Solved UpdateFlashPlaye_random numbers and letters virus

Code: 
C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\zepplauncher.mif
http://virusscan.jotti.org/en-gb/scanresult/327ef41ba3199a4b0ead193dbe079a0529d036e9

The RSA64 folder has two folders inside, namely "MachineKeys" and "Temp". Since the infected tmp6086.exe file was located in "Temp", I try to scan those files in it. However, all of them are .tmp files and have size 0kb. I cannot scan them.

In the "MachineKeys" folder, there is only one file, which is the one I scanned and post above.
 
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.
Link 1
Link 2
Link 3
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
  • Close any open windows and double click ComboFix.exe to run it.
    You will see the following image:
NSIS_disclaimer_ENG.png

Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
NSIS_extraction.png

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
RcAuto1.gif

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png

Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
 
When it tries to scan the system. after it remind me the process will take less than 10 min, it says access denied.
 
Ok. Please delete ComboFix from your desktop and download this one. Please note that you will need to rename the file.
Please download ComboFix from BleepingComputer.com
Alternate link: GeeksToGo.com
Alternate link: Forospyware.com
If you are using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools ]A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Query_RC.gif

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC_successful.gif

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
 
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
 
RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rachel [Admin rights]
Mode : Scan -- Date : 07/22/2014 12:01:16

¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] explorer.exe -- C:\Users\Rachel\AppData\Roaming\115\Box\Sync115Ext64.dll[7] -> UNLOADED

¤¤¤ Registry Entries : 14 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 218.102.32.134 219.76.98.66 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 218.102.32.134 219.76.98.66 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 218.102.32.134 219.76.98.66 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AE90874A-C851-4864-9C4D-3EBC134868C5} | DhcpNameServer : 218.102.32.134 219.76.98.66 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AE90874A-C851-4864-9C4D-3EBC134868C5} | DhcpNameServer : 218.102.32.134 219.76.98.66 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{AE90874A-C851-4864-9C4D-3EBC134868C5} | DhcpNameServer : 218.102.32.134 219.76.98.66 -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-643212585-2591526618-1564776100-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0 -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-643212585-2591526618-1564776100-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-643212585-2591526618-1564776100-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-643212585-2591526618-1564776100-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] \\Razer_Game_Booster_AutoUpdate -- C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe (/AUTORUN) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3320418AS +++++
--- User ---
[MBR] 5c16bb98319e753a73e64c5c587e6246
[BSP] f3f6eb90eb3955241edbbc61cf11a1fd : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 112640 | Size: 8418 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 17352704 | Size: 296771 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_07222014_112229.log
 
Dave asked me to take a look here...

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
Thank you very much, Dave.
Hi, Broni.

Here's the frst log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Rachel (administrator) on RACHEL-PC on 29-07-2014 10:02:05
Running from C:\Users\Rachel\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: 中文 (繁體,香港特別行政區)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(深圳市迅雷网络技术有限公司) C:\Users\Public\Thunder Network\KKVideo\Core\Program\KKV.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Akamai Technologies, Inc.) C:\Users\Rachel\AppData\Local\Akamai\netsession_win.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Akamai Technologies, Inc.) C:\Users\Rachel\AppData\Local\Akamai\netsession_win.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-06] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2005-05-23] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-16] (AVAST Software)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-07-18] (Comodo Security Solutions, Inc.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165184 2010-02-11] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-643212585-2591526618-1564776100-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Rachel\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-643212585-2591526618-1564776100-1001\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-643212585-2591526618-1564776100-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-643212585-2591526618-1564776100-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-04-18] (Samsung Electronics)
HKU\S-1-5-21-643212585-2591526618-1564776100-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-643212585-2591526618-1564776100-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-643212585-2591526618-1564776100-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-643212585-2591526618-1564776100-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
ShellIconOverlayIdentifiers: !IconOverlay_Conflict -> {486C8576-C2C5-42AD-87C6-5E9681633935} => C:\Users\Rachel\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: !IconOverlay_ForbidSync -> {683617F1-0DD4-4B24-B87F-73CE23B8440C} => C:\Users\Rachel\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: !IconOverlay_LargeFile -> {6B3CB227-0A30-418E-A673-FF1F142D9327} => C:\Users\Rachel\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: !IconOverlay_Synced -> {B2AF7140-40A1-449E-82B9-2C0876C97AF4} => C:\Users\Rachel\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: !IconOverlay_Syncing -> {F3E9E0C3-F30E-4EB1-9926-A5DA9DC2F68D} => C:\Users\Rachel\AppData\Roaming\115\Box\Sync115Ext64.dll (广东雨林木风计算机科技有限公司)
ShellIconOverlayIdentifiers: .XLKKDesktopIcon -> {4DB0021B-1EC2-4C31-BD79-FEA2892EEB43} => C:\Users\Public\Thunder Network\KKVideo\Addins\KKVIconHandler64.dll (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 115ErrorOverlayIcon -> {361F6990-0582-4B1B-88D1-294640A2AB65} => C:\Program Files (x86)\115\115com\Shell_x64.dll (广东一一五科技有限公司)
ShellIconOverlayIdentifiers: 115ProcessOverlayIcon -> {52F2EEDF-65F7-4685-8C30-10F56E1080E6} => C:\Program Files (x86)\115\115com\Shell_x64.dll (广东一一五科技有限公司)
ShellIconOverlayIdentifiers: 115SucceedOverlayIcon -> {E6DDA755-8C6C-4D06-8765-FEA0DC7F2660} => C:\Program Files (x86)\115\115com\Shell_x64.dll (广东一一五科技有限公司)
ShellIconOverlayIdentifiers-x32: AAADesktopTips -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(292).dll (深圳市迅雷网络技术有限公司)
GroupPolicyUsers\S-1-5-21-643212585-2591526618-1564776100-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: 捃濘狟婥盓厥 -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO647.9.24.4804.dll (深圳市迅雷网络技术有限公司)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> No File
BHO-x32: WebDetectorBHO Class -> {43BEAFD9-E005-483D-A367-146BA6C8A32E} -> C:\Program Files (x86)\Tudou\滄厒Tudou\tudouDetector.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: 捃濘狟婥盓厥郪璃 -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll (深圳市迅雷网络技术有限公司)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AE90874A-C851-4864-9C4D-3EBC134868C5}: [NameServer]156.154.70.25,156.154.71.25

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @115.com/CheckPluginEx - C:\Program Files (x86)\115\115com\np_115download_plugin.dll (115.COM Inc.)
FF Plugin-x32: @baidu.com/npxbdsetup - C:\Windows\Downloaded Program Files\4611046\npxbdsetup.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pptv.com/plugin - C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @xunlei.com/DapCtrl - C:\Program Files (x86)\Common Files\Thunder Network\KanKan\npDapCtrl.3.1.0.7.(296).dll (ShenZhen Thunder Networking Technologies Ltd.)
FF Plugin-x32: @xunlei.com/npxluser - C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 - C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @alibaba.com/npAliSSOLogin;version=1.0 - C:\Program Files (x86)\AliWangWang\8.00.34C\npAliSSOLogin.dll (ÌÔ±¦£¨Öйú£©Èí¼þÓÐÏÞ¹«Ë¾)
FF Plugin HKCU: @alibaba.com/npwangwang;version=1.0 - C:\Program Files (x86)\AliWangWang\8.00.34C\npwangwang.dll ( )
FF Plugin HKCU: @xunlei.com/npxluser - C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll No File
FF Plugin HKCU: @xunlei.com/npxunlei;version=1.0.0.2 - C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll ( )
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-16]

