Additional scan result of Farbar Recovery Scan Tool (x86) Version:9-08-2014 Ran by Hockyan at 2014-08-08 09:11:47 Running from C:\Users\Hockyan\Downloads\Programs Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C} AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Adobe® Photoshop® Album Starter Edition 3.0 (HKLM\...\{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}) (Version: 3.00.000 - Adobe Systems, Inc.) Any Video Converter 5.5.8 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) AutoCAD 2009 - English (HKLM\...\AutoCAD 2009 - English) (Version: 17.2.56.0 - Autodesk) AutoCAD 2009 - English (Version: 17.2.56.0 - Autodesk) Hidden avast! Free Antivirus (HKLM\...\avast) (Version: 8.0.1489.0 - AVAST Software) Canon LBP3010/LBP3018/LBP3050 (HKLM\...\Canon LBP3010/LBP3018/LBP3050) (Version: - ) DesignSpark PCB (Version: 4.0 - RS Components) Hidden DesignSpark PCB 5.1 (Version: 5.1 - RS Components) Hidden DesignSpark PCB Version 4.0 (HKLM\...\InstallShield_{D50400AA-D25A-463B-98BF-E09585325711}) (Version: 4.0 - RS Components) DesignSpark PCB Version 5.1 (HKLM\...\InstallShield_{D50510AA-D25A-463B-98BF-E09585325711}) (Version: 5.1 - RS Components) Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) EaseUS Partition Master 9.1.1 Home Edition (HKLM\...\EaseUS Partition Master Home Edition_is1) (Version: - EaseUS) Entity Framework Designer for Visual Studio 2012 - enu (HKLM\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation) Evernote v. 4.6.2 (HKLM\...\{DCA963D4-6AA2-11E2-80AA-984BE15F174E}) (Version: 4.6.2.7927 - Evernote Corp.) Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden HandBrake 0.9.9.1 (HKLM\...\HandBrake) (Version: 0.9.9.1 - ) Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.) Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle) Java(TM) SE Development Kit 6 Update 20 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160200}) (Version: 1.6.0.200 - Sun Microsystems, Inc.) JMP 10 (HKLM\...\{188BB63B-35C8-47EE-AEBF-5EA826CAA74D}) (Version: 10.0 - SAS Institute Inc.) JMP Profiler Core (HKLM\...\{38A15D11-05F8-4ECE-AC47-A85DC6FFA197}) (Version: 1.10.0 - SAS Institute Inc.) JMP Profiler GUI (HKLM\...\{EC0782E1-D80F-44A3-A181-C1170B279993}) (Version: 1.10.0 - SAS Institute Inc.) K-Lite Codec Pack 9.3.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.3.0 - ) MATLAB R2010b (HKLM\...\MatlabR2010b) (Version: 7.11 - The MathWorks, Inc.) Maxis Broadband Hostless Modem (HKLM\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation) Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Help Viewer 2.0 (HKLM\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation) Microsoft Help Viewer 2.0 (Version: 2.0.50727 - Microsoft Corporation) Hidden Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop (Version: 2.0.30717.9005 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{D9DA2981-3298-4F1A-9192-F2CF5BD91145}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{79B49428-E9B0-4479-A0FA-3EFF8AFA9F07}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{CD920828-2B95-49A4-8BFD-1D34BCBF5A27}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 32bit Compilers - ENU Resources (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 Core Libraries (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86-x64 Compilers (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual Studio 2012 Preparation (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual Studio 2012 Shell (Minimum) (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual Studio 2012 Shell (Minimum) Resources (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU (Version: 4.0.8876.1 - Microsoft Corporation) Hidden Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation) Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual Studio Express 2012 for Windows Desktop (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1 - Nokia) Hidden mikroC PRO for PIC (remove only) (HKLM\...\mikroC PRO for PIC) (Version: - mikroElektronika) mikroProg Suite For PIC (remove only) (HKLM\...\mikroProg Suite For PIC) (Version: - mikroElektronika) Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team) NVIDIA PhysX (HKLM\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation) Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC) Prerequisites for SSDT (HKLM\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation) Real Alternative 2.0.2 (HKLM\...\RealAlt_is1) (Version: 2.0.2 - ) Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2300.0 - SAMSUNG Electronics Co., Ltd.) SanDisk SSD Toolkit 1.0.0.1 (HKLM\...\{26326B5B-3D62-4C12-8841-6B55A19B552D}_is1) (Version: 1.0.0.1 - SanDisk Corporation) Steam (HKLM\...\Steam) (Version: - Valve Corporation) The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.5.0.77 - KMP Media co., Ltd) Update for (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) USB PC Camera Plus (HKLM\...\{ECD03DA7-5952-406A-8156-5F0C93618D1F}) (Version: 5.21.5000.0 - Sonix) VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN) Windows 7 Codec Pack 4.0.9 (HKLM\...