EXE0
Faulting application path: sftservice.EXE1
Faulting module path: sftservice.EXE2
Report Id: sftservice.EXE3
 
 
System errors:
=============
Error: (12/05/2014 00:03:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/05/2014 00:03:29 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (12/05/2014 00:03:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (12/03/2014 10:40:35 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
Error: (12/02/2014 11:38:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (12/02/2014 11:37:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (12/02/2014 11:34:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (12/02/2014 11:33:50 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
 
 
Microsoft Office Sessions:
=========================
Error: (12/05/2014 00:03:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: sftservice.EXE1.0.82.724e45499asftservice.EXE1.0.82.724e45499ac00000050006996b92c01d00fdbc3f5dcefC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE10405afe-7bcf-11e4-8dd2-f04da265b4d2
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-01 02:40:32.076
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\admin\AppData\Local\Temp\RarSFX0\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-01 02:40:31.915
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\admin\AppData\Local\Temp\RarSFX0\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-01 02:40:31.771
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\admin\AppData\Local\Temp\RarSFX0\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-12 14:24:23.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-12 14:24:23.432
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-12 14:24:23.369
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-12 14:24:23.307
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-12 14:24:23.245
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-12 14:24:23.182
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-01-12 14:24:23.120
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU Q 740 @ 1.73GHz
Percentage of memory in use: 37%
Total physical RAM: 4028.38 MB
Available physical RAM: 2505.73 MB
Total Pagefile: 8054.94 MB
Available Pagefile: 5928.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:335.58 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================

 


  • 0

#20
zep516
Posted 04 December 2014 - 11:19 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
HKLM-x32\...\Run: [FAStartup] => [X]
URLSearchHook: HKU\S-1-5-21-3057907370-1423405045-2432694329-1001 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3057907370-1423405045-2432694329-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
Toolbar: HKU\S-1-5-21-3057907370-1423405045-2432694329-1001 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "124.168.86.122"
FF NetworkProxy: "http", "124.168.86.122"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "124.168.86.122"
FF NetworkProxy: "ssl", "124.168.86.122"
FF NetworkProxy: "type", 1
FF Extension: No Name - C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\addons\OneClickYouTubeDownloader [Not Found]
FF Extension: No Name - C:\Users\YaoTheHong\Documents\Appendical Programs\FreeMake Video Converter v2.1.3.0\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [Not Found]
FF Extension: No Name - C:\Users\YaoTheHong\Documents\Appendical Programs\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File 
CHR Plugin: (Orbit Downloader) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Users\YaoTheHong\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [Not Found]
S3 nmwcdx64; system32\drivers\nmwcdx64.sys [X]
2014-12-01 00:54 - 2013-04-03 14:50 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-12-01 00:54 - 2012-04-22 02:28 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-01 00:52 - 2013-11-09 17:05 - 00000000 ____D () C:\Users\Ajnim\AppData\Roaming\Panda Security
2014-12-01 00:52 - 2012-04-22 13:12 - 00000000 ____D () C:\Users\YaoTheHong\AppData\Roaming\Panda Security
2014-12-01 00:52 - 2012-04-22 02:30 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Panda Security

Emptytemp:
reboot:
end
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

In your next reply post the:
Fixlog.txt
  • 0

#21
AlanY
Posted 05 December 2014 - 05:16 PM

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Fixlist is run on FRST. For some reason, Bitdefender antivirus is stopped although I switch it on again. There are 2 error messages:

Bitdef1.JPG Bitdef2.JPG

 