Chrome:
=======
CHR HomePage:
CHR StartupUrls: "https://www.google.com.hk/?gfe_rd=cr&ei=8vy9U-gyi4vxB4akgYgL"
CHR DefaultSearchKeyword: google.com.hk
CHR Plugin: (Shockwave Flash) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll ()
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (115 Check Plugin Ex) - C:\Program Files (x86)\115\115com\np_115download_plugin.dll (115.COM Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AliSSOLogin plugin) - C:\Program Files (x86)\AliWangWang\7.21.18C\npAliSSOLogin.dll (ÌÔ±¦£¨Öйú£©Èí¼þÓÐÏÞ¹«Ë¾)
CHR Plugin: (AliWangWang Plug-In For Firefox and Netscape) - C:\Program Files (x86)\AliWangWang\7.21.18C\npwangwang.dll ( )
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (PPLive PPTV Plugin) - C:\Program Files (x86)\Internet Explorer\PPLite\plugin\npplugin2.dll (PPLive Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.600.19) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U60) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (BaiduSetUp Plugin) - C:\Windows\Downloaded Program Files\4611046\npxbdsetup.dll ()
CHR Extension: (Google 文件) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-28]
CHR Extension: (Google 雲端硬碟) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-28]
CHR Extension: (WOT) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-07-11]
CHR Extension: (YouTube) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-28]
CHR Extension: (Google 搜尋) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-28]
CHR Extension: (Thunder Download Extension for Chrome) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncennffkjdiamlpmcbajkmaiiiddgioo [2014-07-20]
CHR Extension: (Google é›»åéŒ¢åŒ…) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-09]
CHR Extension: (Unblock Youku) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnfnkhpgegpcingjbfihlkjeighnddk [2014-07-10]
CHR Extension: (Gmail) - C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-28]
CHR HKLM-x32\...\Chrome\Extension: [dpphgmdbhahgadoggfojpaljepicgfpd] - C:\Users\Rachel\AppData\Roaming\DBankPlugin\DBankPluginChrome.crx [2014-06-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-07-18] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-07-18] (Comodo Security Solutions, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5203984 2014-03-17] (INCA Internet Co., Ltd.)
R2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [174024 2014-07-18] (ShenZhen Xunlei Networking Technologies,LTD)
R2 SDDUpdate; C:\Windows\system32\config\systemprofile\AppData\Roaming\SNDA\SDUpdate\SDDUpdateSvc.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-16] ()
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2013-05-07] (Windows (R) Win 7 DDK provider) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-01-31] (DT Soft Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
S3 HaozipVirtualCDBus; C:\Windows\System32\DRIVERS\HaoZipVirtualCDBus.sys [204888 2012-07-24] (Shanghai RuiChuang)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2013-10-07] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-06-15] (Duplex Secure Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
S3 VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [198400 2009-01-09] (Vimicro Corporation) [File not signed]
S3 vvftUVC; C:\Windows\System32\drivers\vvftUVC.sys [303616 2008-07-01] (Vimicro Corporation) [File not signed]
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
R2 YLMFVDISK; C:\Windows\System32\drivers\VirtDisk64.sys [23896 2011-12-09] ()
S3 cpuz134; \??\C:\Users\Rachel\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-29 09:43 - 2014-07-29 09:44 - 00039067 _____ () C:\Users\Rachel\Desktop\Addition.txt
2014-07-29 09:42 - 2014-07-29 10:02 - 00023447 _____ () C:\Users\Rachel\Desktop\FRST.txt
2014-07-29 09:42 - 2014-07-29 10:02 - 00000000 ____D () C:\FRST
2014-07-29 09:41 - 2014-07-29 09:41 - 02093568 _____ (Farbar) C:\Users\Rachel\Desktop\FRST64.exe
2014-07-28 19:49 - 2014-07-28 19:49 - 28015450 _____ () C:\Users\Rachel\Downloads\montage_final_1.wmv
2014-07-28 18:59 - 2014-07-28 18:59 - 00061777 _____ () C:\Users\Rachel\Downloads\montage_final_1.wlmp
2014-07-28 10:45 - 2014-07-28 10:48 - 00000000 ___SD () C:\commy
2014-07-28 10:12 - 2014-07-28 10:12 - 05379160 _____ () C:\Users\Rachel\Desktop\winlogon.exe.exe
2014-07-26 00:34 - 2014-07-26 00:34 - 00246784 _____ () C:\Users\Rachel\Desktop\260714.ppt
2014-07-22 12:04 - 2014-07-22 12:04 - 00003980 _____ () C:\Users\Rachel\Desktop\RKreport_SCN_07222014_120116.log
2014-07-22 11:16 - 2014-07-28 10:12 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-22 11:16 - 2014-07-22 11:16 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-22 09:56 - 2014-07-22 11:08 - 00000000 ____D () C:\Users\Rachel\Desktop\RK_Quarantine
2014-07-20 22:30 - 2014-07-20 22:30 - 00003458 _____ () C:\Users\Rachel\Downloads\1010.mid
2014-07-20 21:37 - 2014-07-28 10:42 - 05563277 ____R (Swearware) C:\Users\Rachel\Desktop\commy.exe
2014-07-19 21:57 - 2014-01-07 20:50 - 00104360 _____ () C:\Users\Rachel\Desktop\Sherlock.S02E01.RERIP.1080p.BluRay.x264-RRH.English.srt
2014-07-19 21:57 - 2014-01-07 20:50 - 00099603 _____ () C:\Users\Rachel\Desktop\Sherlock.S02E02.1080p.Bluray.x264-RRH.English.srt
2014-07-19 21:57 - 2014-01-07 20:50 - 00098402 _____ () C:\Users\Rachel\Desktop\Sherlock.S02E03.1080p.BluRay.x264-SHORTBREHD.English.srt
2014-07-19 08:52 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-19 08:52 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-19 08:52 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-19 08:52 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-19 08:52 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-19 08:52 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-19 08:52 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-19 08:52 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-19 08:50 - 2014-07-19 08:52 - 00000000 ____D () C:\Qoobox
2014-07-19 08:49 - 2014-07-19 08:49 - 00000000 ____D () C:\Windows\erdnt
2014-07-18 23:19 - 2014-07-18 23:19 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\MPC-HC
2014-07-18 20:27 - 2014-07-18 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
2014-07-18 20:26 - 2014-07-18 20:26 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\Macromedia
2014-07-18 19:56 - 2014-07-18 19:57 - 2607703360 _____ () C:\Users\Rachel\Downloads\TeniPuri Festa 2013 disc1.mp4
2014-07-18 19:53 - 2014-07-18 19:53 - 00000857 _____ () C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-07-17 10:09 - 2014-07-18 23:34 - 00002015 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2014-07-16 22:21 - 2014-07-16 22:21 - 00688992 ____R (Swearware) C:\Users\Rachel\Downloads\dds.com
2014-07-16 17:19 - 2014-07-16 17:19 - 00000000 _____ () C:\Windows\system32\ExtraInfo.txt.tmp
2014-07-16 17:09 - 2014-07-16 17:09 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\AVAST Software
2014-07-16 17:08 - 2014-07-29 09:32 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-16 17:08 - 2014-07-16 17:08 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-16 17:08 - 2014-07-16 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-16 17:07 - 2014-07-16 17:08 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-16 17:07 - 2014-07-16 17:07 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-16 17:07 - 2014-07-16 17:07 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-16 17:06 - 2014-07-16 17:06 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-16 17:04 - 2014-07-16 17:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-16 17:01 - 2014-07-16 17:03 - 91906368 _____ (AVAST Software) C:\Users\Rachel\Downloads\avast_free_antivirus_setup.exe
2014-07-16 16:17 - 2014-07-16 16:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-16 16:14 - 2014-07-16 16:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rachel\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-16 15:20 - 2014-07-16 15:21 - 06762112 _____ (ParetoLogic, Inc.) C:\Users\Rachel\Downloads\RegCureProSetup.exe
2014-07-16 15:09 - 2014-07-16 15:09 - 02060288 _____ () C:\Users\Guest\ntuser.rhk
2014-07-16 15:09 - 2014-07-16 15:09 - 01437696 _____ () C:\Users\Rachel2\ntuser.rhk
2014-07-16 14:57 - 2014-07-16 14:57 - 02128128 _____ (WiseCleaner.com ) C:\Users\Rachel\Downloads\WRCFree.exe
2014-07-16 14:16 - 2014-07-16 23:04 - 00000163 _____ () C:\Windows\Reimage.ini
2014-07-12 10:03 - 2014-01-23 11:21 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-07-12 10:03 - 2014-01-23 11:21 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-07-12 09:57 - 2014-07-12 09:57 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2014-07-12 09:56 - 2014-07-12 09:56 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-07-11 17:07 - 2014-07-11 17:07 - 00000000 ____D () C:\Users\Rachel\AppData\Local\AdTrustMedia