\Windows 7 - Codec Pack) (Version: 4.0.9 - Windows 7 Codec Pack) Windows Software Development Kit (Version: 8.59.25584 - Microsoft Corporation) Hidden Windows Software Development Kit DirectX x86 Remote (Version: 8.59.25584 - Microsoft Corporation) Hidden Windows Software Development Kit for Windows Store Apps (Version: 8.59.25584 - Microsoft Corporation) Hidden Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (Version: 8.59.25584 - Microsoft Corporation) Hidden Wise Registry Cleaner 8.22 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.22 - WiseCleaner.com, Inc.) 迅雷7 (HKLM\...\thunder_is1) (Version: - 迅雷网络技术有限公司) 迅雷精简版 (HKLM\...\thunder_minixl) (Version: - 迅雷网络技术有限公司) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3753791552-3052234-1925086197-1001_Classes\CLSID\{28B7AA99-C0F9-4C47-995E-8A8D729603A1}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3753791552-3052234-1925086197-1001_Classes\CLSID\{2F1F7574-ECCA-4361-B4DE-C411BF7EEE23}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3753791552-3052234-1925086197-1001_Classes\CLSID\{6AB55F46-2523-4701-A912-B226F46252BA}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3753791552-3052234-1925086197-1001_Classes\CLSID\{6e01d326-5023-5b64-abfb-aed584fcb8e8}\InprocServer32 -> C:\Users\Hockyan\AppData\Roaming\XMusicUpdate\npsharetingplugin.dll No File CustomCLSID: HKU\S-1-5-21-3753791552-3052234-1925086197-1001_Classes\CLSID\{7AABBB95-79BE-4C0F-8024-EB6AF271231C}\localserver32 -> C:\Program Files\AutoCAD 2009\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3753791552-3052234-1925086197-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\AutoCAD 2009\acadficn.dll (Autodesk, Inc.) ==================== Restore Points ========================= 20-07-2014 02:49:04 Scheduled Checkpoint 27-07-2014 02:47:20 Removed Apple Software Update 27-07-2014 02:48:01 Removed Bonjour 27-07-2014 02:48:31 Removed PC Connectivity Solution 27-07-2014 02:48:53 Removed Nokia Connectivity Cable Driver 27-07-2014 02:49:47 Removed Apple Application Support 27-07-2014 02:50:28 Removed Apple Mobile Device Support 27-07-2014 02:50:46 Removed QuickTime 7 27-07-2014 02:51:22 Removed iTunes 27-07-2014 14:54:08 Installed Java 7 Update 65 07-08-2014 12:22:50 Installed Java 7 Update 67 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {38C1198A-6C10-4ADB-9835-D63458890CEA} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3753791552-3052234-1925086197-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Task: {3CA05A6A-0885-42A2-8817-C0062E4BC5C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-02] (Google Inc.) Task: {4B574155-A585-4A49-ABA4-90486E421D65} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3753791552-3052234-1925086197-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {4DD41031-E7F7-4C25-9C90-2F9503F70260} - \AutoKMS No Task File <==== ATTENTION Task: {4F1FB7FC-1DC2-4B6C-A931-774ABE2E2B86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-12] (Adobe Systems Incorporated) Task: {62B7DECA-4E76-4B9C-AC4D-B50C3108583D} - System32\Tasks\gg_uac_daemon_Hockyan => C:\Program Files\Garena Plus\ggdllhost.exe [2013-07-10] () Task: {71BD306A-3617-425B-A567-55E865BC6C5E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3753791552-3052234-1925086197-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {7ED3FC89-601D-43DE-B1F2-D6E09904EFF5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-02] (Google Inc.) Task: {83B69B9E-475E-4C32-AED6-E18603BA796D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {8A52234C-9E34-45E2-83BB-CFBC90B7DE4E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3753791552-3052234-1925086197-1001 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe Task: {C339432C-1F54-4607-8F18-8C55697FAFF5} - \AutoKMSDaily No Task File <==== ATTENTION Task: {DBAFDB02-EF8D-4DE8-89F9-2BEDA1E464CF} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3753791552-3052234-1925086197-1001 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-08 06:57 - 2014-08-09 02:10 - 02822144 _____ () C:\Program Files\AVAST Software\Avast\defs\14080801\algo.dll 2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2013-07-11 20:24 - 2013-07-10 19:54 - 00049456 _____ () C:\Program Files\Garena Plus\ggdllhost.exe 2012-08-03 16:40 - 2013-08-23 17:10 - 00553776 _____ () C:\Program Files\Garena Plus\ggspawn.dll 2014-07-19 14:37 - 2014-07-15 17:24 - 00718664 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\libglesv2.dll 2014-07-19 14:37 - 2014-07-15 17:24 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\libegl.dll 2014-07-19 14:37 - 2014-07-15 17:24 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll 2014-07-19 14:37 - 2014-07-15 17:24 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll 2014-07-19 14:37 - 2014-07-15 17:24 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll 2012-06-18 23:24 - 2012-06-18 23:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: Autodesk Licensing Service => 3 MSCONFIG\Services: BaiduUpdater => 3 MSCONFIG\Services: BDSGRTP => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: rpcapd => 3 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: XMusicServer => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk => C:\Windows\pss\CodecPackUpdateChecker.