Here is the Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2014
Ran by YaoTheHong at 2014-12-06 07:08:10 Run:1
Running from C:\Users\YaoTheHong\Desktop
Loaded Profiles: admin & YaoTheHong (Available profiles: admin & YaoTheHong & Ajnim & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [FAStartup] => [X]
URLSearchHook: HKU\S-1-5-21-3057907370-1423405045-2432694329-1001 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3057907370-1423405045-2432694329-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
Toolbar: HKU\S-1-5-21-3057907370-1423405045-2432694329-1001 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "124.168.86.122"
FF NetworkProxy: "http", "124.168.86.122"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "124.168.86.122"
FF NetworkProxy: "ssl", "124.168.86.122"
FF NetworkProxy: "type", 1
FF Extension: No Name - C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\addons\OneClickYouTubeDownloader [Not Found]
FF Extension: No Name - C:\Users\YaoTheHong\Documents\Appendical Programs\FreeMake Video Converter v2.1.3.0\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [Not Found]
FF Extension: No Name - C:\Users\YaoTheHong\Documents\Appendical Programs\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File 
CHR Plugin: (Orbit Downloader) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Users\YaoTheHong\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [Not Found]
S3 nmwcdx64; system32\drivers\nmwcdx64.sys [X]
2014-12-01 00:54 - 2013-04-03 14:50 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-12-01 00:54 - 2012-04-22 02:28 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-01 00:52 - 2013-11-09 17:05 - 00000000 ____D () C:\Users\Ajnim\AppData\Roaming\Panda Security
2014-12-01 00:52 - 2012-04-22 13:12 - 00000000 ____D () C:\Users\YaoTheHong\AppData\Roaming\Panda Security
2014-12-01 00:52 - 2012-04-22 02:30 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Panda Security
 
Emptytemp:
reboot:
end
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FAStartup => value deleted successfully.
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value could not be deleted.
"HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key not found.
"HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key not found.
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => value deleted successfully.
"HKCR\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" => Key not found.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\addons\OneClickYouTubeDownloader not found.
C:\Users\YaoTheHong\Documents\Appendical Programs\FreeMake Video Converter v2.1.3.0\Freemake\Freemake Video Converter\BrowserPlugin\Firefox not found.
C:\Users\YaoTheHong\Documents\Appendical Programs\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll not found.
C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll not found.
C:\Users\YaoTheHong\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll not found.
C:\Users\YaoTheHong\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll not found.
C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL not found.
C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL not found.
C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL not found.
C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL not found.
C:\Users\YaoTheHong\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae" => Key deleted successfully.
nmwcdx64 => Service deleted successfully.
C:\Program Files (x86)\Panda Security => Moved successfully.
C:\ProgramData\Panda Security => Moved successfully.
 
"C:\Users\Ajnim\AppData\Roaming\Panda Security" directory move:
 
Could not move "C:\Users\Ajnim\AppData\Roaming\Panda Security" directory. => Scheduled to move on reboot.
 
C:\Users\YaoTheHong\AppData\Roaming\Panda Security => Moved successfully.
 
"C:\Users\admin\AppData\Roaming\Panda Security" directory move:
 
Could not move "C:\Users\admin\AppData\Roaming\Panda Security" directory. => Scheduled to move on reboot.
 
EmptyTemp: => Removed 661.1 MB temporary data.

Edited by AlanY, 05 December 2014 - 05:25 PM.

  • 0

#22
zep516
Posted 05 December 2014 - 05:26 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
How are we doing ? How is the computer now ?
  • 0

#23
AlanY
Posted 06 December 2014 - 07:01 AM

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

The computer is running fine now. No slow down since our discussion started. Bitdefender seems to shut down by itself even after it is switched on again, and an error message pops up.

The error message looks like this:

Bitdef1.JPG  Bitdef2.JPG


  • 0

#24
zep516
Posted 06 December 2014 - 10:31 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
This is the second complaint I have seen about bitdefender doing this. Let me also review the log and get back to you.

Joe
  • 0

#25
AlanY
Posted 11 December 2014 - 12:08 AM

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Hi Joe, any luck with Bitdefender?


  • 0

Advertisements

#26
zep516
Posted 11 December 2014 - 05:20 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
No not yet, what about uninstalling and reinstalling. Have you tried that ?
  • 0

#27
AlanY
Posted 11 December 2014 - 10:01 PM

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Yes I have tried uninstalling and reinstalling using Control Panel>"Uninstall a Program". Bitdefender seems to be having a bad day.


  • 0

#28
zep516
Posted 12 December 2014 - 02:29 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello AlanY,

Would you post a fresh FRST Log when you can.