2014-07-11 11:05 - 2014-07-11 11:05 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-07-11 11:04 - 2014-07-11 11:05 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-07-11 11:03 - 2014-07-18 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-07-11 11:03 - 2014-07-12 09:57 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2014-07-11 11:03 - 2014-07-11 11:03 - 00000000 ____D () C:\Users\Rachel\AppData\Local\Comodo
2014-07-11 11:03 - 2014-07-11 11:03 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-07-11 11:03 - 2014-07-11 11:03 - 00000000 ____D () C:\Program Files\COMODO
2014-07-11 11:02 - 2014-07-12 09:57 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-07-11 11:02 - 2014-07-11 11:05 - 00000000 ____D () C:\ProgramData\Comodo
2014-07-11 11:02 - 2014-07-11 11:02 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-07-11 10:56 - 2014-07-11 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-07-11 10:56 - 2014-06-14 22:03 - 00260696 _____ () C:\Windows\system32\unrar64.dll
2014-07-11 10:39 - 2014-07-11 10:39 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-07-11 10:11 - 2014-07-11 10:12 - 00001188 _____ () C:\DelFix.txt
2014-07-09 22:45 - 2014-07-11 10:11 - 00000000 ____D () C:\Windows\ERUNT
2014-07-09 09:32 - 2014-06-30 10:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 09:32 - 2014-06-30 10:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 09:32 - 2014-06-18 10:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 09:32 - 2014-06-18 09:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 09:32 - 2014-06-18 09:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 09:32 - 2014-06-06 18:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 09:32 - 2014-06-06 17:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 09:32 - 2014-05-30 16:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 09:32 - 2014-05-30 16:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 09:32 - 2014-05-30 16:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 09:32 - 2014-05-30 16:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 09:32 - 2014-05-30 16:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 09:32 - 2014-05-30 16:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 09:32 - 2014-05-30 16:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 09:32 - 2014-05-30 15:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 09:32 - 2014-05-30 15:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 09:32 - 2014-05-30 15:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 09:32 - 2014-05-30 15:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 09:32 - 2014-05-30 15:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 09:32 - 2014-05-30 15:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 09:32 - 2014-05-30 15:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 09:32 - 2014-05-30 14:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 09:31 - 2014-06-21 04:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 09:31 - 2014-06-21 03:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 09:31 - 2014-06-19 09:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 09:31 - 2014-06-19 09:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 09:31 - 2014-06-19 09:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 09:31 - 2014-06-19 08:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 09:31 - 2014-06-19 08:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 09:31 - 2014-06-19 08:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 09:31 - 2014-06-19 08:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 09:31 - 2014-06-19 08:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 09:31 - 2014-06-19 08:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 09:31 - 2014-06-19 08:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 09:31 - 2014-06-19 08:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 09:31 - 2014-06-19 08:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 09:31 - 2014-06-19 08:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 09:31 - 2014-06-19 08:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 09:31 - 2014-06-19 08:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 09:31 - 2014-06-19 08:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 09:31 - 2014-06-19 08:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 09:31 - 2014-06-19 07:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 09:31 - 2014-06-19 07:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 09:31 - 2014-06-19 07:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 09:31 - 2014-06-19 07:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 09:31 - 2014-06-19 07:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 09:31 - 2014-06-19 07:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 09:31 - 2014-06-19 07:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 09:31 - 2014-06-19 07:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 09:31 - 2014-06-19 07:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 09:31 - 2014-06-19 07:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 09:31 - 2014-06-19 07:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 09:31 - 2014-06-19 07:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 09:31 - 2014-06-19 07:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 09:31 - 2014-06-19 07:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 09:31 - 2014-06-19 07:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 09:31 - 2014-06-19 07:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 09:31 - 2014-06-19 07:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 09:31 - 2014-06-19 07:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 09:31 - 2014-06-19 07:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 09:31 - 2014-06-19 07:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 09:31 - 2014-06-19 07:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 09:31 - 2014-06-19 07:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 09:31 - 2014-06-19 07:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 09:31 - 2014-06-19 06:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 09:31 - 2014-06-19 06:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 09:31 - 2014-06-19 06:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 09:31 - 2014-06-19 06:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 09:31 - 2014-06-19 06:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 09:31 - 2014-06-19 06:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 09:31 - 2014-06-19 06:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 09:31 - 2014-06-19 06:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 09:31 - 2014-06-19 06:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 09:31 - 2014-06-19 06:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 09:31 - 2014-06-19 06:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 09:31 - 2014-06-19 06:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 09:31 - 2014-06-19 06:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 09:31 - 2014-06-19 06:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 09:31 - 2014-06-05 22:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 09:31 - 2014-06-05 22:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 09:31 - 2014-06-05 22:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 09:21 - 2014-07-09 22:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-09 09:20 - 2014-07-09 09:20 - 00000000 ___DC () C:\Users\Rachel\AppData\Local\MigWiz
2014-07-08 22:48 - 2014-07-08 22:48 - 00000259 _____ () C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\淘宝.url
2014-07-08 22:48 - 2014-07-08 22:48 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\taobao
2014-07-08 21:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-07 15:27 - 2014-07-16 22:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 15:26 - 2014-07-16 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-07 15:26 - 2014-07-07 15:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-07 15:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-07 15:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-07 15:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-07 14:51 - 2014-07-07 14:51 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-07 14:51 - 2014-07-07 14:50 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-07 14:50 - 2014-07-07 14:50 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-07 14:50 - 2014-07-07 14:50 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-07 14:50 - 2014-07-07 14:50 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-07 14:50 - 2014-07-07 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-07 14:50 - 2014-07-07 14:50 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-07 14:24 - 2014-07-11 10:49 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\TaobaoProtect
 