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Hockyan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup MSCONFIG\startupfolder: C:^Users^Hockyan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^千千静听(百度音乐版).lnk => C:\Windows\pss\千千静听(百度音乐版).lnk.Startup MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CancelAutoPlay_df => "C:\Program Files\Hostless Modem\Maxis Broadband\CancelAutoPlay_df.exe" run MSCONFIG\startupreg: CheckNDISPortF0acE1 => C:\Program Files\Hostless Modem\Maxis Broadband\CheckNDISPort_df.exe MSCONFIG\startupreg: CNAP2 Launcher => C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun MSCONFIG\startupreg: GarenaMessenger => "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch MSCONFIG\startupreg: GarenaPlus => "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch MSCONFIG\startupreg: iDevice Manager Launcher => "C:\Program Files\Software4u\iDevice Manager\Software4u.IDMLauncher.exe" /run MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: ManyCam => "C:\Program Files\ManyCam\Bin\ManyCam.exe" /silent MSCONFIG\startupreg: MouseDriver => TiltWheelMouse.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe MSCONFIG\startupreg: snpstd3 => C:\Windows\vsnpstd3.exe MSCONFIG\startupreg: tsnpstd3 => C:\Windows\tsnpstd3.exe MSCONFIG\startupreg: XMusic => C:\Program Files\Xiami\XMusic\XMusic.exe -autorun ==================== Faulty Device Manager Devices ============= Name: bd0001 Description: bd0001 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: bd0001 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: bd0004 Description: bd0004 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: bd0004 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) Description: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/08/2014 08:57:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/08/2014 08:17:39 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/08/2014 07:46:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/08/2014 07:17:54 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/08/2014 06:57:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/08/2014 04:18:39 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/07/2014 11:17:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/07/2014 08:01:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/06/2014 09:53:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/05/2014 08:15:18 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/05/2014 08:39:02 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR3. Error: (08/05/2014 08:39:01 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR3. Error: (08/05/2014 08:39:01 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR3. Error: (08/05/2014 08:39:00 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR3. Error: (08/05/2014 08:39:00 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR3. Error: (08/05/2014 08:32:18 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (08/05/2014 08:32:17 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (08/05/2014 08:32:16 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (08/04/2014 08:39:12 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR4. Error: (08/04/2014 08:39:11 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR4. Microsoft Office Sessions: ========================= Error: (08/08/2014 08:57:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/08/2014 08:17:39 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/08/2014 07:46:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/08/2014 07:17:54 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/08/2014 06:57:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/08/2014 04:18:39 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/07/2014 11:17:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/07/2014 08:01:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/06/2014 09:53:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/05/2014 08:15:18 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 52% Total physical RAM: 2046.49 MB Available physical RAM: 980.66 MB Total Pagefile: 4092.98 MB Available Pagefile: 2842.18 MB Total Virtual: 2047.88 MB Available Virtual: 1868.8 MB ==================== Drives ================================ Drive c: (SSD) (Fixed) (Total:111.69 GB) (Free:27.69 GB) NTFS Drive f: (DATA) (Fixed) (Total:100.71 GB) (Free:61.59 GB) NTFS Drive g: (Ubuntu_OS) (Fixed) (Total:48.34 GB) (Free:44.32 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 592D384E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: F04E0AD4) Partition 1: (Not Active) - (Size=101 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=48 GB) - (Type=07 NTFS) ==================== End Of Log ============================