Thanks
Joe :)
  • 0

#29
AlanY
Posted 13 December 2014 - 08:59 PM

AlanY

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts

Welcome back Joe. I have reinstalled Panda Antivirus while Bitdefender is down. Here is the fresh FRST log you requested:
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014
Ran by YaoTheHong (ATTENTION: The logged in user is not administrator) on BOMBOMCHA on 14-12-2014 10:54:38
Running from C:\Users\YaoTheHong\Desktop
Loaded Profile: YaoTheHong (Available profiles: admin & YaoTheHong & Ajnim & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Flux Software LLC) C:\Users\YaoTheHong\AppData\Local\FluxSoftware\Flux\flux.exe
(Safer-Networking Ltd.) C:\Users\YaoTheHong\Documents\Appendical Programs\Spybot SD 1.6.2\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Sensible Vision) C:\Program Files (x86)\Sensible Vision\Fast Access\Vendor\FastAccessChatAssist.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3206816 2010-08-04] (Dell Inc.)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [93832 2010-11-02] (Sensible Vision )
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\...\Run: [F.lux] => C:\Users\YaoTheHong\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\...\Run: [Google Update] => C:\Users\YaoTheHong\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\...\Run: [SpybotSD TeaTimer] => C:\Users\YaoTheHong\Documents\Appendical Programs\Spybot SD 1.6.2\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\...\Policies\Explorer: [] 
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\YaoTheHong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\YaoTheHong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ap.dell....c=my&l=en&s=gen
HKU\S-1-5-21-3057907370-1423405045-2432694329-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{78A71A00-BC74-4F42-904C-6612B42C1F19}: [NameServer] 208.67.222.222,208.67.220.220
 