==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-29 10:02 - 2014-07-29 09:42 - 00023447 _____ () C:\Users\Rachel\Desktop\FRST.txt
2014-07-29 10:02 - 2014-07-29 09:42 - 00000000 ____D () C:\FRST
2014-07-29 10:01 - 2009-07-14 12:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-29 10:01 - 2009-07-14 12:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-29 09:57 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\tracing
2014-07-29 09:53 - 2013-08-25 08:53 - 00000474 _____ () C:\Windows\Tasks\AliUpdater{CAE42443-AC1A-40AD-8031-EA7FBC3224E4}.job
2014-07-29 09:53 - 2013-08-10 19:15 - 00075791 _____ () C:\Windows\setupact.log
2014-07-29 09:53 - 2013-07-12 21:20 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-07-29 09:53 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-29 09:53 - 2009-07-14 12:45 - 02965296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-29 09:52 - 2009-07-14 13:10 - 01901569 _____ () C:\Windows\WindowsUpdate.log
2014-07-29 09:44 - 2014-07-29 09:43 - 00039067 _____ () C:\Users\Rachel\Desktop\Addition.txt
2014-07-29 09:41 - 2014-07-29 09:41 - 02093568 _____ (Farbar) C:\Users\Rachel\Desktop\FRST64.exe
2014-07-29 09:32 - 2014-07-16 17:08 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-29 09:31 - 2010-06-24 05:51 - 01342950 _____ () C:\Windows\PFRO.log
2014-07-28 19:49 - 2014-07-28 19:49 - 28015450 _____ () C:\Users\Rachel\Downloads\montage_final_1.wmv
2014-07-28 18:59 - 2014-07-28 18:59 - 00061777 _____ () C:\Users\Rachel\Downloads\montage_final_1.wlmp
2014-07-28 18:32 - 2012-10-11 18:40 - 00000450 ____H () C:\Windows\Tasks\Norton Security Scan for Rachel.job
2014-07-28 12:43 - 2014-06-12 17:06 - 00000000 ____D () C:\Program Files (x86)\HYZGOnline
2014-07-28 10:49 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-28 10:48 - 2014-07-28 10:45 - 00000000 ___SD () C:\commy
2014-07-28 10:42 - 2014-07-20 21:37 - 05563277 ____R (Swearware) C:\Users\Rachel\Desktop\commy.exe
2014-07-28 10:12 - 2014-07-28 10:12 - 05379160 _____ () C:\Users\Rachel\Desktop\winlogon.exe.exe
2014-07-28 10:12 - 2014-07-22 11:16 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-27 17:20 - 2014-06-08 23:12 - 00000000 ____D () C:\Users\Rachel\Desktop\dcim
2014-07-26 00:34 - 2014-07-26 00:34 - 00246784 _____ () C:\Users\Rachel\Desktop\260714.ppt
2014-07-24 21:28 - 2011-04-04 17:48 - 00000000 ____D () C:\Users\Rachel\Desktop\others
2014-07-23 23:13 - 2013-08-25 08:53 - 00003542 _____ () C:\Windows\System32\Tasks\AliUpdater{CAE42443-AC1A-40AD-8031-EA7FBC3224E4}
2014-07-23 13:35 - 2012-04-11 18:12 - 00000000 ___SD () C:\TDDOWNLOAD
2014-07-23 12:20 - 2014-05-19 17:34 - 00000000 ____D () C:\Users\Rachel\Desktop\game
2014-07-23 10:31 - 2013-09-05 20:26 - 00000000 ____D () C:\Users\Rachel\Desktop\SLP
2014-07-22 23:17 - 2010-06-21 15:00 - 00000954 _____ () C:\Users\Rachel\AppData\Roaming\coreavc.ini
2014-07-22 21:05 - 2010-07-01 14:42 - 00079576 _____ () C:\Users\Rachel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-22 12:04 - 2014-07-22 12:04 - 00003980 _____ () C:\Users\Rachel\Desktop\RKreport_SCN_07222014_120116.log
2014-07-22 11:16 - 2014-07-22 11:16 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-22 11:08 - 2014-07-22 09:56 - 00000000 ____D () C:\Users\Rachel\Desktop\RK_Quarantine
2014-07-21 18:10 - 2012-11-20 23:34 - 00000000 ____D () C:\Program Files (x86)\AliWangWang
2014-07-20 22:30 - 2014-07-20 22:30 - 00003458 _____ () C:\Users\Rachel\Downloads\1010.mid
2014-07-19 20:45 - 2012-02-15 19:28 - 00000000 ____D () C:\ProgramData\Avira
2014-07-19 08:52 - 2014-07-19 08:50 - 00000000 ____D () C:\Qoobox
2014-07-19 08:49 - 2014-07-19 08:49 - 00000000 ____D () C:\Windows\erdnt
2014-07-18 23:34 - 2014-07-17 10:09 - 00002015 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2014-07-18 23:34 - 2014-07-11 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-07-18 23:19 - 2014-07-18 23:19 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\MPC-HC
2014-07-18 23:18 - 2010-07-16 21:32 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-07-18 20:27 - 2014-07-18 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
2014-07-18 20:27 - 2014-04-10 13:43 - 00000000 ____D () C:\Program Files\Common Files\Thunder Network
2014-07-18 20:26 - 2014-07-18 20:26 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\Macromedia
2014-07-18 20:26 - 2012-04-11 18:10 - 00000000 ____D () C:\Users\Public\Thunder Network
2014-07-18 20:25 - 2014-04-10 13:41 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\msvcr90.dll
2014-07-18 20:25 - 2014-04-10 13:41 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp90.dll
2014-07-18 20:25 - 2014-04-10 13:41 - 00159032 _____ (Microsoft Corporation) C:\Windows\system32\atl90.dll
2014-07-18 20:25 - 2014-04-10 13:41 - 00001857 _____ () C:\Windows\system32\Microsoft.VC90.CRT.manifest
2014-07-18 20:25 - 2014-04-10 13:41 - 00000466 _____ () C:\Windows\system32\Microsoft.VC90.ATL.manifest
2014-07-18 20:25 - 2012-09-20 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\捃濘璃
2014-07-18 20:25 - 2012-04-11 18:10 - 00000000 ____D () C:\Program Files (x86)\Thunder Network
2014-07-18 19:57 - 2014-07-18 19:56 - 2607703360 _____ () C:\Users\Rachel\Downloads\TeniPuri Festa 2013 disc1.mp4
2014-07-18 19:53 - 2014-07-18 19:53 - 00000857 _____ () C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-07-16 23:04 - 2014-07-16 14:16 - 00000163 _____ () C:\Windows\Reimage.ini
2014-07-16 22:27 - 2014-07-07 15:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 22:21 - 2014-07-16 22:21 - 00688992 ____R (Swearware) C:\Users\Rachel\Downloads\dds.com
2014-07-16 17:19 - 2014-07-16 17:19 - 00000000 _____ () C:\Windows\system32\ExtraInfo.txt.tmp
2014-07-16 17:09 - 2014-07-16 17:09 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\AVAST Software
2014-07-16 17:08 - 2014-07-16 17:08 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-16 17:08 - 2014-07-16 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-16 17:08 - 2014-07-16 17:07 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-16 17:07 - 2014-07-16 17:07 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-16 17:07 - 2014-07-16 17:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-16 17:07 - 2014-07-16 17:07 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-16 17:06 - 2014-07-16 17:06 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-16 17:06 - 2014-07-16 17:04 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-16 17:03 - 2014-07-16 17:01 - 91906368 _____ (AVAST Software) C:\Users\Rachel\Downloads\avast_free_antivirus_setup.exe