FireFox:
========
FF ProfilePath: C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default
FF DefaultSearchEngine: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://malaysia.search.yahoo.com/search?fr=mcafee&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3057907370-1423405045-2432694329-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\YaoTheHong\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3057907370-1423405045-2432694329-1001: @talk.google.com/O1DPlugin -> C:\Users\YaoTheHong\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3057907370-1423405045-2432694329-1001: @tools.google.com/Google Update;version=3 -> C:\Users\YaoTheHong\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3057907370-1423405045-2432694329-1001: @tools.google.com/Google Update;version=9 -> C:\Users\YaoTheHong\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3057907370-1423405045-2432694329-1001: tdameritrade.com/thinkorswim -> C:\Users\YaoTheHong\AppData\Local\thinkorswim\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKU\S-1-5-21-3057907370-1423405045-2432694329-1001: tdameritrade.com/tossc -> C:\Users\YaoTheHong\AppData\Local\thinkorswim\nptossc.dll (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\YaoTheHong\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\YaoTheHong\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Bitdefender QuickScan - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012-07-24]
FF Extension: Tab Scope - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default\Extensions\[email protected] [2011-03-27]
FF Extension: MacOSX Theme (Firefox 4+) - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default\Extensions\{03A4A97B-1A44-4a3b-8A41-D982F0B6E73F}.xpi [2011-04-06]
FF Extension: ImTranslator - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2011-03-27]
FF Extension: Adblock Plus - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Tab Mix Plus - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\Firefox\Profiles\ko14j2o2.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso
FF Extension: FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso [2011-01-18]
FF Extension: No Name - C:\Users\YaoTheHong\Documents\Appendical Programs\Firefox Plugins\Orbit Downloader\Orbitdownloader\addons\OneClickYouTubeDownloader [Not Found]
FF Extension: No Name - C:\Users\YaoTheHong\Documents\Appendical Programs\FreeMake Video Converter v2.1.3.0\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [Not Found]
FF Extension: No Name - C:\Users\YaoTheHong\Documents\Appendical Programs\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.my/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Orbit Downloader) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\YaoTheHong\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\YaoTheHong\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-21]
CHR Extension: (TrafficLight) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2013-06-02]
CHR Extension: (Google Search) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-21]
CHR Extension: (PicMonkey Extension) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhipmoghimfdldnocmopeoanjmoolofl [2013-01-16]
CHR Extension: (Morpheon Dark - Aero) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnbbonpgadmkipdlclghcekaklebdpi [2012-08-19]
CHR Extension: (AdBlock) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2011-12-01]
CHR Extension: (Smooth Gestures) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld [2011-12-01]
CHR Extension: (Google Wallet) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\YaoTheHong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 FAService; C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2428552 2010-11-02] (Sensible Vision ) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-14] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-11-14] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2013-04-08] (DT Soft Ltd)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2011-06-24] (Arainia Solutions LLC)
S3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [158976 2010-02-26] (Intel Corporation) [File not signed]
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-17] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-14] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-14] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-14] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-03] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-12 14:06 - 2014-12-12 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-12-12 13:33 - 2014-12-14 00:00 - 00000394 ____H () C:\Windows\Tasks\{0CEE3137-39DA-43A0-8CF7-8501435DD651}.job
2014-12-12 13:29 - 2014-12-12 13:29 - 00000000 ____D () C:\Users\YaoTheHong\AppData\Roaming\Panda Security
2014-12-12 13:29 - 2014-03-25 21:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-12-12 13:28 - 2014-12-12 14:06 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-12-12 13:28 - 2014-12-12 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2014-12-12 13:20 - 2014-12-12 13:29 - 00000000 ____D () C:\ProgramData\Panda Security
2014-12-12 13:15 - 2014-12-12 13:15 - 00098032 _____ () C:\ProgramData\1418361286.bdinstall.bin
2014-12-12 13:14 - 2014-12-12 13:14 - 00037822 _____ () C:\ProgramData\1418361282.bdinstall.bin
2014-12-12 11:24 - 2014-12-12 11:24 - 00260051 _____ () C:\ProgramData\1418354342.bdinstall.bin
2014-12-12 11:14 - 2014-12-12 11:14 - 00094792 _____ () C:\ProgramData\1418353760.bdinstall.bin
2014-12-12 11:09 - 2014-12-12 11:09 - 00037839 _____ () C:\ProgramData\1418353758.bdinstall.bin
2014-12-12 11:04 - 2014-12-12 11:04 - 00176154 _____ () C:\ProgramData\1418353423.bdinstall.bin
2014-12-12 11:03 - 2014-12-12 11:03 - 00037823 _____ () C:\ProgramData\1418353421.bdinstall.bin
2014-12-11 22:40 - 2014-12-11 23:08 - 00000000 ____D () C:\Users\YaoTheHong\bluej
2014-12-11 16:40 - 2014-12-12 20:02 - 00000000 ____D () C:\Users\YaoTheHong\Desktop\Learning Java
2014-12-11 16:22 - 2014-12-11 16:22 - 00000000 ____D () C:\Users\YaoTheHong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueJ
2014-12-11 16:21 - 2014-12-11 16:22 - 00000000 ____D () C:\Program Files (x86)\BlueJ
2014-12-11 16:17 - 2014-12-11 16:16 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-12-11 16:16 - 2014-12-11 16:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-12-11 16:16 - 2014-12-11 16:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-12-11 16:16 - 2014-12-11 16:16 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-12-11 16:16 - 2014-12-11 16:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-11 16:15 - 2014-12-11 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-12-11 16:13 - 2014-12-11 16:16 - 00000000 ____D () C:\Program Files\Java
2014-12-11 11:08 - 2014-12-11 11:08 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 05:26 - 2014-10-18 10:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 05:26 - 2014-10-18 09:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 04:52 - 2014-12-04 10:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 04:52 - 2014-12-04 10:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 04:52 - 2014-12-04 10:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 04:52 - 2014-12-04 10:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 04:52 - 2014-12-04 10:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 04:52 - 2014-12-04 10:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 04:52 - 2014-12-04 10:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 04:52 - 2014-12-02 07:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 04:51 - 2014-11-27 09:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 04:51 - 2014-11-27 09:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 04:51 - 2014-11-22 11:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 04:51 - 2014-11-22 11:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 04:51 - 2014-11-22 10:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 04:51 - 2014-11-22 10:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 04:51 - 2014-11-22 10:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 04:51 - 2014-11-22 10:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 04:51 - 2014-11-22 10:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 04:51 - 2014-11-22 10:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 04:51 - 2014-11-22 10:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 04:51 - 2014-11-22 10:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-11 04:51 - 2014-11-22 10:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 04:51 - 2014-11-22 10:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 04:51 - 2014-11-22 10:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 04:51 - 2014-11-22 10:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 04:51 - 2014-11-22 10:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 04:51 - 2014-11-22 10:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 04:51 - 2014-11-22 10:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 04:51 - 2014-11-22 10:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 04:51 - 2014-11-22 10:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 04:51 - 2014-11-22 10:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 04:51 - 2014-11-22 10:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 04:51 - 2014-11-22 10:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 04:51 - 2014-11-22 10:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 04:51 - 2014-11-22 10:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 04:51 - 2014-11-22 10:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 04:51 - 2014-11-22 09:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 04:51 - 2014-11-22 09:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 04:51 - 2014-11-22 09:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 04:51 - 2014-11-22 09:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 04:51 - 2014-11-22 09:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 04:51 - 2014-11-22 09:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 04:51 - 2014-11-22 09:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 04:51 - 2014-11-22 09:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 04:51 - 2014-11-22 09:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 04:51 - 2014-11-22 09:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 04:51 - 2014-11-22 09:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 04:51 - 2014-11-22 09:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 04:51 - 2014-11-22 09:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 04:51 - 2014-11-22 09:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 04:51 - 2014-11-22 09:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 04:51 - 2014-11-22 09:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 04:51 - 2014-11-22 09:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 04:51 - 2014-11-22 09:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 04:51 - 2014-11-22 09:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 04:51 - 2014-11-22 09:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 04:51 - 2014-11-22 09:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 04:51 - 2014-11-22 09:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 04:51 - 2014-11-22 09:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 04:51 - 2014-11-22 09:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 04:51 - 2014-11-22 08:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 04:51 - 2014-11-22 08:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 04:51 - 2014-11-11 11:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 