2014-07-16 16:17 - 2014-07-16 16:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-16 16:17 - 2014-07-07 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-16 16:16 - 2014-07-16 16:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rachel\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-16 15:21 - 2014-07-16 15:20 - 06762112 _____ (ParetoLogic, Inc.) C:\Users\Rachel\Downloads\RegCureProSetup.exe
2014-07-16 15:09 - 2014-07-16 15:09 - 02060288 _____ () C:\Users\Guest\ntuser.rhk
2014-07-16 15:09 - 2014-07-16 15:09 - 01437696 _____ () C:\Users\Rachel2\ntuser.rhk
2014-07-16 15:09 - 2013-03-18 19:40 - 00000000 ____D () C:\Users\Rachel2
2014-07-16 15:09 - 2010-07-03 21:20 - 00000000 ____D () C:\Users\Guest
2014-07-16 14:57 - 2014-07-16 14:57 - 02128128 _____ (WiseCleaner.com ) C:\Users\Rachel\Downloads\WRCFree.exe
2014-07-16 14:11 - 2009-07-14 13:08 - 00032658 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-16 10:53 - 2010-07-01 14:41 - 00000000 ____D () C:\Users\Rachel
2014-07-16 10:47 - 2014-02-15 22:14 - 00000000 ____D () C:\Windows\SysWOW64\aliedit
2014-07-16 10:47 - 2014-02-15 22:14 - 00000000 ____D () C:\Program Files (x86)\alipay
2014-07-16 10:47 - 2012-06-07 14:52 - 00000000 ____D () C:\Program Files (x86)\YouKu
2014-07-16 10:47 - 2011-11-10 17:20 - 00000000 ____D () C:\Users\Rachel\AppData\Local\Akamai
2014-07-16 10:47 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\registration
2014-07-16 10:44 - 2014-02-07 21:11 - 00000000 ____D () C:\ProgramData\QvodPlayer
2014-07-15 16:16 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-07-14 13:24 - 2013-12-18 23:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-12 09:57 - 2014-07-12 09:57 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2014-07-12 09:57 - 2014-07-11 11:03 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2014-07-12 09:57 - 2014-07-11 11:02 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-07-12 09:56 - 2014-07-12 09:56 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-07-11 17:07 - 2014-07-11 17:07 - 00000000 ____D () C:\Users\Rachel\AppData\Local\AdTrustMedia
2014-07-11 11:13 - 2011-06-26 22:45 - 00001414 _____ () C:\Users\Rachel\Desktop\sai.lnk
2014-07-11 11:13 - 2010-09-25 17:46 - 00001991 _____ () C:\Users\Rachel\Desktop\Photoshop.lnk
2014-07-11 11:07 - 2014-02-23 15:16 - 00000000 ____D () C:\Users\Rachel\AppData\Local\alipay
2014-07-11 11:05 - 2014-07-11 11:05 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-07-11 11:05 - 2014-07-11 11:04 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-07-11 11:05 - 2014-07-11 11:02 - 00000000 ____D () C:\ProgramData\Comodo
2014-07-11 11:03 - 2014-07-11 11:03 - 00000000 ____D () C:\Users\Rachel\AppData\Local\Comodo
2014-07-11 11:03 - 2014-07-11 11:03 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-07-11 11:03 - 2014-07-11 11:03 - 00000000 ____D () C:\Program Files\COMODO
2014-07-11 11:02 - 2014-07-11 11:02 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-07-11 10:56 - 2014-07-11 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-07-11 10:56 - 2012-01-31 10:01 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-07-11 10:49 - 2014-07-07 14:24 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\TaobaoProtect
2014-07-11 10:39 - 2014-07-11 10:39 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-07-11 10:39 - 2013-08-07 22:26 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\Media Player Classic
2014-07-11 10:34 - 2010-06-23 14:58 - 00000000 ____D () C:\Program Files\Java
2014-07-11 10:12 - 2014-07-11 10:11 - 00001188 _____ () C:\DelFix.txt
2014-07-11 10:11 - 2014-07-09 22:45 - 00000000 ____D () C:\Windows\ERUNT
2014-07-10 11:56 - 2013-08-23 17:35 - 00000000 ____D () C:\Users\Rachel2\AppData\Local\KuaiZip
2014-07-10 11:33 - 2010-06-23 15:01 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-07-09 22:21 - 2014-07-09 09:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-09 21:41 - 2014-05-06 23:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 21:41 - 2009-07-14 15:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 21:41 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 21:41 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 11:52 - 2013-08-14 19:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 11:51 - 2010-07-17 19:59 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 09:20 - 2014-07-09 09:20 - 00000000 ___DC () C:\Users\Rachel\AppData\Local\MigWiz
2014-07-08 22:48 - 2014-07-08 22:48 - 00000259 _____ () C:\Users\Rachel\AppData\Roaming\Microsoft\Windows\Start Menu\淘宝.url
2014-07-08 22:48 - 2014-07-08 22:48 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\taobao
2014-07-07 17:15 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Vss
2014-07-07 17:14 - 2012-08-14 22:13 - 00000000 ____D () C:\ProgramData\GBox
2014-07-07 15:36 - 2010-07-01 14:47 - 00000000 ____D () C:\Users\Rachel\AppData\Roaming\Adobe
2014-07-07 15:26 - 2014-07-07 15:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-07 14:51 - 2014-07-07 14:51 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-07 14:50 - 2014-07-07 14:51 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-07 14:50 - 2014-07-07 14:50 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-07 14:50 - 2014-07-07 14:50 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-07 14:50 - 2014-07-07 14:50 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-07 14:50 - 2014-07-07 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-07 14:50 - 2014-07-07 14:50 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-07 13:46 - 2011-10-05 16:36 - 00000000 ___DC () C:\Users\Rachel\Desktop\church
2014-07-07 13:45 - 2014-05-19 18:21 - 00000000 ____D () C:\Users\Rachel\Desktop\WiiBackupManager_Build78
2014-06-30 10:09 - 2014-07-09 09:32 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 10:04 - 2014-07-09 09:32 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Rachel\AppData\Local\Temp\avgnt.exe
C:\Users\Rachel\AppData\Local\Temp\sqlite3.exe
C:\Users\Rachel\AppData\Local\Temp\_is2DD4.exe
C:\Users\Rachel2\AppData\Local\Temp\avgnt.exe
C:\Users\Rachel2\AppData\Local\Temp\dl_peer_id.dll
C:\Users\Rachel2\AppData\Local\Temp\Execute2App.exe
C:\Users\Rachel2\AppData\Local\Temp\msvcp90.dll
C:\Users\Rachel2\AppData\Local\Temp\msvcr90.dll
C:\Users\Rachel2\AppData\Local\Temp\QvodSetup5.19.185.20140122.exe
C:\Users\Rachel2\AppData\Local\Temp\SAV2RemoveAll.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 18:34

==================== End Of Log ============================
 
I don't know how to produce the log in full english. Do you want me to translate those chinese characters?

Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by Rachel at 2014-07-29 09:43:35
Running from C:\Users\Rachel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

115浏览器 (HKLM-x32\...\115网盘云备份) (Version: 4.1.0.15 - 广东一一五科技有限公司)
ACDSee (HKLM-x32\...\ACDSee) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Contribute CS4 (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Web Standard (HKLM-x32\...\Adobe_24dfccf0f9d8137b431e1fc8315e8cb) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Web Standard (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fireworks CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 Extension - Flash Lite STI others (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 STI-other (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 Importer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDistiller (x32 Version: 8.1 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Chinese Traditional (HKLM-x32\...\{AC76BA86-7AD7-1028-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS4 Server (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Audacity 1.3.12 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.32355 - BitTorrent Inc.)
BLACK WOLVES SAGA -Bloody Nightmare- (HKLM-x32\...\{1EEDC76E-B1F4-46BC-A538-EE8666900EC7}) (Version: 1.0.0 - Rejet)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ComicStudio EX Demo 4.0TC (HKLM-x32\...\{64765714-831E-4D7F-AD52-69530A67723B}) (Version: 4.0.0 - GrandTech)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
COMODO Firewall (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Corel VideoStudio Pro Title Pack (x32 Version: 1.00.0000 - 您的公司名稱) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.2.0287 - DT Soft Ltd)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.92 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Finale NotePad 2008 (HKLM-x32\...\Finale NotePad 2008) (Version: 13.0.0.0 - MakeMusic)
Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.0.1029 - DVDVideoSoft Ltd.)
GeekBuddy (HKLM\...\{604CA0A1-B2A1-4468-85FF-1DD97E936296}) (Version: 4.13.113 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.135 - Google Inc.) Hidden
HetaOni ENGLISH Version 15.0 (HKCU\...\HetaOni ENGLISH Version 15.0) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
K-Lite Codec Pack 10.6.2 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.2 - )
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mega Manager (x32 Version: 3.5.1.0 - Megaupload Limited) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2000 Professional (HKLM-x32\...\{00010C04-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3108 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50325 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50330 - Microsoft Corporation) Hidden
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
openCanvas4.5.09e Plus (HKLM-x32\...\{A2E23800-051D-4F35-8169-85F5739A04C5}) (Version: 4.50.9000 - System Product Corp.)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
RaySource 2.2.0.1 (HKLM-x32\...\RaySource) (Version: 2.2.0.1 - RaySource Group)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12054_20 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.2.12054_20 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Ulead PhotoImpact 11 (HKLM-x32\...\{C8550C86-A712-4219-AD4C-038C9FD1D149}) (Version: 11.0 - Ulead System)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 執行階段 3.0 (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
VOCALOID2 Expression DB (Standard) (HKLM-x32\...\{B6588186-9657-486C-AEB1-F57D8E160F19}) (Version: 0.0.0.1 - Yamaha Corporation)
VOCALOID2 Voice DB (Miku) (HKLM-x32\...\{B4342A07-E2C7-4A8B-9145-CBDEE750BCE3}) (Version: 0.0.0.1 - Crypton Future Media Inc)
Watson (HKLM-x32\...\{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}) (Version: 1.0.0 - Windows Live Safety Center)
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live OneCare safety scanner (x32 Version: 1.0.0.0 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
クローバーの国のアリス (HKLM-x32\...\{98BA275A-3628-4BEF-9871-EF2793FEA403}) (Version: 1.00.0000 - QuinRose)
迅雷看看-高清影视 (HKLM-x32\...\迅雷看看-高清影视) (Version: 2.1.0.116 - 迅雷网络技术有限公司)
迅雷看看高清播放组件 (HKLM-x32\...\迅雷看看高清播放组件) (Version: - 迅雷网络技术有限公司)
迅雷看看播放器 (HKLM-x32\...\迅雷看看播放器) (Version: 4.9.15.2178 - 迅雷网络技术有限公司)
阿里旺旺2013Beta2 (HKLM-x32\...\阿里旺旺2013Beta2) (Version: - 阿里巴巴(中国)有限公司)
捃濘7 (HKLM-x32\...\thunder_is1) (Version: 7.9.24.4804 - 捃濘厙釐撮扲衄癹鼠侗)
假面后的真实中文版 (HKLM-x32\...\假面后的真实中文版_is1) (Version: - )
雅恋~MIYAKO~月詠の夢 (HKLM-x32\...\MIYAKO_TSUKIYOMI) (Version: - Sanctuary)
新幻月之歌 Online (HKLM-x32\...\{8100000B-D009-47F3-90E7-522930693CFD}_is1) (Version: 20140225 - Funmily)
歡樂派登入器 版本 1.0 (HKLM-x32\...\{6C730F31-0A8D-44E5-9508-8F2C096890E3}_is1) (Version: 1.0 - RunUp Game)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-643212585-2591526618-1564776100-1001_Classes\CLSID\{324D60B7-A0E4-45A7-9EA8-A00C315C0688}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-643212585-2591526618-1564776100-1001_Classes\CLSID\{679F137C-3162-45da-BE3C-2F9C3D093F64}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)

==================== Restore Points =========================

26-07-2014 00:40:00 Windows Update
28-07-2014 02:45:37 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:34 - 2014-07-28 10:41 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14D86246-A05D-46CD-BF36-81DC245D430E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-643212585-2591526618-1564776100-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {205C62DB-C5F3-4850-9DCE-E2F00B9DFF38} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-16] (AVAST Software)
Task: {2B225640-7181-4CE7-8CF3-6F0D2DC4825F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-643212585-2591526618-1564776100-1006 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {38AFA0C8-F81E-44AD-A066-89978FB0EE18} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-643212585-2591526618-1564776100-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3D956F17-00AB-47FC-9783-602816A0C650} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cfpconfg.exe [2014-04-16] (COMODO)
Task: {4CFA67EF-DEB8-4D49-A981-8E3FD77933D1} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-643212585-2591526618-1564776100-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {4FBBE010-B6B3-464D-A114-F388E66D6B9A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-643212585-2591526618-1564776100-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {574244A6-8B3B-411F-844F-A79886F3C217} - System32\Tasks\Games\UpdateCheck_S-1-5-21-643212585-2591526618-1564776100-1001
Task: {70AE55D0-4CEA-49F9-A495-1BCC92C48110} - System32\Tasks\AliUpdater{CAE42443-AC1A-40AD-8031-EA7FBC3224E4} => C:\Program Files (x86)\AliWangWang\AliTask.exe [2014-03-13] ()
Task: {7AAD0FE2-5C17-495A-9F7E-3A0545E69228} - \{F393E08C-50E0-4B83-A4F6-31A3C7C41196} No Task File <==== ATTENTION
Task: {807F34DE-3FFA-49D8-B924-9BF496270988} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {9F2F0378-0408-4B5E-BEA8-5E3B72103447} - System32\Tasks\Norton Security Scan for Rachel => C:\PROGRA~2\NORTON~2\Engine\372~1.5\Nss.exe
Task: {BE0C767F-D42F-4D70-9C05-A285AA63B350} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-643212585-2591526618-1564776100-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {E3E18EA2-16DF-4BBB-80E9-3704D841DA71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19] (Google Inc.)
Task: {E6136CFF-532B-473A-9E92-F01D28E49D00} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cfpconfg.exe [2014-04-16] (COMODO)
Task: {F5C4DBA8-03EC-45DE-90A3-2CC3AB11FBEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19] (Google Inc.)
Task: C:\Windows\Tasks\AliUpdater{CAE42443-AC1A-40AD-8031-EA7FBC3224E4}.job => C:\Program Files (x86)\AliWangWang\AliTask.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Rachel.job => C:\PROGRA~2\NORTON~2\Engine\372~1.5\Nss.exe

==================== Loaded Modules (whitelisted) =============

2014-05-21 18:22 - 2014-05-21 18:22 - 02135232 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
2010-06-23 15:02 - 2010-02-11 11:56 - 00415040 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2014-07-18 11:46 - 2014-07-18 11:46 - 01283792 _____ () C:\Program Files\COMODO\GeekBuddy\QtNetwork4.dll
2014-07-18 11:46 - 2014-07-18 11:46 - 02875600 _____ () C:\Program Files\COMODO\GeekBuddy\QtCore4.dll
2014-07-18 11:46 - 2014-07-18 11:46 - 10451664 _____ () C:\Program Files\COMODO\GeekBuddy\QtGui4.dll
2014-07-18 11:46 - 2014-07-18 11:46 - 00039120 _____ () C:\Program Files\COMODO\GeekBuddy\imageformats\qgif4.dll
2014-07-18 11:46 - 2014-07-18 11:46 - 01529040 _____ () C:\Program Files\COMODO\GeekBuddy\QtScript4.dll
2014-07-16 17:07 - 2014-07-16 17:07 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-29 09:34 - 2014-07-29 09:34 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14072802\algo.dll
2010-06-23 15:01 - 2010-02-17 16:36 - 00116032 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-06-23 15:01 - 2010-02-11 11:53 - 00128320 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2012-04-11 18:10 - 2014-07-18 20:25 - 00021504 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\minizip.dll
2014-04-10 13:41 - 2014-07-18 20:25 - 00684032 _____ () c:\program files (x86)\common files\thunder network\serviceplatform\libexpat.dll
2010-06-23 15:01 - 2010-02-11 11:52 - 01123648 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-06-23 15:01 - 2010-02-11 11:53 - 00079168 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-06-23 15:01 - 2010-02-11 11:53 - 00234816 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-06-23 15:01 - 2010-02-11 11:53 - 00075072 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-06-23 15:01 - 2010-02-11 11:53 - 00111936 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-06-23 15:01 - 2010-02-11 11:53 - 00121152 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2014-07-18 20:26 - 2014-07-18 20:25 - 00684032 _____ () C:\Users\Public\Thunder Network\KKVideo\Core\Program\libexpat.dll
2014-07-16 17:07 - 2014-07-16 17:07 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-10 10:41 - 2014-06-05 21:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-07-10 10:41 - 2014-06-05 21:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-07-10 10:41 - 2014-06-05 21:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-07-10 10:41 - 2014-06-05 21:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-07-10 10:41 - 2014-06-05 21:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-11 09:43 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Rachel\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:15B79D44

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: gupdate => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/28/2014 07:01:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1" 的啟用內容產生失敗。資訊清單或原則檔 "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" 的第 WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3 行發生錯誤。
資訊清單中找到的元件識別與要求元件的識別不符。
參照是 WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"。
定義是 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"。
請使用 sxstrace.exe 進行詳細的診斷。

Error: (07/28/2014 07:00:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1" 的啟用內容產生失敗。資訊清單或原則檔 "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" 的第 WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3 行發生錯誤。
資訊清單中找到的元件識別與要求元件的識別不符。
參照是 WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"。
定義是 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"。
請使用 sxstrace.exe 進行詳細的診斷。

Error: (07/28/2014 06:59:48 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1" 的啟用內容產生失敗。資訊清單或原則檔 "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" 的第 WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3 行發生錯誤。
資訊清單中找到的元件識別與要求元件的識別不符。
參照是 WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"。
定義是 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"。
請使用 sxstrace.exe 進行詳細的診斷。

Error: (07/28/2014 06:59:31 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1" 的啟用內容產生失敗。資訊清單或原則檔 "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" 的第 WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3 行發生錯誤。
資訊清單中找到的元件識別與要求元件的識別不符。
參照是 WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"。
定義是 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"。
請使用 sxstrace.exe 進行詳細的診斷。

Error: (07/28/2014 06:59:31 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1" 的啟用內容產生失敗。資訊清單或原則檔 "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" 的第 WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3 行發生錯誤。
資訊清單中找到的元件識別與要求元件的識別不符。
參照是 WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"。
定義是 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"。
請使用 sxstrace.exe 進行詳細的診斷。

Error: (07/28/2014 06:59:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1" 的啟用內容產生失敗。資訊清單或原則檔 "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" 的第 WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3 行發生錯誤。
資訊清單中找到的元件識別與要求元件的識別不符。
參照是 WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"。
定義是 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"。
請使用 sxstrace.exe 進行詳細的診斷。

Error: (07/21/2014 00:05:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: 程式 WINWORD.EXE 版本 9.0.0.2823 已停止與 Windows 互動,而且已關閉。若要查看是否有此問題的詳細資訊,請檢查位於 [行動作業中心] 控制台中的問題歷程記錄。

處理程序識別碼: 16d0

開始時間: 01cfa494e9bb6a51

終止時間: 26

應用程式路徑: C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE

報告識別碼: 40a59f71-108c-11e4-83f5-002564890eb1

Error: (07/21/2014 00:10:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 失敗的應用程式名稱: WINWORD.EXE,版本: 9.0.0.2823,時間戳記: 0x3720dbd6
失敗的模組名稱: WINWORD.EXE,版本: 9.0.0.2823,時間戳記: 0x3720dbd6
例外狀況碼: 0xc0000005
錯誤位移: 0x002d9105
失敗的處理程序識別碼: 0xa30
失敗的應用程式開始時間: 0xWINWORD.EXE0
失敗的應用程式路徑: WINWORD.EXE1
失敗的模組路徑: WINWORD.EXE2
報告識別碼: WINWORD.EXE3

Error: (07/20/2014 11:04:49 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 6576. Message ID: [0x2509].

Error: (07/20/2014 11:03:16 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5092. Message ID: [0x2509].


System errors:
=============
Error: (07/29/2014 09:32:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: 下列開機啟動或系統啟動驅動程式無法載入:
sptd

Error: (07/29/2014 09:31:21 AM) (Source: sptd) (EventID: 4) (User: )
Description: 驅動程式在 的資料結構中偵測內部錯誤。

Error: (07/28/2014 10:44:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: XLServicePlatform 服務意外終止,服務曾完成這項動作 1 次。以下的修正操作將在 60000 毫秒內執行: 重新啟動服務。

Error: (07/28/2014 10:44:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: SDDUpdate 服務意外地終止。已經發生 1 次。

Error: (07/28/2014 10:07:06 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: 意外失敗。錯誤碼: D@01010004

Error: (07/28/2014 10:07:06 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: 意外失敗。錯誤碼: D@01010004

Error: (07/28/2014 10:07:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: 下列開機啟動或系統啟動驅動程式無法載入:
sptd

Error: (07/28/2014 10:05:37 AM) (Source: sptd) (EventID: 4) (User: )
Description: 驅動程式在 的資料結構中偵測內部錯誤。

Error: (07/27/2014 10:17:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: 下列開機啟動或系統啟動驅動程式無法載入:
sptd

Error: (07/27/2014 10:16:31 PM) (Source: sptd) (EventID: 4) (User: )
Description: 驅動程式在 的資料結構中偵測內部錯誤。


Microsoft Office Sessions:
=========================
Error: (07/28/2014 07:01:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (07/28/2014 07:00:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (07/28/2014 06:59:48 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (07/28/2014 06:59:31 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (07/28/2014 06:59:31 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (07/28/2014 06:59:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (07/21/2014 00:05:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE9.0.0.282316d001cfa494e9bb6a5126C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE40a59f71-108c-11e4-83f5-002564890eb1

Error: (07/21/2014 00:10:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE9.0.0.28233720dbd6WINWORD.EXE9.0.0.28233720dbd6c0000005002d9105a3001cfa42ad3cd1c79C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXEC:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE556da594-1028-11e4-85b7-002564890eb1

Error: (07/20/2014 11:04:49 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 6576. Message ID: [0x2509].

Error: (07/20/2014 11:03:16 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 5092. Message ID: [0x2509].


CodeIntegrity Errors:
===================================
Date: 2013-02-14 22:28:22.520
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-14 22:28:22.476
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-14 22:28:20.412
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-14 22:28:20.367
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-14 22:28:18.264
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-14 22:28:18.222
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-14 22:28:16.099
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-14 22:28:16.059
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-14 22:28:13.941
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-02-14 22:28:13.899
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 4060.98 MB
Available physical RAM: 1854.41 MB
Total Pagefile: 8120.15 MB
Available Pagefile: 5651.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:289.82 GB) (Free:40.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 30000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
I don't see much there.

After running fix listed below update me on current issues.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.3 KB · Views: 4
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-07-2014
Ran by Rachel at 2014-07-29 22:00:06 Run:1
Running from C:\Users\Rachel\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-643212585-2591526618-1564776100-1001\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO-x32: No Name -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> No File
BHO-x32: WebDetectorBHO Class -> {43BEAFD9-E005-483D-A367-146BA6C8A32E} -> C:\Program Files (x86)\Tudou\??Tudou\tudouDetector.dll No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
S3 cpuz134; \??\C:\Users\Rachel\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
C:\Users\Rachel\AppData\Local\Temp\avgnt.exe
C:\Users\Rachel\AppData\Local\Temp\sqlite3.exe
C:\Users\Rachel\AppData\Local\Temp\_is2DD4.exe
C:\Users\Rachel2\AppData\Local\Temp\avgnt.exe
C:\Users\Rachel2\AppData\Local\Temp\dl_peer_id.dll
C:\Users\Rachel2\AppData\Local\Temp\Execute2App.exe
C:\Users\Rachel2\AppData\Local\Temp\msvcp90.dll
C:\Users\Rachel2\AppData\Local\Temp\msvcr90.dll
C:\Users\Rachel2\AppData\Local\Temp\QvodSetup5.19.185.20140122.exe
C:\Users\Rachel2\AppData\Local\Temp\SAV2RemoveAll.exe
Task: {7AAD0FE2-5C17-495A-9F7E-3A0545E69228} - \{F393E08C-50E0-4B83-A4F6-31A3C7C41196} No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:15B79D44

*****************

C:\Windows\system32\GroupPolicyUsers\S-1-5-21-643212585-2591526618-1564776100-1001\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{074C1DC5-9320-4A9A-947D-C042949C6216}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43BEAFD9-E005-483D-A367-146BA6C8A32E}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{43BEAFD9-E005-483D-A367-146BA6C8A32E}" => Key deleted successfully.
"HKCR\PROTOCOLS\Handler\ipp\0x00000001" => Key deleted successfully.
"HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}" => Key not found.
cpuz134 => Service deleted successfully.
wacomvhid => Service deleted successfully.
C:\Users\Rachel\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\sqlite3.exe => Moved successfully.
C:\Users\Rachel\AppData\Local\Temp\_is2DD4.exe => Moved successfully.
C:\Users\Rachel2\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\Rachel2\AppData\Local\Temp\dl_peer_id.dll => Moved successfully.
C:\Users\Rachel2\AppData\Local\Temp\Execute2App.exe => Moved successfully.
C:\Users\Rachel2\AppData\Local\Temp\msvcp90.dll => Moved successfully.
C:\Users\Rachel2\AppData\Local\Temp\msvcr90.dll => Moved successfully.
C:\Users\Rachel2\AppData\Local\Temp\QvodSetup5.19.185.20140122.exe => Moved successfully.
C:\Users\Rachel2\AppData\Local\Temp\SAV2RemoveAll.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AAD0FE2-5C17-495A-9F7E-3A0545E69228}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AAD0FE2-5C17-495A-9F7E-3A0545E69228}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F393E08C-50E0-4B83-A4F6-31A3C7C41196}" => Key deleted successfully.
C:\ProgramData\TEMP => ":15B79D44" ADS removed successfully.


The system needed a reboot.

==== End of Fixlog ====
 
The virus alert for flash player update no longer pops up.
However, when I try to key in '@' today, the button gives me " instead,
when I press shift+' it gives '@', is this related to any kind of virus? Or is it just my keyboard?
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back