04:51 - 2014-11-11 10:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 04:51 - 2014-11-11 09:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 04:50 - 2014-11-22 11:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 04:50 - 2014-11-22 10:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 04:50 - 2014-11-22 10:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 04:46 - 2014-11-08 11:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 04:46 - 2014-11-08 10:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 04:46 - 2014-10-30 10:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 04:46 - 2014-10-30 09:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 04:46 - 2014-10-03 10:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 04:46 - 2014-10-03 10:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 04:46 - 2014-10-03 10:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 04:46 - 2014-10-03 10:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 04:46 - 2014-10-03 10:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 04:46 - 2014-10-03 09:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 04:46 - 2014-10-03 09:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 04:46 - 2014-10-03 09:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 04:46 - 2014-10-03 09:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 04:46 - 2014-10-03 09:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-08 20:48 - 2014-12-13 09:20 - 00063481 _____ () C:\Users\YaoTheHong\Desktop\Journal - Bull Put Spread.xlsx
2014-12-08 20:48 - 2014-12-13 09:14 - 00037095 _____ () C:\Users\YaoTheHong\Desktop\Journal - Bear Call Spread.xlsx
2014-12-07 21:02 - 2014-12-07 21:02 - 01172663 _____ () C:\Users\YaoTheHong\Desktop\POPO.pptx
2014-12-05 00:16 - 2014-12-05 00:17 - 00022248 _____ () C:\Users\YaoTheHong\Desktop\Addition.txt
2014-12-05 00:15 - 2014-12-14 10:54 - 00025219 _____ () C:\Users\YaoTheHong\Desktop\FRST.txt
2014-12-05 00:04 - 2014-12-14 10:54 - 00000000 ____D () C:\Users\YaoTheHong\Desktop\FRST-OlderVersion
2014-12-03 22:46 - 2014-12-03 22:52 - 00021477 _____ () C:\Users\YaoTheHong\Downloads\Addition.txt
2014-12-03 22:44 - 2014-12-03 22:46 - 00044765 _____ () C:\Users\YaoTheHong\Downloads\FRST.txt
2014-12-03 22:43 - 2014-12-14 10:54 - 00000000 ____D () C:\FRST
2014-12-03 22:42 - 2014-12-14 10:54 - 02119168 _____ (Farbar) C:\Users\YaoTheHong\Desktop\FRST64.exe
2014-12-02 23:22 - 2014-12-02 23:22 - 00000000 ____D () C:\Windows\ERUNT
2014-12-02 23:11 - 2014-12-02 23:16 - 00000000 ____D () C:\AdwCleaner
2014-12-02 22:51 - 2014-12-02 22:51 - 00000000 ____D () C:\_OTL
2014-12-02 03:02 - 2014-12-02 03:02 - 02154496 _____ () C:\Users\YaoTheHong\Downloads\adwcleaner_4.103.exe
2014-12-02 03:02 - 2014-12-02 03:02 - 01707646 _____ (Thisisu) C:\Users\YaoTheHong\Downloads\JRT.exe
2014-11-26 12:40 - 2014-12-01 01:14 - 00096062 _____ () C:\Users\YaoTheHong\Downloads\Extras.Txt
2014-11-26 01:38 - 2014-12-01 01:10 - 00158658 _____ () C:\Users\YaoTheHong\Downloads\OTL.Txt
2014-11-26 01:18 - 2014-11-26 01:18 - 00013634 _____ () C:\Windows\DPINST.LOG
2014-11-26 01:17 - 2014-11-26 01:17 - 00000000 ____D () C:\Program Files\Western Digital
2014-11-26 01:11 - 2014-11-26 01:11 - 00602112 _____ (OldTimer Tools) C:\Users\YaoTheHong\Downloads\OTL.com
2014-11-22 23:19 - 2014-12-14 10:24 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-11-22 23:18 - 2014-12-12 13:16 - 00477968 _____ () C:\Windows\PFRO.log
2014-11-22 02:11 - 2014-12-14 10:23 - 00536008 _____ () C:\Windows\setupact.log
2014-11-22 02:11 - 2014-11-22 02:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-20 01:24 - 2014-11-11 11:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-20 01:24 - 2014-11-11 11:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-20 01:24 - 2014-11-11 10:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-20 01:24 - 2014-11-11 10:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
2014-11-15 00:06 - 2014-10-14 10:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-15 00:06 - 2014-10-14 10:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-15 00:06 - 2014-10-14 10:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-15 00:06 - 2014-10-14 10:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-15 00:06 - 2014-10-14 10:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-15 00:06 - 2014-10-14 09:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-15 00:06 - 2014-10-14 09:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-15 00:06 - 2014-10-14 09:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-15 00:06 - 2014-10-14 09:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-15 00:01 - 2014-10-03 10:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-15 00:01 - 2014-10-03 10:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-15 00:01 - 2014-10-03 10:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-15 00:01 - 2014-10-03 10:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-15 00:01 - 2014-10-03 10:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-15 00:01 - 2014-10-03 09:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-15 00:01 - 2014-10-03 09:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-15 00:01 - 2014-10-03 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-15 00:01 - 2014-09-19 17:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-15 00:01 - 2014-09-19 17:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-15 00:01 - 2014-09-19 17:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-15 00:01 - 2014-09-19 17:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-15 00:01 - 2014-08-21 14:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-15 00:01 - 2014-08-21 14:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-15 00:01 - 2014-08-21 14:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-15 00:01 - 2014-08-21 14:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-15 00:01 - 2014-08-12 10:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-15 00:01 - 2014-08-12 09:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-15 00:00 - 2014-10-25 09:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-15 00:00 - 2014-10-25 09:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-15 00:00 - 2014-10-14 10:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-15 00:00 - 2014-10-14 09:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-15 00:00 - 2014-10-10 08:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-15 00:00 - 2014-09-19 17:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-15 00:00 - 2014-09-19 17:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-15 00:00 - 2014-09-19 17:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-15 00:00 - 2014-09-19 17:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-15 00:00 - 2014-09-19 17:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-15 00:00 - 2014-09-19 17:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-15 00:00 - 2014-09-19 17:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-15 00:00 - 2014-09-19 17:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-14 23:59 - 2014-10-18 10:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-14 23:59 - 2014-10-18 09:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-14 10:50 - 2009-07-14 13:13 - 00782720 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-14 10:39 - 2011-02-10 18:54 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001UA.job
2014-12-14 10:37 - 2013-01-30 22:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-14 10:34 - 2012-04-02 09:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-14 10:32 - 2009-07-14 12:45 - 00026784 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 10:32 - 2009-07-14 12:45 - 00026784 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 10:23 - 2013-04-02 13:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-14 10:23 - 2013-01-30 22:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-14 10:23 - 2011-01-18 03:49 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-12-14 10:23 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-14 01:27 - 2014-08-18 12:42 - 01293888 _____ () C:\Windows\WindowsUpdate.log
2014-12-13 19:39 - 2013-06-29 02:07 - 00127768 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2014-12-13 18:45 - 2013-11-09 17:05 - 00000000 ____D () C:\Users\Ajnim\AppData\Roaming\Panda Security
2014-12-13 18:45 - 2009-07-14 12:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-12-12 18:57 - 2009-07-14 12:45 - 00510824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-12 13:29 - 2013-04-04 03:16 - 00127768 _____ () C:\Users\YaoTheHong\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-12 11:20 - 2014-11-05 00:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\QuickScan
2014-12-11 22:40 - 2013-04-02 13:10 - 00000000 ____D () C:\Users\YaoTheHong
2014-12-11 22:39 - 2011-02-10 18:54 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3057907370-1423405045-2432694329-1001Core.job
2014-12-11 20:41 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 11:08 - 2014-05-07 02:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 11:08 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 11:08 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 05:38 - 2011-05-01 00:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 05:35 - 2013-10-24 17:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 05:34 - 2012-04-02 09:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 05:34 - 2011-05-17 19:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 05:29 - 2012-05-10 20:05 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 10:56 - 2011-11-29 15:37 - 00000000 ____D () C:\Users\YaoTheHong\AppData\Roaming\DAEMON Tools Lite
2014-12-08 22:15 - 2013-05-05 10:46 - 00008704 _____ () C:\Users\YaoTheHong\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-07 20:27 - 2014-10-06 23:59 - 00000000 ____D () C:\Users\YaoTheHong\Desktop\POPO Photos
2014-12-05 00:02 - 2009-07-14 13:08 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-02 23:34 - 2013-04-02 14:27 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-12-02 23:34 - 2013-04-02 14:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-12-02 23:16 - 2013-04-02 13:10 - 00000000 ____D () C:\Users\admin
2014-12-02 23:06 - 2011-01-18 04:03 - 00000000 ____D () C:\ProgramData\Sonic
2014-12-02 22:47 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-01 01:37 - 2011-01-24 03:31 - 00000000 ____D () C:\Users\YaoTheHong\AppData\Roaming\vlc
2014-12-01 00:52 - 2012-04-22 02:30 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Panda Security
2014-11-26 01:19 - 2014-08-15 00:59 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-26 01:17 - 2014-08-13 01:14 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-11-26 01:17 - 2014-08-13 01:13 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-11-26 01:17 - 2014-08-13 01:11 - 00000000 ____D () C:\ProgramData\Western Digital
2014-11-24 14:04 - 2010-11-21 11:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-22 23:16 - 2012-05-15 02:48 - 00000000 ____D () C:\Windows\ShellNew
2014-11-15 00:34 - 2011-01-22 16:18 - 00000000 ____D () C:\Users\YaoTheHong\AppData\Roaming\Mozilla
 
Files to move or delete:
====================
C:\Windows\Tasks\{0CEE3137-39DA-43A0-8CF7-8501435DD651}.job
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.
 
==================== End Of Log ============================

  • 0

#30
zep516
Posted 13 December 2014 - 09:07 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Thanks,

Let me take a look and get back to you....

Joe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: malware, virus, slow, windows 7

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP